[Update::02 February 2013] This document is getting old... is something I wrote on 09 August 2003. It's almost a decade later and this document is still getting old.
[Update::15 August 2007] This document was updated for the Fall 2007 semester. Although two years have passed since its last update, the only changes required were the deletion of a couple of rotted hyperlinks.
[Update::18 September 2005] This document was updated for the Fall 2005 semester. Although biometric usage is on the increase, passwords are still the primary tool computer users use to access their computer accounts.
[Update::09 August 2003] This document is getting old, but websites and most Unix systems still use passwords to secure user accounts.
Good passwords are difficult to guess (crack).
Good passwords conform to the following guidelines.
- use both upper-case and lower-case letters
- use digits and punctuation characters as well as letters
- use between six to eight characters
- select a password that can be typed quickly to prevent others from seeing it
- pick a password that is easy to remember
- do not write passwords on paper
Avoid the following when choosing a password.
- names of people/animals you know (your name, your spouse's name, your pet's name, your boss's name, the name of other users of your computer, etc.)
- the name of the machine or operating system you are using
- important numbers (social security, phone, license plate, birth dates, anniversary dates, etc.)
- any information easily obtained about you
- a word in the English dictionary or in a foreign dictionary
- place names or proper nouns
- passwords of all the same letter
- any of the above spelled backward
- all of the above prefixed and/or suffixed with a single digit
Biometrics is the use of human body characteristics to authenticate human-beings. Biometrics take on many forms: fingerprints, eye retinas and irises, voice patterns, facial patterns, hand measurements, walking gait and so on. One of the oldest biometric is fingerprints; while passwords can be stolen, fingerprints cannot.
- Wired.com:: Let Your Fingers Do The Login [1998.07.08]
- Economist.com:: Prepare To Be Scanned [2003.12.04; subscription required]
- HighTech-Store.com:: finger-print reader picture
- Biometrics.org:: Biometric Consortium
- SecurityFocus.com:: Gait Identification
- Ibiblio.org:: Nose Hair Identification [humor]
The following was obtained from Bruce Schneier's book Secrets and Lies -- Digital Security in a Networked World.
L0phtcrackis a password cracker that is optimized for Windows NT passwords. On a 450-MHz Quad Pentium II, L0phtcrack can try every alphanumeric password in 5.5 hours, every alphanumeric password with some common symbols in 45 hours, and every possible keyboard password in 480 hours.
Update: 30 December 2001
The following was obtained from EDUCause which in turn got it from the New York Times.Users often attach a personal or sentimental context to their passwords that can be uncovered by sophisticated password-cracking dictionary programs. A survey of 1,200 CentralNic employees showed that 50 percent used passwords with a family connection, while one-third used passwords based on celebrities, fictional characters, or sports teams. About 10 percent of respondents used self-laudatory, "fantasist" passwords. Chris Wysopal, director of research and development for @stake, commented that password attacks are the most common form of assault by inside hackers. The most secure kinds of passwords include random or partly random series of numbers, symbols, and letters, but fewer than one-tenth of all users choose such sequences. Users may also be bewildered by numerous regulations, such as frequent password changes, so they use passwords that are easy to remember and often write them down for quick reference. Most people use the same passwords for multiple functions.