Password Hell

By Chong Jinn Wei - on 11 Nov 2011, 10:02am


Security is an ever-important aspect of our lives, especially in the world of IT today. Companies have throngs of trade secrets that they need to secure and even the average man on the street has dozens of information that he does not want other people to see. Chief among the security measures that are used today are the humble passwords. In the past, they used to be simple but fast forward to the present, many people use varying levels of passwords, from jumbled numbers to combinations of letters and symbols, thanks to the ever-increasing sophistication of hackers. In addition to hackers, there are many other scam sites around the Internet in the form of fake advertisements, spam emails and even the dreaded phishing attacks. Since the web is far from safe, are passwords really enough to keep our private information secure?

As of October 2005, employees of the UK government were advised to follow a set of rules in the password policy to enhance computer security. These policies include using a combination of upper and lowercase letters, one or more numerical digits, and utilizing special symbols. To top it off, users are also required to change their passwords every 90 or 180 days.

While this is most definitely a good practice in securing one’s password, it can also often backfire since it is often hard to come up with many complex but easy-to-remember passwords. As a result, Adam Roderick, Director of IT Services at Aspenware explained that forgotten passwords and locked accounts make up a third or a quarter of requests at help-desks. To cope with the constant changing of passwords, many users jot down the passwords on reminders and even in spreadsheets, all of which are liable to security breaches.

John Biglin, CEO of IT consulting firm Interphase Systems, gave an example of a client’s password problem.

“We have a client where the users need regular access to five or six systems that require passwords. The firm has an aggressive policy that includes a complex password requirement—the password must include mixed case, numbers, and special characters; the passwords cannot be reused for 12 [changes]; the passwords must be changed every 60 days, and 30 in some cases; and three failed attempts lock the account, with no self-service reset capability.”

Moving away from the corporate scene, normal citizens are not required to follow the stringent password policy. Instead, they are free to do whatever they want. Many would often create a simple or complex password and use it for practically every password they need. This allows people to easily remember their accounts' password but also makes it more susceptible for hackers to break their security.

Passwords are the barest defense that people must have, to protect themselves from malicious attacks. As not everyone is computer literate, it is the only defense we can rely on. So how do we create good strong passwords that can effectively protect our information?

I'll leave the comic below for an idea.

Till next time.

Chong Jinn Wei

Chong Jinn Wei / Freelance Writer

A person who is torn between the digital realm and the material realm. Loves videogames, manga and especially Gundams though I am currently trying stay a float in the vast ocean that is the Internet.