The OpSec Blog

Security and privacy information and advice at home and abroad.

5 Reasons Passwords Are Indispensable

leave a comment »

Recently I gave 5 Reasons Why Passwords Don’t Work as a good security method.  As promised, here are 5 Reasons Passwords Are Indispensable in modern security systems.

1. Passwords are an authentication method users are comfortable with. The process of selecting and entering a password is a much less invasive authentication method than something like an iris scan.  If a user is comfortable with the operation of a system, they are much more likely to use it properly and effectively.

2. Good passwords are hard to crack. Yes, I know that’s somewhat circular, but the basic point is that if passwords are of sufficient complexity, a more technical (and usually much more difficult) method of attack is required.  The casual hacker using a brute-force dictionary password cracking tool will be stopped with a simple, memorable passphrase like “I am 44 years old.” (Notice how this contains special characters- a space and a period- numbers, upper and lower case letters, and contains 18 characters… long enough to meet most requirements).

3. Passwords are cheap (free, usually).  Other than the occasional keypad they don’t require specialized equipment- no RFID tags or sensors, fingerprint readers, retina scanners, or guards stationed in your work area to check your ID card.   You can also generate a lot of passwords in a very short time for little additional cost (although as mentioned before, this can be an issue if you require so many passwords that users start to forget them).

4. Passwords are adaptable.  From mobile phones to mainframes to ATMs, passwords can be implemented on all shapes and sizes of devices.

5. Password security is easily enforceable.  All it takes to forbid the use of “password1” as a password is a simple blacklist.  Rules dictating password complexity, length*, special characters, case, and frequency of change are all standard best practices for password security.

The advantages and disadvantages of passwords have been debated ever since they gained primacy as a way of authentication.  Recently it has become affordable and easier to provide alternative means of authentication in addition to a password, but it has yet to really take off in the consumer market.  In a future post I’ll explain multi-factor authentication, how it’s implemented, and some reasons why that’s not always ideal either.

*Minimum password length can create funny and awkward situations.  In college I heard (numerous times) a joke in which one of my nerdy, anti-social colleagues would attempt to set his password to “penis.”  The authentication server would inevitably inform him that his password was too short.


Written by OSB

19/02/2011 at 22:42

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: