Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Longer And More Complex Passwords Are Not The Answer To Access Security

Gridsure : 16 August, 2010  (Technical Article)
Stephen Howes of GrIDsure comments on the recent call for longer and more complex passwords by the Georgia Tech Research Institute, saying that such solutions introduce more complexity for the user who will easily forget such passwords
"A report from the Georgia Tech Research Institute correctly confirms that passwords are past their sell-by-date. However, I find it bewildering that the Institute is recommending passwords should become longer and more complicated. This goes against every other trend that I have come across in my business and personal life towards making things more convenient and less complicated. Who is seriously going to remember the recommended 12 character strong password consisting of letters, numbers and symbols? It's a recipe for frustration and you can guarantee that users will either forget these passwords or, more likely, just write them down.

Ultimately, no matter how long and complex you make a password, it can still easily be hacked or stolen by means such as shoulder-surfing or malware (key-logging, screen scraping and so on). I therefore believe that static passwords have no place in today's connected world and consumers should be offered more effective alternatives that offer better security without making their lives more complex or inconvenient.

Any method for logging on to a computer, a web site or an online service (e.g. online banking) should be based on a one-time passcode (OTP) system. These systems are extremely user-friendly, they are cost-effective for companies to implement, they offer much greater levels of security than passwords and do not force users to remember long and cumbersome set of characters."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo