Skip to main content

Strategies for better password management : Key to your online security


KWAMI AHIABENU  11 JULY 2016

Passwords are the key to your online life. They are the most popular mechanism to enable authorised access to various online resources for users.

At the basic level, this type of security is made up of two parameters; a user name and password. The user name is usually static while best security practices demand that passwords are changed periodically. 

The genesis of passwords dates back to ancient times when watchmen would require those wanting to enter an area to supply a password or catchphrase. Only persons with the correct password gained access. 

Fast forwarding to our modern days, user names and passwords (a word or a string of characters) are now required to get access to protected computer operating systems, networks, database, Internet access via Wifi, online resources, mobile phones, automated teller machines (ATMs) and cars, among others. 

Fundamentally, passwords are used to identify and distinguish between users, determine the level of authorisation or the user capabilities on digital resources. For instance, a health care worker can have a password that gives authorisation to access some patient information, a senior medical officer may have access to all patient information in their department while the hospital administrator may have access to all patient records across the entire hospital. 

This way, each user is given access to certain resources based on their level of authorisation.

Best practices in password management

Thousands of passwords are stolen each day, leading to serious problems for users, including loss of funds and inability to undertake work and destruction of sensitive data. 

A common method of stealing passwords, also called password cracking, is guessing or recovering a password from stored sites or from data transmission systems using a trial and error method (brute force) which uses application programmes to decipher encrypted data or dictionary attacks where all words in one or more dictionaries are tested for fit.

In order to protect yourself from these security risks, you must aim at creating a strong password, which is difficult to detect by both humans and computer systems, thereby preventing unauthorised access to your accounts. 

A key recommendation for achieving a strong password includes using 14 characters or longer (at a minimum eight characters - the more characters, the stronger the password); using two or more unrelated words and combining uppercase and lowercase letters. 

Since passwords are typically case sensitive, numbers and symbols (@, #, $, %, etc.) are also recommended. Using a software, which can generate obscure passwords, is the best way to go.  It is important to avoid using a single password on multiple accounts or multiple devises since this practice will make one more vulnerable. 

To stay safe, use strong passwords which cannot be guessed easily. Never write down your password but try to memorise it. 

Passwords which include your date of birth, wedding date, telephone number, pet's name, child's name, part of your name and words found in dictionary and your organisation name are all easily guessed. 

There are a number of password manager software on the market which enable you to store passwords relatively safely using an encrypted system which can be accessed using one master password.

Password policy 

Most organisations or service providers may provide their users with a password policy that sets a parameter for composition and general management of passwords, including prohibited elements (e.g. date of birth, own name, parents names, telephone number), minimum length, required categories (e.g. upper and lower case, numbers, and special characters) and frequency of changing them. Also the organisation may allocate different passwords to each system user instead of one password shared by multiple users of the system. 

Does changing your password frequently lead to better security?

Whether changing passwords frequently improves security is a moot point among experts. The main advantage of changing your password is that if an unauthorised person gained access to the old one, it will be useless, since there is a new one in place. 

According to Microsoft (https://docs.google.com/viewer?url=http://research.microsoft.              com/en-us/um/people/cormac/papers/2009/SoLongAndNoThanks.pdf) mandatory password changes cost billions in lost of productivity. 

A further argument is that in some cases, frequent password changing requirements lead to risks since some users create variations of the same simple passwords or write them down. In some circumstances changing passwords frequently is a must but for most typical users, this requirement is not necessary. 

Conclusion 

What happens to your password when you die?  Many more people are now leaving passwords in their will so that this important information is passed on when they die so that persons responsible for their estate can have access to their digital resources. 

In recent times, there is a school of thought which claims " passwords are dead" because of the availability of alternatives such as the two-factor authentication, biometric verification, one-time sign on, personal USB keys and virtual 'tokens' etc.  

Although these efforts are chalking up varying degrees of success, passwords remain the most dominant form of authentication. Therefore, it is imperative to guard your password with your life. 

 

The writer is the Executive Director of Penplusbytes.org - you can reach him on WhatsApp: 0241995737

Comments

Popular posts from this blog

Vincent Chukwuemeka Ike's The Potter's Wheel

Currently reading Chukwuemeka Ike's The Potter's Wheel very interesting paper pack written by a prolific Nigeria writer the story set during the second World War and the only means of modern entertainment was the The Mobile Cinema Van. the book is very rich is proverbs and a lot of wise words The main character is Obuechina Maduabuchi ( mouthful) who happened to be the only boy born to his parents Mama Obu( short form of Obuechina) and Papa Lazarus Maduabuchi among six older sisters. Due to the "value" placed on the male child, he become a totaly spoilt brat, though academically brilliam Obu was growing into a hopelessly spoilt child to reverse this trend, Papa Lazarus decided to send him away as a servant to a schoolmasster with a dragon of a wife Of course, Obu goes and comes back very different published by University Press PLC Ibadan Nigeria 1993 email address is unipress AT skannet.com.gh though first published by Harvill Press 1973 ISBN 9780302832 WORDS FROM TH

How Generative AI Can Improve Aid Outcomes

Our first in-person Technology Salon DC in three years convened on January 25, 2023, to pose the question:  Can Generative Artificial Intelligence Technology Improve Aid Outcomes?  Thought leaders and decision makers across the international development space shared their optimism, skepticism, and uncertainty regarding generative AI and its consequences as we move closer to the  uncanny valley . The moderated and free-flowing discussion was informed by four experts in artificial intelligence uses for humanitarian aid: Craig Jolley , Data Scientist, USAID Kwami Ahiabenu II , Co-founder, Penplusbytes Prasanna Lal Das , Digital Policy Consultant, DIAL ChatGPT , Generative AI Chatbot, OpenAI What is Generative AI and Why Does It Matter? Generative artificial intelligence  uses AI and machine learning algorithms in order to generate new content such as text, images, audio, video, simulations, and code. ChatGPT—short for Generative Pre-trained Transformer—is one of the most well-known exampl

Unpacking Central Bank Digital Currency (CBDC) Implementation Challenges and Risks

Kwami Ahiabenu, Global Centre for FinTech Innovations, Canada abstract  This chapter outlines the risks and challenges involved in implementing central bank digital currency (CBDC). Interest in CBDC is currently growing, with a number of central banks paying it serious consideration, and a number of countries are implementing or piloting CBDC. Although CBDC holds a great deal of promise, its implementation is not without difficulty. This chapter highlights the major implementation issues, such as CBDC contributing to financial exclusion, technology risks, CBDC’s inability to work in an offline environment, lack of privacy, and confidential consideration, since anonymity is difficult to achieve. The chapter concludes by highlighting the need to deploy CBDC with greater attention paid to societal, economic, and political factors instead of a purely technocratic approach. Read more at  https://www.igi-global.com/gateway/chapter/full-text-html/319798 To cite :  MLA Ahiabenu, Kwami. "U