Advice on personal identifications and passwords

Time to read
1 minute
Read so far

Advice on personal identifications and passwords

December 30, 2016 - 15:14

Rocco Maglio, Certified Information Systems Security Professional, CISSP, has over 20 years in the field of software engineering.

One of the most difficult aspects of security is uniquely identifying a user and verifying that they are who they claim to be. This is normally down through a username and password. The username uniquely identifies the user and the password verifies that they are that user.

Rocco Maglio, CISSPThe username and password works reasonably well. The password should be something that only you would know. Many people fail to use a unique enough password oftentimes passwords are simply password, secret, or 123456. These passwords are easily guessed and given enough usernames you can usually find one that used on of these passwords.

If you can come up with strong password that was at least eight characters and contained a combination of upper and lowercase letters, numbers, and symbols. It would be difficult to guess, but it is also difficult to remember. If you followed best practices and changed that password every ninety days and use a different password for every site, you would have to keep up with a bunch of difficult to remember passwords.

Even if you manage to keep up with all these passwords you could be beaten by the forgot password functionality. Many site allow you to recover or change your password by answering a few security questions. This can be difficult at times since many times you may answer the question differently. For instance, if it asks about your high school you might reply Hernando, Hernando High, or Hernando High School. People who know you might be able to answer the questions too which would defeat the strong password.

Other identification schema are being tried like biometrics. Many cell phones have a fingerprint scanner built into them. This works reasonably well for securing phones. For identifying users on website it would be difficult since the user would only have a single fingerprint and would want a different authentication for each site. Otherwise any site would know you fingerprint secret and could use that to login to any of the other sites as you.

Verifying users is a hard problem. The best advice is to follow the recommendation of professionals when you can. Make passwords that are hard to guess by using at least 8 characters and a combination of letters, numbers and special characters. Try not to use words that are properly spelled. If you have accounts on different sites try to incorporate something about the site to make the password unique. For instance, you could incorporate the first letter of the site as the first letter of password, so for amazon your password would start with an a. Using this trick the rest of your password could be the same while having a unique password for each site.