Moving beyond passwords
Since the early days of terminal-based computing in the 1960s, agencies controlled access to mainframe systems through passwords. This was usually true whether the system had a classified weapons database or a cafeteria lunch menu.
If security requirements were high, agency officials would use other tactics. They might create stricter password policies, such as replacing expired ones every month, or they might use physical access controls, such as placing the terminal in a locked room or beyond a security checkpoint.
Yet both approaches have problems. Studies show that as password policies become more complex, users are more prone to write passwords down, compromising security. And although a locked door certainly offers some protection, it limits users to specific machines in specific locations.
[ Read more ]
- Review: Incident Response: Computer Forensics Toolkit (29 October 2003)
- Review: HackNotes Windows Security Portable Reference (13 October 2003)
- Article: How to Use Passwords Securely (22 April 2003)
- Article: Implementing Basic Security Measures (14 April 2003)
- Article: Cracking OpenVMS Passwords with John the Ripper (28 November 2002)
- Article: What makes a good Password? (13 November 2002)
- Article: A Note on Proactive Password Checking (24 September 2002)
- Article: Basic security with passwords (24 May 2002)
- Article: Passwords - The Weak Link (1 April 2002)