Password Help

  • Comments posted to this topic are about the item Password Help

  • Passwords are a massively contentious issue.

    The main problem with them is their nature is paradoxical. They have to remain secret yet they have to be known...

    The problem with rapid changes in password (monthly, really?) is communicating the changes and *remembering* them. A forgotten password is no password at all.

    Password archives are no answer. Because to access that archive requires--you guessed it--another password!

    Another problem is passwords don't scale. Each application that requires (yet another different) password adds exponentially to the problem of remembering which password goes to which account.

    It's like having a massive keyring with all the keys unlabeled. At that point you start using an archive--but that's a single point of failure. Lose the archive password (or have it compromised) and suddenly it's game over...

    The last problem is more generic. The more secure something is the less useful it is. Security and convenience are opposite ends of the same spectrum. Frequent password changes solve one problem but introduce a host of others.

    Of course there's no good answer--which should tell us we're trying to solve the wrong problem...

  • I used to manage a nightclub...

    Whoa... what? Reflecting on the article, what intrigued me the most was the statement that you managed a nightclub.

    Very interesting.

    ______________________________________________________________________________________________
    Forum posting etiquette.[/url] Get your answers faster.

  • calvo (11/2/2011)


    I used to manage a nightclub...

    Whoa... what? Reflecting on the article, what intrigued me the most was the statement that you managed a nightclub.

    Very interesting.

    😉

  • I'm inclined to say that frequent password change is a bad thing; but of course it's necessary when once you have shared passwords both because people leave and because shared passwords quickly become common knowledge (maybe the cleaners don't know them, but even the most junior secretary does). The proper solution is to avoid shared passwords - everyone has their own login (or logins) and their own permissions. Then you can impose password complexity rules that allow you to go a long time without changing passwords because the brute force crack time is silly; and of course when someone leaves, his/her logins are disabled and deleted.

    I've known people claim that you can't handle things like backup protection without shared passwords. They are wrong. But to do this and all the other things for which people often opt for shared passwords properly you need to have a competent security specialist to specify your system, developers who can write the required code, and security auditors who undertake frequent checks as well as having to educate recruits into working methods (for example for backup and restore and disaster recovery) that are not the ones in the SQL Server documentation, which means that it is not cheap. But then sensible people don't expect good security to come magically out of the box for free.

    Unfortunately some passwords genuinely are inevitably shared: alarm codes are a good example. For those passwords frequent change is a must.

    Physical access security is very easy to do securely without any shared passwords, but most commercially available physical access control systems use either an unauthenticated token or a shared pin so perhaps it's expensive to do it properly (with challenge-response between an access-token which holds no data in common with any other token-holder's token and the system, and including authentication using an unshared password on every use). And I've never seen an alarm system (as opposed to an access system) which used unshared tokens with authentication.

    Tom

  • Shared password changes shouldn't be frequent, if they are, then you have other HR issues and security is likely compromised in many ways.

    A shared password system (KeePass, Password Safe, etc) works well, giving a central place to store and one password for people to remember. That limits the issues, and it provides good security. Our approach in a large admin environment (20+ admins) was

    - change admin passwords once a month (only a few for various vertical systems, scripted).

    - service account pwds not stored. Set as 15+, one time passwords

    - change pwds when an admin leaves.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply