November 6, 2010 at 11:22 am
Comments posted to this topic are about the item Should You Write Down Your Passwords?
November 8, 2010 at 7:13 am
I think that a 24 or 36 character password consisting of just upper and lowercase letters is about as strong as a 12 character password that also has numbers and special symbols, and is preferable because it is even possible to remember. You can take the string from a book. Here's one from Tiptree. Try to forget it.
TroopOfGiantWolfSpidersParaded
November 8, 2010 at 7:49 am
No approach to passwords is ideal, because the whole login id/password paradigm tries to serve two masters and as we all know that means it serves neither particularly well.
The whole point is to say "I am John Smith, because I have given this password which it is impossible for anyone else to know."
So on the one hand we have identity, and on the other we have authentication. The computer doesn't know John Smith from Adam. Problem is Mary Jones can get hold of John's password and you're screwed...
We try to make it hard to guess, which makes it hard to remember. It's a stupid arms race that the defenders simply can't win. If you write them down (and so many do, sigh) then you might as well not have any, because that defeats the password's secrecy.
I think we need to rethink how passwords work. In my opinion, locking the account *permantently* (no short reset period, administrator must reset) is a far better technique since it gets a human in the loop. It stops password guessers cold, meaning simpler passwords are more secure because an attacker can only try in groups of 3, not forever.
And if I see an account locked twice in a week, I assume the worst, go to defcon 1, pulling out all the stops to find where the attack is coming from.
Of course that doesn't stop a determined attacker, but it does tend to make them shift away from dictionary style attacks. And it's *simple* too... ๐
We've got physical security down to a science. The problem is the real world gives us natural defenses that don't exist in a networked world.
Something fundamental has to change in how we identify and autenticate. Passwords are the worst way to protect anything--except for everything else. Sigh.
November 8, 2010 at 8:31 am
I would agree with Roger's reply for outside, automated attacks. If these folks are shutdown after 3 to 5 tries they will move on to someone else. For inside attacks, a friend who works as a computer security expert recommends choosing passwords that cannot be guessed by your friends, relatives or co-workers.
November 8, 2010 at 8:50 am
Is anyone out there using biometrics to secure data and/or applications?
November 8, 2010 at 8:56 am
If you write it down and someone observes and manages to login as you, then you have a potential repudiation problem (means that you may have to prove that what happened next was not actually you).
November 8, 2010 at 9:08 am
Craig-315134 (11/8/2010)
Is anyone out there using biometrics to secure data and/or applications?
While this is getting more possible with some laptops coming with fingerprint scanners I don't see it as a solution to this problem at this point. Potentially ever when you take privacy concerns into account. Personally, I don't want to have every site I access require a fingerprint to log in. What if I'm at a friend's or library where a fingerprint scanner isn't available? And while it only takes storing a few parts of a fingerprint to do this kind of authentication either you're going to need to transmit the whole fingerprint to the server or have a control that recognizes the parts relevant to the match. It's also unlikely that all sites are going to want to develop their own tools to do this so there will then be either one central clearing house for this or at most two or three common ones. A security hole in that could lead to a large number of sites becoming compromised due to the centralized nature of it.
November 8, 2010 at 9:19 am
Biometrics are a nightmare for authentication.
The central, unsolvable issue is that once your biometric is compromised, *it can't be changed*. Lose your fingerprint and spoofers will be able to pose as you forevermore.
Sound like fun?
November 8, 2010 at 9:22 am
Security based on biometric data is not a good idea because just like any other data, your biometric data can stolen - and if it is, you cannot change it...
November 8, 2010 at 9:31 am
W!OW34f34D3h54qo looks like a nice strong password but it's just SQLServerCentral moved "one key up" when you type it in. Use that method in conjunction with a memorable phrase (like the initial letters of the opening line of a favourite song) and you'll have something memorable but not guessable.
The key point is to have a password that you can remember without having to write it down anywhere.
November 8, 2010 at 9:54 am
Revenant wrote:
'Security based on biometric data is not a good idea because just like any other data, your biometric data can stolen - and if it is, you cannot change it... '
Fundamentally, this is true, although the 'theft' is likely to be rather grisly in nature. (The literally eye-popping scenario in 'Angels and Demons' is not terribly far-fetched; I recall reading of a car-theft in Germany, in which the owner's finger was detached to gain access to the high-end car.)
My major concern with biometric security, however, is not theft; up to nine additional digits may be scanned, for example, should the first's scan be compromised.
Rather, it is biometric's probabilistic nature in which I think the problem lies, at least when finger scans are used. Recognition errors may be reduced, but never eliminated, due to the changeable nature of sensor behaviour under different environmental conditions (temperature and humidity, for example); and little research is being made into the changeability of the physical characteristics upon which the biometric data itself is based (to what extent do our fingerprints or retinas change as we age?)
November 8, 2010 at 10:05 am
Craig-315134 (11/8/2010)
Revenant wrote:'Security based on biometric data is not a good idea because just like any other data, your biometric data can stolen - and if it is, you cannot change it... '
Fundamentally, this is true, although the 'theft' is likely to be rather grisly in nature. (The literally eye-popping scenario in 'Angels and Demons' is not terribly far-fetched;
Of course, the theft of biometric data doesn't necessarily mean chopping off fingers or gouging out eyeballs. The scan, obviously, just creates a stream of numbers. If these numbers are intercepted, then it is just the same as a password, albeit a very, very long password.
I have always distrusted any organisation that forces people to change their passwords every week, month, etc. It is supposed to make it more secure, but it inevitably leads to people writing it down or using obvious passwords that involve the date.
Nigel
November 8, 2010 at 10:14 am
I believe the military (chiefly the USAF -- not sure of other branches) has already resolved this issue (and I am not talking about ultra top secret installations) for general administrative system access for which each person has a Military ID card with an embedded ID chip that can be inserted into a reader on the keyboard of a network attached PC to identify the individual. Once, the chip information is validated the individual still has to enter a password to be authenticated and authorized to the network applications. Theoretically, an individual could potentially recieve there own authorized desktop and set of applications at any base level PC anywhere in the world providing classified data access from Unclassified through Secret authorization depending on the location of the PC on installation. Most Compartmentalized Top Secret networks are much more restrictive and having no outside connections.
But, the point being, that this dual-authentication is much harder to break than pasword discovery alone and/or obtaining a stolen ID card which are around 99.99% impossible to duplicate and easily pulled from access when reported as lost. The concept is very cost effective and actually more reliable than a biometrics approach.
"Any fool can write code that a computer can understand. Good programmers write code that humans can understand." -- Martin Fowler
November 8, 2010 at 10:26 am
The card & password used my the US military sounds like a good idea. I presume this is very similar (though, maybe more sophisticated) to the chip & PIN that has been used on credit cards for the past few years.
November 8, 2010 at 10:32 am
I donโt think a permanent lockout is practical when it comes to SQL Server service accounts. It would be dirt simple for someone to do a denial of service attack by just trying to login on the service account a few times. Also, I believe that policy is domain wide, so unless you have all SQL Server on their own domain, that would cause a lot of problem for individual users.
We use a different service account and password for each server, and a different sa login password on each server. All passwords are randomly generated and fairly long (20+ characters), so they should be able to survive extended cracking attempts. We also handle any other service accounts and SQL Server passwords the same. Since we have hundreds of servers, we have to store the passwords someplace, so we use a password safe program with a strong pass phrase that we change fairly often. We only need the passwords when we setup a new server, or have to do some work with those accounts, and only the DBA team has access to the password safe.
Viewing 15 posts - 1 through 15 (of 56 total)
You must be logged in to reply to this topic. Login to reply