Finewedges.com Finewedges.com Finewedges.com
   Index :> About Us :> Privacy Policy :> Terms of Use :> Add Your Link :> Add Your Article
Search:   
Add Url
 

Relationship & Lifestyle

Investment & Finance

People & Communities

Recreation & Entertainment

Self Management

Sports & Adventure

Games & Play

Health & Hygiene

Property & Estate

Automobile & Automotive

Companies & Business

Medical Care

Tour & Travel

Creative Arts

Children

Home Family & Garden

Science & Space

Shopping & Auction

Eating & Drinking

Education & Learning

Politics & Government

Jobs & Careers

News & Events

Internet & Computers
 

Index » Internet & Computers » PC Resources
 

Change Passwords
 

All passwords should be changed regularly. A change in password could also be necessitated by the fear or reality of a users current password being compromised. As a precautionary measure, any system should provide an encrypted method for changing a password. If a new password is passed to the system in an unencrypted form, security can be compromised before the new password can even be installed in the password database. And if a compromised employee or other intermediary gets hold of the new password, there is little to gain from changing a password. There are some web sites that include the user-selected password in an unencrypted confirming e-mail message.

Today, automatic issuance of replacements for lost passwords is mostly done with the help of identity management systems. To verify the user's identity, questions are asked and answers are compared with the ones previously stored. Some samples: "Where were you born?" or "What is your favorite soccer club?" or "Who is your favorite actress?" There is a possibility that in a number of such cases the answers to these questions can be guessed, found by research, or determined with the help of social engineering. Although many users have now learnt not to reveal a password, there are a few as well who consider the name of their favorite soccer team to need similar care.

If a user is forced to change his passwords frequently, then a valid password in the wrong hands will eventually become unusable. Though not yet universally used, many operating systems provide such features these days. The security benefits of these systems are limited, as attackers often exploit a password as soon as it is compromised. In several instances, more so with administrative or "root" accounts, it has been found that once an attacker succeeds in gaining access, he/she makes alterations to the operating system that will allow him/her future access even after the expiry of the initial password.

Again, if forced to change a password too frequently, a user may forget which password is current, and there is almost always a possibility that he will write his password down or reuse an earlier password. Such steps are most likely to cancel any added security benefit. It is imperative that human factors be duly considered before implementing such a policy.
Author: Richard Romando
 
Author Bio:
Richard Romando is a reputed author. Richard likes to write articles about this subject.
 
 
 

Related Articles
 
Shooting Fish in a Barrel
 
Websites: You Get What You Pay For!
 
5 Free Ways to Increase your Website Traffic
 
SEO Best Practice: Befriend the Directories
 
Web Hosting Essential Needs
 
Designing Your Website for the Masses
 
Easy How-To Fix Your Registry Files
 
Email Advertising Services
 
MCSE Certification - Better Than Novell?
 
Internet 'Grey Areas'
 
 
 
Index :> Privacy Policy :> Terms of Use
Copyright © 2008 www.finewedges.com