International Developer Logo Last Updated 19.11.08 at 11.48
Powered by SEEK
Keywords (optional)
 
FEATURES

Passwords - friend or foe?

  20.06.07

Passwords have been used for centuries but, according to some, their days are numbered. Bill Gates, for example, believes that arming everyone with yet more complex technology will make electronic transactions safer. While this may be true for those prepared or able to use such technology, there’s a lot more that communications networks can do to take the strain and keep things simple, argues Richard Baker, BT’s chief identity architect.

Every day for the past 700 years, a password ritual has been enacted at the Tower of London. At seven minutes to 10 o’clock every night, the Tower is locked down by the Chief Warder who is then challenged by a sentry to provide the right password. The dialogue runs:

 

Sentry - “Who goes there?”

Chief Warder - “The Keys”

Sentry - “Whose Keys?”

Chief Warder - “Queen Elizabeth’s Keys”

Sentry - “Pass Queen Elizabeth’s Keys.

All’s well.”

 

But all is far from well in the modern world. Passwords have become a currency amongst criminals who attack banks, businesses and individuals to steal cash and other assets. 

In our digital world, the majority of electronic transactions and security procedures are ‘protected’ by user name and password authentication.

Many people use the same password for everything while others use a different password for each system. Both approaches have serious weaknesses. The first enables a hacker who has successfully captured a password to tamper with not just one but all of a victim’s electronic accounts. The second requires people to remember dozens of different passwords and change them regularly. Understandably, people often forget their passwords, write them down or simply enter the wrong one, increasing the burden on helpdesks.

Beyond passwords, there are approaches to authentication that have previously been considered a ‘Gold Standard’. In reality, though, nothing is foolproof and there always has to be a trade-off between security, usability and cost. There’s no point, for example, in a bank spending a fortune on a system that is too cumbersome for its customers to use – such a system might drive customers away.

An appropriate level of investment, however, is essential to manage the risks involved in a rapidly evolving threat landscape. Fraud, money laundering and the financing of terrorists are activities carried out by ‘professionals’ who work to a business case just like any legitimate organisation. Fighting them involves working to a business case that has the opposite objectives and ensuring you are sufficiently fleet of foot to outwit the bad guys.




   Previous Page  1 2 3 4 Next Page   

HAVE YOUR SAY
This article is rated  Rate this article 
 
Editors Letter
Picture of the Editor  
Alphabet Street 

Each month we try our hardest to cover every angle and aspect of software engineering. Indeed, we pride ourselves on our platform-agnostic wide ranging view of the development landscape. How then could we push ourselves even further and really broaden the spectrum of our editorial coverage? The answer had to be – the complete A to Z of software. Well, not complete, but a rip roaring twenty-six letter technology tour to provoke some interest and thoughts in areas you might not normally think about.

But first, a personal confession so that you know how all this started. I actually got the idea from reading a cookery magazine that had done something similar. You know the kind of thing – A for apples, B for bread, C for custard and so on. But those pesky food journalists have it easy don’t they? When they get to X, Y and Z they can just use X for Xérès Sherry, Y for Yeast and even Z for Zabaglione.

Now, X is simple enough with plenty of XMLs out there, Z for zero tolerance we reckoned, but Y, wow - now that is a hard one.

So, please dive in and jump to your favourite letter. It was always going to be the case that we would miss out on a few key areas, but we think it’s pretty cool to be able to work your way through the whole alphabet and just stay within the world of software development. Next month, 1001 aspects of application development and how you can implement them in your daily working schedule. Joke – ok?

Happy coding!

Adrian Bridgwater

Editor

Write to the Editor