The average password user rarely makes an attempt to remember a well constituted password. A well constituted password should be complex enough to prevent what are known as dictionary attacks i. e. passwords constituting letters that make up words that are easy to guess or deduce. Passwords are not foolproof as it is and poor passwords make the whole security measure weaker. Thus, poor password practices always undermine system security. Password reuse is another form of password abuse. Users usually adopt the same passwords or variations of the same password because they are easier to remember.
Similarly, users will normally opt to use simple passwords on occasions where the repercussions of intrusion are relatively mild e. g. hat are generated for them. First, these passwords are often temporary and users are given specific instructions to immediately change the password to something different than what was generated. Secondly, people may want to reuse their password they could just change the generated password into something they commonly use for an unimportant website. To help ease the problems that arise in creation and remembering of passwords, password managers are used.
A password manager is software that assists users to organize their passwords in a retrievable manner. A typical password manager has a database or files that store encrypted password data. Many password managers also work as form fillers whereby they fill the user and password data automatically into the forms. Unfortunately, many users keep a written record of their passwords. Users who are subjected to complex passwords generated by password managers either change them frequently or end up writing them down.
This is itself creates another problem because some users write down their passwords on sticky notes etc. while others keep their passwords as text files n their computers or mobile device, where the passwords can be easily lost or stolen. Recommendations. Educating users on password security is effective. However, this should not deter efforts made at looking into security measures beyond passwords. An example is some companies that have branched into biometrics to increase security. Biometrics is the science and technology of measuring and analyzing human biological data.
In the context of information technology and more specifically security measures, biometrics refers to technologies that measure and analyze human body characteristics. These characteristics include fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements etc. These characteristics are unique to individual human beings and can thus be used for authentication purposes. Biometric authentication is becoming increasingly common in corporate and public security systems, consumer electronics and point of sale (POS) applications. In addition to security, convenience has been another attractive aspect in Biometrics.
Biometric devices, such as retina iris scanners, consist of a scanning device, software that converts the scanned information into a digital format and finally compares the resultant match points with those stored in a database containing biometric data for comparison. Another recommendation is the implementation of a layered strategy. It could start out with one password to gain general access, then as the risk rises, the user should be required to provide combinations of something in their knowledge and which is a secret. It could be a smart card, a secure ID token, etc
For systems that are limited to the use of keyboard based passwords, the following measures would greatly assist in strengthening the passwords adopted: 1. Avoid letters from familiar phrases. 2. Combine the use of uppercase and lowercase letters in the password. 3. Avoid abbreviations of common phrases or acronyms. 4. Use punctuation in the password. 5. Use a password of at least six characters. 6. Avoid common literary names. 7. Mix up two or more separate words. 8. Create an acronym from an uncommon phrase. 9. Avoid passwords that contain your login ID. 10. Use numbers in the password. 11. Use homonyms or deliberate misspellings.