Information Technology Reference
In-Depth Information
Timeouts, audit trails, and roll backs are common in many
transactionbased applications—not just ATM deposits. Similar
techniques are common whenever updates involve steps that must
be done together. A transaction may require the updating of several
pieces of data, but a rollback mechanism ensures that either all
pieces are revised or the entire transaction is canceled. Altogether,
these types of capabilities can provide considerable security that
files are maintained in a timely and consistent manner; in the case
of financial transactions as might be found in banks, variations of
these security measures are mandated by both accounting standards
and legal regulations.
Security for your ATM account, however, goes beyond ensuring
that the system is functioning correctly. The
Personal Identification
Number
(
PIN)
that you are required to enter serves to identify you
in a way similar to password protection systems in your computer.
Limiting access to data requires that a computer distinguish one
person from another. For example, if multiple people will be using
one computer, each person can be given a separate computer ac
count and password. The system then operates under the assump
tion that each individual knows her or his password but others do
not. Data are restricted when a potential intruder cannot supply the
required access code.
Unfortunately, password systems often work better in theory
than in practice for several reasons.
Users often choose codes that are easily guessed, because they
do not want to forget their own passwords. Common fa
vorites include their own names or nicknames (sometimes re
peated twice), names of relatives or friends, wellknown dates
(e.g., birthdays, anniversaries), and popular words or phrases.
For example, some studies have found that as many as 40%
or 50% of the passwords on a system can be guessed follow
ing a few simple rules and guidelines.
Users often tell their friends their passwords, so that their
friends can use a particular program or data set.
