Information Technology Reference
In-Depth Information
If nonmnemonic names are chosen, users often post pass
words next to their workstations, so they won't forget what
to type. Of course, others will find this posted information
equally helpful.
Passwords are often so short that they may be determined by
simple trialanderror. (Until recently, for example, one busi
ness used a system where passwords for all users consisted of
exactly two capital letters.)
System flaws, operator errors, or procedural mistakes may al
low users to access the file that contains all passwords.
Numerous stories tell of lists of current passwords appearing
on terminals or printers, for example.
Most computers allow system managers special privileges, so
that the machines may be run smoothly and so that updates
and operations may be performed effectively. Managers nor
mally have the power to peruse all files on a system, regard
less of password protections that might inhibit other users.
If outsiders or regular users are able to break into a manager's
account, then these people also can examine and modify all
files. (In one system known to this author, an administrator
was worried about forgetting the manager's password, so he
left it blank. Individual accounts were well protected, but
anyone who tried to log in as manager had no trouble what
soever obtaining special powers with a privileged status.)
Overall, then, passwords have the potential to limit access to in
formation, but any system depending on password protection must
be used carefully, following wellestablished protections and proce
dures. Carelessness may open such systems to a wide range of
abuses.
Besides password systems, what else can I do to
protect my files?
A different approach for the protection of data involves the en
coding of information, so only authorized users can make any sense
of the information present. With the processing power of modern
machines, programs sometimes encode data automatically before
 
Search WWH ::




Custom Search