Information Technology Reference
In-Depth Information
simple variations on a standard theme, such as “N3wPa55w0rd1,”
“N3wPa55w0rd2,” and so on.
4. The minimum time between user-originated password change in
highly secure environments should be 1 day, to avoid users rapidly
expiring history tables by repeated resets.
5. The minimum history of past-used passwords in highly secure
environments should be at least 25.
6. Passwords should be complex and contain at least three of the four
possible character types: uppercase (A-Z), lowercase (a-z), numeric
(0-9), and symbols (ex:
, !).
Pass phrases can also be used to improve security by making
lengthy passwords easier to remember, so that users will not be as
likely to keep written copies. An easily memorable phrase such as
“Open says me” can be turned into a strong password by substi-
tuting characters (3 for e, 5 for s are common) and including case
changes and special characters: “Op3n5ay5M3!”
Unfortunately, all tests against combinations of single-factor identifica-
tion based on “what you know” can eventually be guessed with sufficient
processing power, bandwidth, and time. Other forms of identification
may be required in more secure environments or where alternative meth-
ods of identification are required by policy or technology.
What You Have
Identification based on the possession of a specific item is as old as the key
lock and the signet ring, if not older. Knights and merchants once carried
patents of nobility and specially crafted symbols in order to prove their
identity. Even the Bronze-Age merchants known as the “beaker traders”
employed specially crafted chalices for identification.
Keys are still widely in use today, particularly when paired with physi-
cal security measures. However, electronic access rights are more com-
monly coupled with tokens that must be present to identify the possessor,
including the following types:
•
Tokens that are applied directly.
Such tokens provide identifica-
tion directly, by proximity or presentation. Access cards, “smart”
token s w it h embedded ci rc u it r y, a nd r ad io -f re quenc y ident i f ic at ion
