How To Make Passwords Safer?
How to make passwords safer? By making them time-dependent so that they change all the time.
What makes passwords insecure? The answer is simple: because they are changed too seldom. If passwords were time-dependent and changing constantly, they would become less useful for crackers.
Internet is full of instructions how to select a good password. They tell you do’s and don’ts, but they all have one weakness in common. If the password is stolen, it doesn’t matter whether the password is good or bad, because it will be available for misuse until it has been changed. If part of the password changed for example depending on the time and date, the password would become useless for crackers.
Time-Dependent Passwords
Automatically changing passwords do not exist yet. Basically, such a system would require that part of the password consisted of numbers or letters present in the date. The logic behind the password would have to be defined when entering the password for the first time. The user could define which part of the time and date will be included. It could be for example the date or three first letters of the name of the weekday. The user could also choose whether to insert this information to the beginning or to the end of the password.
The biggest obstacle in using time-dependent passwords lies in thinking. Passwords would no longer exist as relics that are difficult to invent and troublesome to change. They would become nomadic, ever changing. After overcoming this mental block, password checking libraries should be updated to meet new requirements and afterwards also all software and services requiring logging in. No doubt these changes would be less expensive than current costs that result from cracked systems. If you like the idea, feel free to propose this to the vendors whose software and services you use, and promote it.
Comments
Olen työskennellyt IT-alalla reilusti yli 30 vuotta. Voin kertoa, että jo 80-luvulla on kokeiltu ja käytettykin automaatisesti vaihtuvaa salasanaa sekä UNIX että VAX/VMS- ympäristössä. Sen hankaluus käyttäjälle oli siinä, että tuolloin aina se löytyi jostain koneen läheltä lapulle kirjoitettuna.
Teidän ehdottomanne malli vaatii myös jonkun taulukon tai muistisäännön kirjaamista. Ja nämähän on aina hakkerin helppo myös purkaa.
Toimiva tapa on se, että että ei aikaan eikä paikkaan tai omiin asioihin sidottuja salasanoja vaan kirjain-numeroyhdistelmä, joka on tarpeeksi vaikea, mutta itse muistat sen ulkoa.
Terveisin,
Sisko
IT-yritysken toimitusjohtaja
Ideana tässä aikariippuvuudessa on nimenomaan se, että urkittu salasana muuttuu nopeasti käyttökelvottomaksi. Krakkereille päätynyt salasana on menetetty, vaikka se olisi kuinka turvallinen. Tuo vika penkin ja näppäimistön välissä eli lapulle kirjoittaminen ei taida olla mitenkään korjattavissa.