Building blocks to security: Passwords -- the first line of defense
Passwords -- the first line of defense and the oldest form of security on Unix systems -- might seem a very tired topic. You might even think there would be nothing left to say about passwords but, even today, people are making the same basic mistakes -- choosing obvious passwords, writing passwords down, or sharing passwords -- that they were making 10 years or more ago. When even a systems administrator is likely to set a user's password to "password" whether by intention or because the user has requested it, one has to wonder how much of our new awareness of the importance of system security has impacted day-to-day operations.
Even if user password choices are much the same as they were 10 years ago, however, two dramatic changes have taken place. For one, the number of passwords and other secret codes that each of us has to remember has increased dramatically. Given online banking, online bill paying, access codes for voicemail and unlocking cell phones, secret codes for ATMs, passwords for logging in to Websites, and security codes for offices and maybe even homes, the fact is that we are reaching the point at which we simply have too many secret codes to remember without some kind of crutch, whether it be paper or something else altogether. We run the risk of being locked out of our various accounts and maybe even our homes and offices by an excess of secret codes. If we set all of our passwords the same or write them down to compensate, we introduce risks of another kind.
The second change that has occurred -- the increasing use of security tools -- is a boon to security. Usage of tools -- such as personal firewalls, VPNs, and ssh -- that limit password and data exposure has roughly paralleled the growth of telecommuting. Telecommuters can now securely log in to work systems and update program and data files without fear that they are risking their company's code or Internet presence.
Balancing these two changes -- the password explosion and the general availability of security tools -- against each other, where do we stand with respect to the vulnerability of passwords today? Before we answer this question, let's review why passwords are vulnerable in the first place.
Basic authentication
In the simplest and most common form of authentication (the process of verifying the identity of an individual), only the user's login name and password are used. The assumption is, of course, that only the intended user knows the password. Since the username is effectively public (i.e., it is almost always the user's email address as well and printed on business cards), the secrecy of the password is the only thing that stands between an imposter and the user's files.
Typical computer users, even today, seem to think that some "clever" substitution of letters (e.g., replacing the letter "o" with the digit "0") or a keyboard pattern (e.g., "qwerty") are sufficient to
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
