SIZ Education |Information technology || What is Password? by @ghazi.vani || 20% payout to siz-official || #club5050
Greeting to all Steemains. Hopefully, you all are fine and enjoying a great and blessed life with the grace of GOD. I'm going to share the most important topic, What is Password?
On the Intranet the user is identified only by his username, known to everybody, and his password, known only to him. The password is what makes an unknown person an authenticated user, with all his privileges and his identity’s responsibilities. If somebody else uses the right user’s password, for the Intranet this other person is exactly the user. Law 196/2003 explicitly forbids users from giving their passwords to other users, even when they are absent from work. These are some, often underestimated, malign actions a passwords’ thief can do:
• Steal personal information.
• Steal privacy-protected data
• Steal money
• Delete and modify data
• Steal identity
• Start illegal activities
Therefore it is absolutely necessary to keep passwords secret. Unfortunately, many people use very trivial passwords. This is the list of the most common passwords in 2014: password, 123456, 12345678, 1234, qwerty, dragon, baseball, football, monkey, 696969, abc123, 12345.
There exist automatic programs which are able to try 4 billion passwords each second, and they usually start trying combinations of words and numbers (the complete set of all Italian, German and English words can be tried in less than 1 second). Check on https://howsecureismypassword.net how much time does it take to one of these programs to discover your easy passwords.
Law 196/2003 explicitly requires that passwords do have some features:
• Change the password often, at least every six months (3 if sensitive data are handled);
• Avoid words related to yourself, such as names, birth dates, birth places, and addresses;
• Use a minimum of 8 characters.
Moreover, other good procedures are:
• Use as a password a good mix of numbers, strange characters, small caps, and capital letters, avoiding any common
word (other people’s names or words which can be found in a dictionary);
• Use different passwords for different purposes. Unfortunately, every website asks the user to register with a password, and users who use always the same password are giving it away to every website they register, even untrustworthy ones. It is a good procedure to have at least three passwords: one for important use (bank account), a second one for everyday use, and the last one for unimportant use (registering to unknown websites or to services that will not be used anymore).
Alternative password devices:
Law 196/2003 gives the possibility to either replace the password authentification with other personal devices or with biometric identification or to simply add these techniques to existing passwords. Usually, biometric identification is considered to be very secure and thus it is used to replace completely the password system. It can be fingerprint recognition, hand palm blood vessels recognition, eye retina scanning, or voice identification.
For very important activities, such as a digital signature or bank operations, usually, a personal device is instead added to the standard login and password system. The usual password is remembered personally by the user and a personal device provides the second part of the password. This device can be a smartcard, such as the national health card , which is inserted into a card reader or a USB token and they provide to the program or website the second half of the password which is stored inside the object.
Alternatively, the second part of the password is an OTP One Time Password, generated every time through a telephone call to the user’s mobile phone or displayed on a small token (which can be either inserted or not inserted in a USB plug) which is clearly synchronized with the website for which password is needed.
This big advantage of this second system is that, even if both parts of the password are intercepted or guessed, the second part can be used only that time and will expire after a few seconds.
JOIN STEEM INFINITY ZONE