The Key to Data Security
Tester, Darlene M., Security Management
THE KEY TO DATA SECURITY
OVER 30 YEARS HAVE PASSED since the business world turned to the computer for data entry, storage, and retrieval. Security has evolved from simply locking the office door at night to state-of-the-art software security systems and hardware enhancements. Manufacturers hail their products to be superior to all others. Standard features may include one-way encryption, Data Encryption Standard algorithm secrecy, and violation detection reporting. What these manufacturers cannot provide protection against, however, is the individual user. No matter how safe the system security package, no matter how stringent the guarantee of confidentiality - no manufacturer can determine how safe a customer's employees are going to be with their passwords.
Passwords are the crux of a system's security package. To log onto a system, the user must supply a valid log-on identification and password. Although the identifications rarely change, the password must be changed periodically to give the system some semblance of integrity. The average life of a password is 30 days, while some companies allow longer periods between changes, and few have no time constraints at all. It is this time span that is supposed to keep intruders from breaking the security of the system.
Security personnel tell system users that passwords are to be kept secret and that certain words are not to be used as passwords. However, people are apt to choose passwords that relate directly to themselves or to their lifestyles. It is only logical to think of something that is easy to remember rather than some nonword combination of characters. However, it is easy enough to ask system users some simple questions about their lives and what they enjoy in their off-hours and then deduce their passwords. Ask the following question of the people who access the computer system:
* What is your spouse's name?
* What are your children's names?
* What is your family pet, and what is its name?
* What are your grandchildren's names?
* What is your nickname?
* What is your favorite sport or hobby? These six questions may net several possibilities for passwords.
Married women tend to use their husband's name as a password first, usually followed by children's names or pets' names. Interestingly, men usually use their children's names first, then their pets' names, and then their wives' names. Single people's passwords may be a bit more difficult but just as predictible. Women usually start with their partner's name, then their pets' names, and lastly they may turn to their siblings' names. Single men prefer to use terms from their sports or hobbies but will use their partner's name.
Many companies use a password history file to prevent a user from repeating his or her password and thus feel they have a fail-safe system. However, if the company uses a password history file of this sort, most users will employ a set rotation of passwords. …