TechworkLife

The Multiple Password Quandry

There isn't anything new about securing applications or computers with passwords. It is not advisable to just have one password for all purposes, and end-users are strongly advised not to do this. For their own sake, no user knows whether a web application done for personal use will be comprised. It isn't a given that the passwords you enter into an application are hidden from the administrator. You should assume they are not, and try to keep a different one for each web site. Multiple passwords can create some semblence of security.

Of course there are many issues with basic name and password challange for access. Any computer can be comprised if it is not physically secured, and the only hope there is that the data has been encryted to resist the intruders machine access (Of course this has a penalty if the user forgets their encrytion password and the backup is also encryted ). No, it is an imperfect world for using logins, and the IT Manager must walk a fine line between reducing easily guessed passwords and keeping administration of password resets to a minimum. There are several strategies that end-users can be advised on. Here is a pretty good one. Applications that keep your multiple passwords for you can be handy, yet provide an single point of failure in protecting assets, and the much used browser function of remembering your password for web logins is a double-edged sword (use it only if you secure both the sleeping and boot-up computer). If possible, smart card access or synchronized electronic passwords ( e.g. SecurID ) will give better assurance of the login identity, Proper role assignments also reduces improper access, but the password changes on a regular basis and monitoring of the logs are the best defense.