There are two important issues in system security. One is in the use of passwords, which should be chosen and used securely. However secure a system might be, it is normally left wide open if the password used to access it is compromised.
Problems with passwords
Most systems use passwords to restrict access. It is possible to obtain a password in several ways:
- guessing
If you choose a particularly simple password (your mother's maiden name, your pet's name, your favourite sports team) then people may be able to guess the password - brute-force search
There are programs which can try many passwords, for example by going through every word in a dictionary - social engineering
It is often possible to trick people into revealing passwords, for example by phoning up and pretending to be the Internet service provider or a member of the company - obtaining stored passwords
Sometimes people store passwords on their computer, on post-it notes, in their diary, etc. In this case, the password can easily be obtained by somebody with physical access - obtaining shared passwords
When the same password is used for several systems, anybody who obtains the password for one system already has it for all others - installing trojans
There are 'trojan horse' software programs which install invisibly on your computer, monitoring keystrokes. These are often associated with computer viruses - interception
If passwords are sent across an unencrypted connection, it may be possible to intercept the password as it is transmitted (this is usually a relatively low risk)
Using passwords securely
You can avoid these problems by:
- using a good password
Choose a password that is reasonably long (at least 8 characters) and is not made up of simple words. Use punctuation and numbers if possible - ensure systems limit password attempts
If possible, make sure that the system allows only a certain number of password attempts before locking out the account - not storing passwords
Do not store important passwords on your computer, or write them down - not sharing passwords
Use different passwords for all important systems - never giving out passwords
Do not give out your password to anybody - maintaining general levels of computer security
Use a virus checker and ensure that your email program is configured securely and kept up to date - using secure connections for passwords
Make sure that passwords are sent across secure connections so that they cannot be intercepted in transit
