Spelling suggestions: "subject:"password repository"" "subject:"passwords repository""
1 |
Resolving the Password Security Purgatory in the Contexts of Technology, Security and Human FactorsAdeka, Muhammad I., Shepherd, Simon J., Abd-Alhameed, Raed 22 January 2013 (has links)
Yes / Passwords are the most popular and constitute the
first line of defence in computer-based security systems; despite
the existence of more attack-resistant authentication schemes. In
order to enhance password security, it is imperative to strike a
balance between having enough rules to maintain good security
and not having too many rules that would compel users to take
evasive actions which would, in turn, compromise security. It is
noted that the human factor is the most critical element in the
security system for at least three possible reasons; it is the
weakest link, the only factor that exercises initiatives, as well as
the factor that transcends all the other elements of the entire
system. This illustrates the significance of social engineering in
security designs, and the fact that security is indeed a function of
both technology and human factors; bearing in mind the fact
that there can be no technical hacking in vacuum. This paper
examines the current divergence among security engineers as
regards the rules governing best practices in the use of
passwords: should they be written down or memorized; changed
frequently or remain permanent? It also attempts to elucidate
the facts surrounding some of the myths associated with
computer security. This paper posits that destitution of requisite
balance between the factors of technology and factors of
humanity is responsible for the purgatory posture of password
security related problems. It is thus recommended that, in the
handling of password security issues, human factors should be
given priority over technological factors. The paper proposes
the use of the (k, n)-Threshold Scheme, such as the Shamir’s
secret-sharing scheme, to enhance the security of the password
repository. This presupposes an inclination towards writing
down the password: after all, Diamond, Platinum, Gold and
Silver are not memorised; they are stored. / Petroleum Technology Development Fund
|
Page generated in 0.0549 seconds