Change Passwords


Visitors: 282

All passwords should be changed regularly. A change in password could also be necessitated by the fear or reality of a user’s current password being compromised. As a precautionary measure, any system should provide an encrypted method for changing a password. If a new password is passed to the system in an unencrypted form, security can be compromised before the new password can even be installed in the password database. And if a compromised employee or other intermediary gets hold of the new password, there is little to gain from changing a password. There are some web sites that include the user-selected password in an unencrypted confirming e-mail message.

Today, automatic issuance of replacements for lost passwords is mostly done with the help of identity management systems. To verify the user's identity, questions are asked and answers are compared with the ones previously stored. Some samples: “Where were you born?" or “What is your favorite soccer club?" or “Who is your favorite actress?" There is a possibility that in a number of such cases the answers to these questions can be guessed, found by research, or determined with the help of social engineering. Although many users have now learnt not to reveal a password, there are a few as well who consider the name of their favorite soccer team to need similar care.

If a user is forced to change his passwords frequently, then a valid password in the wrong hands will eventually become unusable. Though not yet universally used, many operating systems provide such features these days. The security benefits of these systems are limited, as attackers often exploit a password as soon as it is compromised. In several instances, more so with administrative or “root" accounts, it has been found that once an attacker succeeds in gaining access, he/she makes alterations to the operating system that will allow him/her future access even after the expiry of the initial password.

Again, if forced to change a password too frequently, a user may forget which password is current, and there is almost always a possibility that he will write his password down or reuse an earlier password. Such steps are most likely to cancel any added security benefit. It is imperative that human factors be duly considered before implementing such a policy.

Passwords provides detailed information on Best Passwords, Change Passwords, Password Generators, Password Protection and more. Passwords is affiliated with Electronic Keyboard .


Article Source:

Rate this Article: 
IT Security and You! Part 1 - Passwords
Rated 4 / 5
based on 5 votes

Related Articles:

Remembering Passwords-Methods to Help Your Memory For Passwords

by: Dean Chafee (January 10, 2007) 
(Computers and Technology)

Autocomplete Passwords - How To Clear Stored Passwords

by: Angela Daley (September 19, 2005) 
(Computers and Technology/Personal Tech)

Best Passwords

by: Richard Romando (May 20, 2006) 
(Computers and Technology/Personal Tech)

How to Manage All Your Passwords

by: Lynda Hill (September 28, 2008) 
(Computers and Technology/Software)

Cracking Passwords

by: Darren Miller (December 06, 2005) 
(Computers and Technology/Personal Tech)

How To Create Strong Passwords

by: Karyn Greenstreet (May 26, 2008) 

Security of Passwords ISO27001

by: Chris Eden (July 10, 2008) 
(Internet and Businesses Online/Security)

Passwords and the Human Factor

by: Terrence F. Doheny (January 27, 2005) 
(Computers and Technology/Personal Tech)

Keeping Passwords Secure

by: S. Housley (February 24, 2005) 
(Computers and Technology/Personal Tech)

IT Security and You! Part 1 - Passwords

by: David Baldwin (April 11, 2007) 
(Computers and Technology)