- Advertising Agencies
- Arabic Sweets,
Pastries, Chocolates
- Architects

- Banks
- Beauty

- Car Rental
- Coffee Shops
- Commerce
- Consulting
- Craft

- Data Processing &
Computer Systems
- Decoration &

- Environment / Waste
Management Services
- Express Delivery
- Equipment : food
services, catering,
kitchen, laundry

- Financial Services
- Flowers
- Food & Beverage

- Hotels 3
- Hotels 4 & 5
- Hotels & Suites

- Industry
- Insurance
- Interior Design /
- Internet

- Jewelleries

- Leisure
- Lighting

- Medias
- Medical / Technology

- Office Equipments /
- Outside Decoration

- Printing

- Real Estate
- Restaurants

- Security
- Shop Systems
- Superstores

- Telecommunication &
Mobile Phones
- Transport
- Travel Agencies


Back to archives Back to news
French Version

Password Science

Try counting the passwords you are currently using. You've either got many, each for a different log in, or you've only got one which you use in all of those.

JORDAN (Star) - Try counting the passwords you are currently using. You've either got many, each for a different website log in, email log in or security check, or you've only got one which you use in all of those.

Although it seems more dangerous to have one password for everything, security specialists believe that even multiple passwords can be discovered, just as easily, due to the fact that there's got to be a relation between your different passwords.

If a trespasser knows one of your passwords, and knows something about you like your date of birth, favorite football team and so on ... then it won't be too difficult to figure out your other passwords. So, either way the secrecy of your data is in danger. At the corporate level, companies are very concerned about data security and can't allow an employee to jeopardize it by coming up with his/her own passwords. That's why all big companies have 'password guidelines' and many of them even control the selection of passwords which are strictly set by the network or IT administrator and regularly changed by that administrator, in accordance to some set scheme.

Regularly generating passwords in the corporate environment is fast-becoming a science.

Today, there are 'Design Guidelines & Criteria' for password selection based on mathematical algorithms!

The idea is to have a relation between old and new passwords, throughout the organization's computers, while making it extremely difficult for a 'trespasser' to discover any of those passwords, even with prior knowledge of an old password. It sounds complex, and it is. All you have to do is check out some of the web sites on the Internet that attempt to explain Algorithmic password design, and you'll be drowning in equations.

Obviously, password scheme designers wouldn't be going to all this trouble if there weren't a need for password systems in organizations. Most password system designers are concerned with 'predictability', which refers to how easy is it to determine one password from knowledge of another. Common passwords are 100 percent predictable, while random passwords are, by definition, 0 percent predictable. The closer to 0 percent predictability, the better. The 'pillars' of password science are strength, recoverability and manageability.

Strong passwords should be long, and use a large character set. Strong passwords should be generated in such a way that knowledge of one does not lead to knowledge of another. As for recoverability, IT support staff must be able to determine/recover the local admin password for any given machine in the enterprise. The elements of manageability are a systematic method to generate the hundreds or even thousands of unique and strong passwords, the easy application of these passwords, the safe storage of passwords and the ability to disseminate passwords efficiently.

The best test for passwords in your organization can be administered by security consultants, who will try to crack staff passwords. They could try every possible six or seven-character combination. They experiment with first and last names, sports teams, fictional characters, numbers, punctuation symbols and foreign-language terms. They reverse the spellings, string words together and do much more to test password integrity.

If you don't have a proper password system in place, they'll definitely manage to crack some or all of the staff's passwords.

All of this hard work, to create and sustain password-based security aims to overcome the naivete of users, which has been proven over the years.

Sometimes, it doesn't even require any guessing at all; some users leave passwords taped underneath their keyboards or stick them as small notes on their monitors! So all a trespasser needs to do is look around a user's desk.

In the digital world of the future, organizations cannot tolerate, or risk, such user behavior. It's not just a luxury to have a proper password system, it has become an absolute necessity.

Zeid Nasser
The Star

Some Marks
To see in Jordan
Fairs & Exhibitions
Useful Addresses
Media of 1stjordan
Impact of 1stjordan
The 'First Jordan' Card
Press Book
Exotica - Flowers - Shopping on line
Engineering Consultants Lebanon
Nsouli Jewelry Lebanon
Hotel Beirut Lebanon
Rent Villas France for Holidays, Seasonal Rentals France
Sole Agent for Philips & Whirlpool in Lebanon
Arab Printing Press Lebanon
Hotel Beirut Lebanon
Arabic Music, CD Arabia
Hotels Syria
Groupe PMR