Monday, February 21, 2011

Password Security

Password security is one of the headache for all the organizations. Now each organization are using IT services, so top level management have sleepless nights when they start thinking over security and firewall settings for their office.


However when thinking of  password security unknowingly they indulge in such practices that in fact makes their data more prone to attacks from the potential risks and hack.

In fact small ?/ unique passowrds pay more to the risks encapsulation and security than the lots of bad practices used / prevalent in lots of the companies. In making the system more robust, people with incomplete technical know-about are most likely to add to the potential risks. The best option is to have the username and password to be unique and the most you can do.... one can follow these steps to make your system more robust:

  • Create unique Username/Passowrd.
  • Take everything into the session.
  • Keep a note of the username which has been accessed more number times with wrong passowrd and use a third option as a field of input, if user enters incorrect passowrd authentication consecutively for three times.
  • Here using smart scripts using Cookie... one can use AI to find the fault skewness for each userID and place with the userID so that it can be regularly updated keeping it average for the user response to the login for his/her ID. This scripts can know whether to block the login to the user or not and next time when he logs in you can tell the user itself that your login authentication was challenged. So that they can change the passowrd in that case.
Security has a lots more than only login. Changing the Password or recovery email ID is much more cumbersome than the hacking of user details. The smart scripts using AI can be better programmed to find if the user trying to change his her recovery emailID must be allowed or not. These fields can be decided on a lots of factors:
  • Scripts must save the user's preferences his nature of moves when logs
  • Even if user changes the recovery password, his old email ID must be attached there only for atleast some time until the actual user re-enters the ID.
  • How long a user takes to reach his account can be better calculated with the smart scripts and data trends for the individual IDs.
Posted by Ravi Saxena at 10:12:00 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)