If we can try ten thousand passwords a second, it would take 94,667 minutes or approximately sixty six days to crack the password.\u00a0 This would make it impractical to attempt to sneak into the boss’s office and hack his computer, but if the system doesn’t have any safeguards it is within the realm of possibility, especially if the system you are attempting to connect to is on the Internet.<\/p>\n
Two months is a long time but perhaps the naughty person gets lucky or uses a more clever method for guessing the passwords this could be shorted considerably.<\/p>\n
This could be defeated by adding any one of a few different methods to defeat this.<\/p>\n
- \n
- only accept one password per second<\/li>\n
- have a second password<\/li>\n
- lock the account after a limited amount of time<\/li>\n
- temporarily suspend account after a number of incorrect attempts<\/li>\n
- increase the delay between password login with each incorrect attempt<\/li>\n<\/ul>\n
If the first choice were implemented the amount of time to go through the entire list of passwords would increase from sixty six days to 1800 years.\u00a0 Yet, it is possible that the user would pick a poor password that is easy to guess.<\/p>\n
Adding a strong second password, would help to secure the system but we cannot guarantee that the user will select a strong password.\u00a0 It is actually just as likely that the second password they select is identical to the first.<\/p>\n
A better solution is to give the user a strong second password, and to ensure that this password is changed often we should generate it ourselves.\u00a0 This both easy and possible by using a security token.<\/p>\n
![\"token\"](\"http:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2016\/01\/token-300x161.jpg\")
<\/a>A token is a small hard ware device to generate a random six digit password.\u00a0 This device is registered with the company server and the random password is only valid for two minutes.<\/p>\nThis type of security is pretty commonly used by companies to their employees to provide secure access to their networks over insecure networks such as the Internet.\u00a0 Private companies and their employees are not the only ones to use such devices.\u00a0 These devices can be used as a part of creating secure vpn connections or to provide solid proof of the identity of the user.<\/p>\n
Quite a few companies make these types of arrangements with their customers, especially where either money or identity is at stake.\u00a0 A few organizations that provide two factor authentication are as follows.<\/p>\n
Amazon<\/a>
\nPaypal<\/a>
\nFacebook<\/a>
\nDropbox<\/a>
\nTwitter<\/a><\/p>\nYet, with the magic that is the smart phone it is possible to actually replace this security device with a small application that runs on the phone.\u00a0 Thus the phone itself can be used to create the six digit security code for the two factor authentication.<\/p>\n
Generating the code using either a security token or on your phone is one method for two factor authentication but there is another slight variant.\u00a0 This second method involves also entering a six digit code but rather than generating the code, it is received via sms to the cell phone.<\/p>\n
You cannot guarantee what level of quality the security for all the systems that you connect to but if you do have a chance to increase your personal level of security you should take it.<\/p>\n
I hope to write up more information about two factor authentication in the near future.<\/p>\n","protected":false},"excerpt":{"rendered":"
A password is simply a method of verifying who you are.\u00a0 When a good password is selected it is both easy to remember but not easy to guess.\u00a0 It should contain both upper and lower case letters, numbers and if … Continue reading
![\"token\"](\"http:\/\/blog.paranoidprofessor.com\/wp-content\/uploads\/2016\/01\/token.jpg\")
<\/a>A token is a small hard ware device to generate a random six digit password.\u00a0 This device is registered with the company server and the random password is only valid for two minutes.<\/p>\n