Manualshelf

Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23
311312313314315316317318319320
nobody else knows or can guess the password, this is secure. Passwords on their own have a
number of potential weaknesses and do not provide strong authentication.
Many passwords are easily guessed. If left to choose their own passwords, around 50% of
users will choose an easily guessed password. Common passwords that fit this description
include dictionary words or the username for the account. At the expense of usability, you can
force users to include numbers or punctuation in their passwords, but this will cause some
users to have difficulty remembering their passwords. Educating users to choose better pass-
words can help, but even when educated, around 25% of users will still choose an easily
guessed password. You could enforce password policies that stop users from choosing easily
guessed combinations by checking new passwords against a dictionary, or requiring some num-
bers or punctuation symbols or a mixture of uppercase and lowercase letters. One danger is
that strict password rules will lead to passwords that many legitimate users will not be able to
remember.
Hard to remember passwords increase the likelihood that users will do something unsecure
such as write username fred password roveron a Post-it note on their monitors.
Users need to be educated not to write down their passwords or to do other silly things like
give them to people over the phone who ring up claiming to be working on the system.
Passwords can also be captured electronically. By running a program to capture keystrokes at a
terminal or using a packet sniffer to capture network traffic, crackers canand docapture
useable pairs of login names and passwords. You can limit the opportunities to capture pass-
words by encrypting network traffic.
For all their potential flaws, passwords are a simple and relatively effective way of authenticat-
ing your users. They provide a level of secrecy that might not be appropriate for national secu-
rity, but is ideal for checking on the delivery status of a customers order.
Using Authentication
Authentication mechanisms are built in to the most popular Web browsers and Web servers.
Web servers might require a username and password for people requesting files from particular
directories on the server.
When challenged for a login name and password, your browser will present a dialog box look-
ing something like the one shown in Figure 13.2.
E-commerce and Security
P
ART III
292
17 7842 CH13 3/6/01 3:36 PM Page 292