Senin, 17 Desember 2012

Password Legacy.

Bruce Wayne, the millionaire rich become poor overnight and lost all his money, all this happened because fingerprinted successfully stolen and used to conduct derivatives transactions on the stock exchange Gotham. At least from the story above we can see the importance of authentication and dangerous if it falls into the wrong hands. Authentication is a way to identify a person in the absence of face-to-face and the very rapid development of the world's demand efficiency and one of the tools to achieve efficiency is the internet and technology. Where wherever you are, with the help of the internet and technology supporting you will always be connected with the services that you use the service. Such as banking services either ATM or mobile banking, telephone (VoIP), email, Facebook or other services. One of the methods most often used for authentication is a username and password, because this method is among the most inexpensive, easy and most extensive coverage and does not require a program or a special tool. Indeed, there are more sophisticated methods such as TFA (Two Factor Authentication) that uses an additional token / calculator password to increase security especially important and critical transactions. However, because of the special equipment is needed cause TFA application fee be higher than conventional passwords so far with password authentication is the most popular method used.

Brute Force and Captcha

At the beginning of the application credentials where service users only need to enter the Username and Password, this method is successfully used to identify the users of the service. But in line with the development of the internet and the high added value of a service account, there is a lot of effort to get another person's account incorrectly. One of the methods most commonly used are Brute Force. Brute Force is an attempt to guess the password of the account in a way tried out all possible passwords massive and repetitive. In theory, as well as any password you use when in Brute Force, sooner or later one day MUST be successful in getting. The key is on the complexity of the password (a combination of letters, numbers, and long kharakter password) and how the resources are used. Therefore, the service providers to rack my brain to deal with a brute force attack is because it is the absence of face-to-face, anyone who knows a legitimate credentials (username and password) will be directly received and considered the owner of the account in question. One method used is to limit the maximum number of password trial, where if there is a mistake in entering a password or PIN in a certain amount then the chance to try out would be limited. If you do not believe please enter the wrong PIN more than 3 times on your ATM card, that card will undoubtedly be on the block and not be able to trade before re-verification. To improve the protection of your account, security practitioners to rack my brain to find a method of how to distinguish between bots (automated programs password stealer) with humans. Currently, a very popular method is the Captcha. CAPTCHA actually stands for Completely Automated Public Turing test to tell Computers and Humans Apart is basically a method to identify and distinguish human to human. The most commonly used method is the display letters or numbers on the stack in such a way that it can be read by the human eye but can be hard on the read or scanned by a program / bot. And because it proved to be quite effective, Captcha is now the standard of protection either at the first open an account or service at the time of authentication. Captcha addition, some owners use the services of additional methods such as "Sign-in seal" (Yahoo) and Google began to start applying TFA Google account by verifying sending one time password via SMS to the mobile number that you specify "every time" you access Google account from a new device. Most likely the goal is to prevent illegal access to your account if the password is successfully stolen, because the accessor must not access from your device but from the device / computer different.

In addition to the threat of brute force, the owner of the account is also haunted by trojan attack which if successfully implanted on the victim's computer will be able to record keystroke. So anything that is typed by the computer which will be known by a trojan program and usually this information will be sent secretly to the trojan makers. Another method that is often used by criminals in an attempt to get credentials is using fake websites (phishing) that looks very similar to the original site, and if the victim deceived into thinking he was in the original site and enter the credentials, the credential information will fall into the hands of criminals. Seeing the possibilities above, would the author do not necessarily recommend you to fast internet access and no significant transactions over the internet. At this time it is very difficult and inefficient if not using the internet for help with daily activities. We can not get away from email, Facebook, Twitter, bank accounts, Skype, Instagram or ATM, and all this requires credentials. The most important thing is how to build and protect your credentials as well as in case the worst happens we want.

KeePass Password Safe

One of the most common problems faced by owners of credentials is the large number of different accounts he has. If every account he would have to remember different credentials, what often happens is a silly thing, like a song sung by the cemetery, but in this case it is forgotten not forgotten his verse, but forgot the password. Where the account holder is protected by himself and can not access the account because forgot the password. Moreover, a lot of advice from security analysts who advise the owner of the account change their password on a regular basis, the more confused again .... Which account password yah? Therefore, many owners choose a password shortcut by using the same password for all accounts. This could be catastrophic for the same password will be used to access all your accounts. The author never had a complaint from Facebook users whose accounts have been successful in stealing the people and to restore his account need to access your account reset code in his Yahoo account. But because he used the same password for your Yahoo mails, he did not have access to it and eventually forced to create a new Facebook account.

The virtual world has many problems, but the virtual world also provides a solution to the problem. One solution that is effective and safe way to deal with this problem is a Password Manager program. The program is pretty widely available, both commercial version and a free version. Writers on this occasion will introduce a free open source program but it is reliable and safe to manage a collection of your credentials.
KeePass Password Safe is a password management program that works to keep all your credentials securely so you do not need to remember all the passwords and only need to remember one master password. To increase security, in addition to using a master password to access your KeePass password database is also equipped with AES encryption, Rijdael and Twofish so that even if the data file passwords fall into the hands of others, it would be very difficult for the inventor to open the file. In addition to the security features of a powerful and convenience to not have to remember passwords, KeePass can also provide additional protection because you do not have to type in your Username and Password but only need to do the [Copy] and [Paste] from KeePass. KeePass program can be downloaded from and although the official version is only available for Windows users, available ports to use the same KeePass database on Iphone / Ipad, Android, Blackberry, Windows 7 and Palm.

Source :, September 3, 2012.

Tidak ada komentar:

Posting Komentar