Security Corner

Apr 20 2011   10:50PM GMT

Geek Speak: Password Stuff

Ken Harthun Ken Harthun Profile: Ken Harthun

Since I often discuss password related subjects, I thought it might be a good idea to “define my terms” for everyone. Here are ten password related definitions for your reading pleasure.

Authentication: Determining whether someone or something is who or what it is declared to be. Is that really “mom” logging into your computer or some hacker?

Strong (unguessable) Password: A password that has been deliberately composed to be difficult or impossible for a person or a program to discover. The longer, and more random, the stronger (and more unguessable) the password.

Password Cracker: A program designed to discover passwords. These programs are often used by Sys Admins to discover forgotten user passwords. The program can be designed to use brute force or dictionary discovery. While a useful admin tool, these are what hackers use to steal information.

PIN: Personal Identification Number, often used in conjunction with a password to provide an additional security factor.  They are most commonly used with ATM cards.

Single Sign-on (SSO): An authentication system that allows a single username/password combination to be used to access multiple applications. Often used in corporate environments so that a person who uses multiple applications doesn’t have to log into each one separately when switching between them.

Identity Chaos: According to this article, it is “…a situation in which users have multiple identities and passwords across a variety of networks, applications, computers and/or computing devices. To further complicate matters, each of the user’s passwords may be subject to different rules, allow access at different security levels, and expire on different dates. Such a situation can lead to security risks. Because people have to remember so many different passwords, they may choose very simple ones and change them infrequently.

Phishing: A fraud method that utilizes official-looking email purporting to be from a financial institution or government agency in an attempt to trick you into entering sensitive information at a fake website. Be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and never click on links in such messages. No legitimate organization will send you an email asking for personal information.

Social Engineering: When someone using personal contact via telephone or face-to-face runs a con game to secure personal information. The social engineer will often pose as a tech support or help desk contact for your company.

Worm: A kind of malware that is often sent in email attachments and replicates itself on the user’s system and the local network, using up system resources and bogging down the system.

Shoulder Surfing: This is someone literally looking over your shoulder to discover what you are typing into online forms, bank logins, your ATM machine, etc.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: