Sin 11: Use of Weak Password-Based Systems

Overview of the Sin

People hate passwords, particularly if theyre asked to choose good passwords and told to use a different one for each of their myriad of e-mail, online banking, instant messaging, and corporate and database accounts. Security experts hate passwords because people will use their kids names as passwords, or else write them down and stick them under the keyboard if theyre forced to use stronger passwords.

Sure, password-based authentication is a big catch-22 in that its pretty much impossible to build such a system with no risk. However, we seem stuck with passwords, not just because users demand them, but also because other solutions alone dont tend to be enough.

In some respect, pretty much any software system using passwords is a security risk. However, software developers arent off the hook. There are lots of ways that software can introduce additional risks, and even ways in which systems can reduce existing risks.



19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net