Thursday, October 08, 2009

Passwords: Who Goes There?

I've been thinking about passwords from way, way back. We have so many passwords in our modern lives but what passwords or authenticity measures did people employ even before most of us were able to read and write?
The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword. Sentries would only allow a person or group to pass if they knew the password. -- Wikipedia
When you think of the surveillance systems we have in place, to be surprised by someone walking up to your gate is inconceivable now, but it didn't used to be. I went to a conference in France a few years back on Security and Identity where the word "firewall" was tossed around and about a great deal. The week after that conference in Paris, I went to the south of France on vacation and found myself literally walking through firewalls in what was left of fortifications from centuries ago.
The easier a password is for the owner to remember generally means it will be easy for a hacker to guess. Passwords which are difficult to remember will reduce the security of a system because (a) users might need to write down or electronically store the password, (b) users will need frequent password resets and (c) users are more likely to re-use the same password. Similarly, the more stringent requirements for password strength, e.g. "have a mix of uppercase and lowercase letters and digits" or "change it monthly", the greater the degree to which users will subvert the system.-- Wikipedia
I love reading about this stuff in spy novels or historical novels. Imagine designing a security system and secret service for a queen in say, ... 1492. What password could she remember? How would you protect her when travelling? If you were to travel across an ocean with the royal court, how the hell did you even know where you were when you got there? (They didn't.) Of course, thinking that far back gets you in the mood to imagine the opposite scenario, to boldly go put your Treky velour shirt on and watch 6 straight hours of wacky sci-fi movies chockful of "Take Me To Your Leader" stuff.

The Matrix movies played ideas out in this arena of identity and "who can you trust?" -- asking, "Do we even know who we are or in what realm we exist?" Note to self: back-burner time -- good Saturday afternoon stuff to think about, no more time this morning. Now I need to remember my passwords to check email, online banking, get back to reality and go to work, swipe my entry card and do my thing.