Knowledge Based Authentication Security Passwords

  • Fraud Prevention, Security

I was reading a blog on Schneier on Security earlier today that was talking about knowledge based authentication in the form of security questions, and one of the comments hit the mark on the importance of using more than one password for your online accounts to increase fraud prevention security.

The quote from Paul R. Dittrich says:

Years ago, a colleague asked "Why do I need to have so many passwords?" Rather than answering directly, I pointed at his keyring and asked him "Why do you need so many different keys? Wouldn't it be easier to have just one key to open everything?"

He looked at me like I was crazy and said "Well THAT would be dumb!"

(Unfortunately, he did not recognize the analogy between his keys and his passwords.)

So this brings me to some pointers on password security:

 

  • Dont use the same password for all accounts
  • Dont use answers that would be obvious (e.g.: pets name, name of children, anniversary date, date of birth, favorite sports team, etc.)
  • Use upper case and lower case letters
  • Use numbers to replace letters
  • Change your password several times per year