Monday, December 20, 2004
Now, I have seen instances when the user uses a very simplistic password. For example, people set the password as their favorite color and the hint they setup to remind them of the password is 'your favorite color'. Just think about this. If someone wants to access your account without your permission and they click on the 'forget password' link, they would be shown your hint and asked to answer the question. In the above-mentioned example the unauthorized user would just have to enter different color names - red, blue, green etc and would hit upon your password in just a few tries.
Passwords and password hints are meant to be used for authorized access. Dont ever use a password hint that consists of a finite set (Eg. favorite color or make of car). Password should be atleast 8 or more characters consisting of a combination of upper-lower alphabets and atleast 2 numbers (Eg. 4U2reZtiq). The challenge question or the password hint has to be equally cryptic. As a user you would instantly recognize it, but to some unauthorized user it would just seem meaningless.
Copyright Anand Jain 2004, 2005. All rights