Anthony Vance

Assistant Professor—Information Systems—Brigham Young University
  • Home
  • Resume
  • Research
  • Teaching
  • Personal
  • Blog
  • Feed

Security through Simplicity, Part 2

23 May, 2009  security

I wrote here that I love security measures that are simple. That is, those measures that improve security but require no more (and perhaps even less) effort than not using them. Here are three more examples.

Passphrases

Passphrases may not be an ideal security solution, but they are more secure and easier to remember and type than typical passwords. The fact is, passwords are the most prevalent form of authentication and they are not going away soon. Passphrases, then, usefully provide a more secure, easy-to-use alternative.

A friend of mine, Dr. Mark Keith of Arizona State University, demonstrated in a scientific study that passphrases are more secure and easier to remember than typical passwords. First, he showed that because the average person’s vocabulary consists of 3,000 words (a low estimate), a five-word passphrase is stronger than an 8-letter password using alphanumeric and special characters (3000^5 > 95^8).

He also showed that passphrases, although longer than passwords, are easier to remember and easier to use than passwords. The key is writing passphrases in standard written English, or what Keith et al. call “word processing mode” (WPM). Passphrases written in this way (like the passphrase above) are not only easier to remember, but they are also significantly easier to type and result in less login mistakes.

SSH Public Key Authentication

This one is more esoteric, but for a server administrator, SSH public key authentication is the model of security through simplicity. Rather than having to remember a password to various servers, a pair of public/private key files can be used to authenticate users instantaneously. Additionally, if a SSH public key is used in place of a password, password-guessing attacks cannot be used.

Automatic Backup

Backup is not typically thought of as a security measure, but it is probably the most important means to protect data from threats, malicious or accidental. The best way to back up data is also the simplest: routinely backing up data using automatic backup software. My favorite offline backup solution is Time Machine, which seamlessly backs up everything in the background, without any user involvement. Automatic backups is probably one of the simplest measures on this list, but also likely yields the most security for data.

Leave a Comment

Name: (Required)

E-mail: (Required)

Website:

Comment:

    Available Feeds

    Entries RSS
    Comments RSS

© 2005-2010 Anthony Vance | Theme modified by Anthony Vance, based on design by Wolfgang Bartelme, ported to Wordpress by LEMONed.