Improving Internet Account Password Security
How to Reduce the Chances of Criminals Obtaining Passwords
Sep 5, 2009
The Daily Telegraph has reported that there is a security risk as people use same password on all websites. They say that:
- more than 1.7 million use the same password on more than one web site
- people use easy to remember passwords such as the birthday of a partner, their favorite car, their cat's name
- 46% of Britons use the same password for banking as they do for their social network
- 40% of Britons admit that at least one other person knows their password
It is, therefore, no surprise that criminals are having a field day:
- 10% of people have has their accounts accessed illegally
- 18% of those people have had goods bought in their names (at an average of $1600)
The answers are, of course, very simple:
- use a different password on each web site
- use a random set of numbers and letters for each password
However, as the Daily Telegraph article points out, most people find numerous passwords difficult to remember. And this is where the programmer can step in to say "We can help". They can help by:
- generating random passwords for each web site that a user accesses
- storing the website/password pairs
- providing a master password for the user
In that way the user can use individual passwords for each web site but only needs to remember one. And so the first part of such a project is to generate a random password.
The Makeup of a Random Password
A typical password will consist of a mixture of:
- numbers from 0 to 9
- uppercase letters
- lowercase letters
And all of this can be used by using the random number generators built into many programming languages.
Generating a Random Number
VBScript (or Visual Basic Script) is a programming language built into Microsoft Windows and is therefore useful in creating programming examples. It can also be used to generate a random number lying within a range of numbers:
It's worth noting that no number is truly random. A random number is always generated by using a set formula and always uses another number as its seed. The randomize statement sets this seed to the system timer. The function can then be used to generate a random number between 0 and 9:
And then this can be used to generate a sequence of random numbers:
It's now a simple matter of asking the user for the length of the password and providing them with a number of random sequences:
The result of running this code can be seen in figure 1 at the bottom of this article. However, that's only part of the solution. The password requires letters as well.
Generating a Random Letter
ASCII stands for American Standard Code for Information Interchange and is an internationally accepted numerical code for both printed characters (such as a,1, * and #) and non-printed characters (such as tabs and carriage returns) so that:
- ASCII 65-90 = A-Z
- ASCII 97-122 = a-z
These can be used with the random number generator to produce random letters:
Here the chr function returns a character derived from the random number. And then the final step is to amend the generate_sequence function so that it randomly produces a number, an uppercase letter or a lowercase letter:
The new results can be seen in figure 2, and these show that each time the generate_sequence is called the script returns a random string consisting of numbers and lowercase or uppercase letters. The programmer can then carry out the relatively simple task of saving these in a password protected database (for example) and then displaying then to the user as required.
The user then just has to remember the password to the database and not all of the different passwords for the web pages, safeguarding their accounts and reducing the chances of infiltration by any criminal elements.
BNC101
 |
 |
 |
