Authentication on a Client/Server Network
Authentication with logon ids and passwords is only secure if the logon ids are difficult to deduce and the passwords are secure. The company you work for establishes all logon ids as the first initial of the given name and the full surname of the employees (i.e., John Smith would have the logon id jsmith). Passwords can be as few as four letters or numbers and never have to be changed. You know from your coursework at school that these are inadequate security procedures. Research password security on the Internet and draft a memo for upper management that addresses the following:
a. Suggest a new scheme for creating logon ids that would be difficult for a hacker to ascertain.
b. What length of passwords would you recommend? What combination of letters, numbers, and other symbols should they include?
c. How often would you recommend that employees be required to change their passwords? Would employees ever be allowed to repeat previous passwords?