Page 197 - DCAP403_Operating System
P. 197
Operating System
Notes time and effort. If passwords are used, it is recommended that mixed-case passwords with both
numeric and alphabet characters are used, since these types of passwords are more diffi cult for
password cracking tools to crack. Passwords with names and real words in them are easiest to
crack. Good password choices look like this:
1bHkL0m8
a9T4j7uU
7VbbsT10
gL4lJT3m
koO521qW
Poor password choices look like this:
Billsmith
Troutfi shing
Jessica
NewYorkOffi ce
Surfdude
While stronger access control systems are clearly available, password models are not going to go
away anytime soon. Some organizations routinely run password crackers on end-user accounts
to check if end-users are using easy to guess passwords, or more secure password choices. As
long as passwords are being used, they should be managed through routine audits, and expired
according to a pre-determined schedule.
10.5.2 Memory Card
There is a very wide variety of memory card systems with applications for user identifi cation and
authentication. Such systems authenticate a user’s identity based on a unique card, i.e., something
the user possesses, sometimes in conjunction with a PIN (Personal Identifi cation Number), i.e.,
something a user knows.
The use of a physical object or token, in this case a card, has prompted memory card systems to
be referred to as token systems. Other examples of token systems are optical storage cards and
Integrated Circuit (IC) keys.
Memory cards store, but do not process, information. Special reader/writer devices control the
writing and reading of data to and from the cards. The most common type of memory card is a
magnetic stripe card.
These cards use a film of magnetic material, similar or identical to audio and computer magnetic
tape and disk equipment, in which a thin strip, or stripe, of magnetic material affixed to the
surface of a card. A magnetic stripe card is inexpensive, easy to produce and has a high storage
capacity.
The most common forms of a memory card are the telephone calling card, credit card, and ATM
card. The number on a telephone calling card serves as both identification and authentication for
the user of a long distance carrier and so must remain secret.
The card can be used directly in phones that read cards or the number may be entered manually
in a touch tone phone or verbally to an operator. Possession of the card or knowledge of the
number is sufficient to authenticate the user.
Possession of a credit card, specifically the card holder’s name, card number and expiration date,
is sufficient for both identification and authentication for purchases made over the telephone.
190 LOVELY PROFESSIONAL UNIVERSITY
