We might watch films everyday where people get access to buildings with retinal and palm scans but the reality is that still our major authentication method involves a PIN or password of some sort. It does seem old fashioned but the reality is that it does work to some extent despite some security drawbacks. For hard working IT support staff the resetting of the occasional password is nothing compared to a host of malfunctioning fingerprint scanners connected to everyone’s PC – believe me I’ve lived through it.
Assuming That you are definitely like me, you possess loads of IDENTIFICATION,/ password pairs on various computer systems all over the Internet. By inputting in an ID, we lay claim to an identity, and the password is actually utilized to authenticate that we are actually enabled to do so. The system employs the identity represented by the ID to associate attributes with the possessor of the ID. Strictly speaking, ID and username and password systems are really a two-factor authentication system with the ID standing for something I have and the password being a specific thing I know. The problem, needless to say, is that an ID is actually normally public and is easily copied.
Because of this, most ID and password systems are virtually as weak as a one-factor system. Password management The greatest advantage of ID and password systems is their ease-of-use and familiarity. The most significant drawback is their reliance on passwords. Theoretically, because passwords are secret (something you know). they are secure, and only the individual with the secret can disclose it to the authentication system. In practice, security passwords suffer from many serious limitations:’ People can remember only a limited number (around 8) of items with perfect precision. They usually have multiple passwords that they are trying to remember. As a result, individuals generate passwords that are short and very simple to remember. They also tend to make use of the same password for numerous credentials. ‘
Easy to recall passwords may be easily guessed by an attacker. Perhaps even pass words that have no connection to the body which holds them could be effectively guessed in the event that they are what are known as “dictionary words.” The most ideal passwords would certainly be lengthy, random strings of characters, however people can’t always remember very long, random strings.’ People (and even machines) can be deceived into exposing the secret password to an attacker. This could be done, for instance, by creating phony login screens. An additional common strategy is known as “social engineering” where the attacker contacts the person and tricks him into revealing his password by posing as an administrator or someone else the person trusts.’ People write passwords down. Passwords get stored in files on computers.
This makes them vulnerable to theft and abuse. These problems really don’t have straightforward solutions. Many IT departments institute a password aging policy that forces users to change their passwords on a periodic basis to mitigate loss or sharing. They also frequently enforce rules about password structure in an effort to make passwords less guessable. The rules may disallow dictionary words, require passwords longer than six characters, or require passwords to contain a mixture of letters, numbers, and punctuation. Often, the result of these kinds of policies is that users give up trying to remember their passwords and simply write them down and paste them to their monitors or stick them in the pencil drawer.
Source Reference: http://bbciplayerabroad.co.uk/bbc-iplayer-vpn-not-working/