利用者:Meniv/sandbox/パスワード疲れ
ここはMenivさんの利用者サンドボックスです。編集を試したり下書きを置いておいたりするための場所であり、百科事典の記事ではありません。ただし、公開の場ですので、許諾されていない文章の転載はご遠慮ください。
登録利用者は自分用の利用者サンドボックスを作成できます(サンドボックスを作成する、解説)。 その他のサンドボックス: 共用サンドボックス | モジュールサンドボックス 記事がある程度できあがったら、編集方針を確認して、新規ページを作成しましょう。 |
この項目「利用者:Meniv/sandbox/パスワード疲れ」は途中まで翻訳されたものです。(原文:Password fatigue 13:12, 16 March 2013) 翻訳作業に協力して下さる方を求めています。ノートページや履歴、翻訳のガイドラインも参照してください。要約欄への翻訳情報の記入をお忘れなく。(2013年5月) |
Password fatigue is the feeling experienced by many people who are required to remember an excessive number of パスワードs as part of their daily routine, such as to ログイン to a computer at work, undo a 自転車の鍵 or conduct banking from an ATM. The concept is also known as password chaos or more broadly as identity chaos.[1]
The increasing prominence of 情報技術 and the インターネット in employment, finance, recreation and other aspects of people's lives, and the ensuing introduction of secure transaction technology, has led to people accumulating a proliferation of accounts and passwords. According to a 2002 survey of British online-security consultant NTA Monitor, the typical intensive computer user has 21 accounts that require a password.[2]
Aside from contributing to ストレス, password fatigue may encourage people to adopt habits that reduce the security of their protected information. For example, an account holder might use the same password for several different accounts, deliberately choose easy-to-remember passwords that are too vulnerable to パスワードクラック, or rely on written records of their passwords.
Other factors causing password fatigue are
- unexpected demands that a user create a new password
- unexpected demands that a user create a new password that uses particular pattern of letters, digits, and special characters
- demand that the user type the new password twice
- frequent and unexpected demands for the user to re-enter their password throughout the day as they surf to different parts of an intranet
- blind typing, both when responding to a password prompt and when setting a new password.
Some companies are well organized in this respect, have implemented alternative authentication methods[3] or adopted technologies so that a user's credentials are entered automatically, but others may not focus on 使いやすさ or even worsen the situation by constantly implementing new applications with their own authentication system.
Password fatigue will typically affect users, but can also affect technical departments who manage user accounts as they are constantly reinitializing passwords; this situation ends up lowering morale(やるき) in both cases. In some cases users end up typing their passwords in 平文 in テキストファイル so as to not have to remember them, or even writing them down on paper notes.
シングルサインオン ソフトウェア can help mitigate this problem by only requiring users to remember one password to an application that in turn will automatically give access to several other accounts, with or without the need for ソフトウェアエージェント software on the user's computer. A potential disadvantage is that loss of a single password will prevent access to all services using the SSO system, and moreover theft or misuse of such a password presents a criminal or attacker with many targets.
Many OS provide a mechanism to store and retrieve passwords by using the users login password to unlock an encrypted password database. Mac OS X has a Keychain feature that provides this functionality, and similar functionality is present in the GNOME and KDE open source desktops. Microsoft Windows does not have an explicit function for this[疑問点 ], favoring centralized authentication based on the proprietary Microsoft Active Directory technology.
In addition, ウェブブラウザ developers have added similar functionality to all of the major browsers, and password management software such as KeePass and Password Safe can help mitigate the problem of password fatigue by storing passwords in a database encrypted with a single password.
Additionally the majority of password protected web services provide a password recovery feature that will allow users to recover their passwords via the email address (or other information) tied to that account.
These tools pose the problem that if the user's system is corrupted, stolen or compromised, apart from problems of the data being misused, they can also lose access to sites where they rely on the password store or recovery features to remember their login data. For this reason it is often advised to keep a separate record of sites, usernames and passwords that is physically independent of the system.
Many sites in an attempt to block bad passwords also block good password practices such as MD5 and SHA1 hashes through requiring both lower and uppercase letters or by limiting password length. Some sites also block non-ASCII or non-alphanumeric characters.
関連項目
[編集]脚注
[編集]- ^ "Password chaos" at TheFreeDictionary
- ^ Hayday, Graham. Security nightmare: How do you maintain 21 different passwords?, Silicon.com, 2002-12-11
- ^ Such as digital certificates, OTP tokens, fingerprint authentication or password hints.
外部リンク
[編集]- Noguchi, Yuki. Access Denied, Washington Post, 23 September 2006.
- Catone, Josh. Bad Form: 61% Use Same Password for Everything, 17 January 2008.
- identitychaos.com, MIIS & ILM blog