One of the technologies which promises to change the landscape with respect to passwords is called single sign-on (SSO). SSO systems allow a user to log in once. Subsequent to this initial login, all additional connections are carried out through the client software. The software negotiates connections to other systems on the user's behalf. In other words, the passwords to other systems are managed by the software, not the user. The user can, therefore, access many systems and services without having to remember multiple passwords or set all passwords the same. On the other hand, a compromise of an SSO system in which an unauthorized person learns the single password that the user needs for initial login leaves all of the systems vulnerable, just as if the same passwords had been used for all of the systems. SSO systems that add some other credential to the login process (e.g., a SecurID or a smart card that the user must have on his or her person when logging in) go a long way toward avoiding this vulnerability. One such SSO system is Tivoli's Global Sign-On (see Resources for a link.). Passwords for other systems are stored in a local database in encrypted form, which is what is passed over the network.
Another good strategy, readily available and inexpensive, is to use ssh. (See Resources for an article link.)rlogin,
rsh) used by some Unix users for many years. Free client software is available from a number of sources -- PuTTY and the TeraTerm Pro SSH module are free clients available for Windows users. (See Resources for links.)
Unix systems can be managed in such a way as to reduce the risk that bad or otherwise vulnerable passwords introduce. If your password software can be configured to enforce restrictions on passwords (e.g., disallowing permutations on the username, requiring a certain number of characters, or requiring some nonalphabetic character), make sure that these restrictions are enforced. These restrictions go a long way toward forcing users to select passwords which are considerably better than average.