ICT 0417 – Safety and Security: User ID and Password
Safety and Security – User ID and Password
What is a User ID?
A user ID (also called a username or login name) is a unique identifier that distinguishes one user from another on a computer system, network or online service.
It is usually chosen by the user or assigned by an administrator.
It is visible to the system and may be displayed on the login screen.
It does not need to be secret, but it should not reveal personal details that could be exploited.
What is a Password?
A password is a secret string of characters known only to the user, used to verify that the person attempting to log in is the legitimate account holder.
It is combined with the user ID to form a pair of credentials.
It should be kept confidential and never shared.
It is stored by the system in an encrypted or hashed form.
How User ID and Password Increase Data Security
Authentication: The system checks that the entered user ID and password match the stored credentials, confirming the user’s identity.
Access Control: Once authenticated, the system grants the user only the permissions associated with that account, protecting other users’ data.
Audit Trail: Actions performed are logged under the user ID, enabling tracking of who did what, which helps detect misuse.
Protection Against Unauthorized Access: Without the correct password, an intruder cannot gain entry even if they know a valid user ID.
Characteristics of a Strong Password
A strong password is difficult for others to guess or crack. It should meet the following criteria:
Minimum length of 8–12 characters (longer is better).
Combination of uppercase letters, lowercase letters, numbers, and symbols.
No dictionary words, personal names, birth dates, or common patterns (e.g., “123456”).
Unique for each account – avoid reusing passwords across different services.
Best Practices for Managing User IDs and Passwords
Use a password manager to store complex passwords securely.
Change passwords regularly, especially after a suspected breach.
Do not write passwords down or store them in plain text files.
Educate users about phishing attacks that attempt to steal login credentials.
Common Threats to Password Security
Phishing: Deceptive emails or websites that trick users into entering their credentials.
Brute‑force attacks: Automated programs that try many password combinations.
Keyloggers: Malware that records keystrokes to capture passwords.
Social engineering: Manipulating people to reveal passwords or security questions.
Password Policy Checklist (Table)
Requirement
Details
Minimum Length
At least 12 characters
Character Types
Uppercase, lowercase, numbers, symbols
Prohibited Content
No personal info, common words, or sequential patterns
Expiration
Change every 90 days or after a security incident
Reuse
Do not reuse previous 5 passwords
Lockout Policy
Account locked after 5 failed attempts for 15 minutes
Example of a Strong Password
\$\text{Example: } \text{V3r!\$t1c@l#2024}\$\$
This password is 16 characters long, mixes all required character types, and does not contain recognizable words.
Suggested diagram: Flowchart showing the login process – user enters user ID and password → system verifies credentials → access granted or denied.
Summary
Understanding the role of user IDs and passwords is fundamental to protecting data. By using unique user IDs, strong passwords, and following best practice policies, users and organisations can significantly reduce the risk of unauthorised access and maintain the integrity and confidentiality of information.