HTML Password Protection: Password Protecting HTML Pages
Using passwords to protect HTML pages and HTML code
What is HTML Password Protection?
Html password protection describes a method by which html may have been protected (by means of a password) from being simply read using a browser or a text based editor. There are a wide variety of ways in which html may have been protected and the commonest means is by using passwords.
The article on HTML encryption has addressed the benefits and issues that html encryption offers. This article addresses the issues of html password protection where passwords are used as the key for the encryption and decryption of html content.
As its title implies, html password protection is a method for protecting html code (or the information that the markup language is actually processing). We need to remember that in law, both the forma and format of a document are critical. And HTML is a markup language that was derived from SGML in order to describe hypertext and how it should be interpreted and displayed.
Password protection, as a technique, has enjoyed what can best be described politely as a charmed life. There are many published articles on the flaws and inadequacies of using passwords to protect any information, let alone html. At the time of writing, Google listed some 2.75 million entries for the search for the text ‘flaws password protection’ which either listed a flaw that enabled a hacker to bypass the supposed protection or listed a tool that allowed that bypass.
In fact, password protecting html turns out to be a highly flawed topic. The administration and use of really effective passwords to protect any information is so complex as to defeat even superman, never mind the normal mortal. Either the passwords are at least 25 characters long – see the normal Microsoft registration code – which is totally impossible for any human being to commit to memory or type in reliably – or they are so short as to be so trivial to a cracking engine that they are easily broken. For example, to find any 4-character password that contains only English letters and numbers (from 0 to 9) you need to try only (26 letter + 10 numbers)^(4 characters) =1679616 possible combinations. This requires only a few seconds on a Pentium III computer no special devices are required, which makes this work even faster. But to find any 6-character password you need to try (26+10)^6 = 2176782336 possible combinations or approximately 38880 seconds (10 hours and 48 seconds). To find 7-character password you need to try 78364164096 combinations or 16 days and 5 hours. To find an 8-character password you need to try 2821109907456 combinations or 583 days and 5 hours. And for 9-character passwords it’s 57,5 years! But that was for Pentium 3 computers and most people are now using Pentium 4 or greater computers with 1Gb of memory! So it is more than a tad quicker to break passwords, and if you have an engine built specifically to do it then times are reduced so much that all security bets are off for even 9 characters.
Conclusion
So html password protection is rather what you make of it. Longer and stronger or shorter and more easy to cope with? Most systems offering html password protection lag so far behind the reality of what current computers are capable of that they are laughable in the extreme and it is difficult to defend the people who are offering this kind of service.
So why has HTML Password Protection been around for so long?
The fact that html password protection is often so poor makes you wonder why it has been so widely implemented. The simple answer is that everything started with passwords, in fact a password is still the most popular and most implemented security mechanism in the world. And that is despite everyone knowing that passwords are not a very secure method. You do what you can with what is available.
Today better and stronger methods and mechanisms are available, and increasingly we are seeing these implemented by the more advanced suppliers.
Download HTML Protection software
Download HTML Protection software that does NOT use passwords for protection, protects both the underlying code and the page content that is displayed, and uses digital rights management controls (DRM) and US Government approved AES encryption to prevent unauthorized use and misuse of your HTML content.
Use Locklizard HTML Protection software to control who can view your web pages, what they can do with them (copy, print, etc.) and when they can no longer be viewed (expire). Ensure greater security than password protecting HTML pages.