1 / 19

Password Security

Password Security. How secure are your passwords ? Why do we need passwords or do we need them ? Should they be simple or complex ? When should we assign passwords ? How can we create effective passwords ? Should we use password generators ?

dixie
Download Presentation

Password Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Password Security • How secure are your passwords ? • Why do we need passwords or do we need them ? • Should they be simple or complex ? • When should we assign passwords ? • How can we create effective passwords ? • Should we use password generators ? • Do we need to change passwords, how often ?

  2. What is a weak password? A weak password: • Contains fewer than six characters • Is a word found in a dictionary (English or foreign) • Is a common usage word such as: • Passwords containing the user ID in any form • Names of family, pets, friends, or co-workers • Birthdays and personal information, such as addresses and phone numbers • Any of the above spelled backward • Any of the above preceded or followed by a digit (secret1, 1secret) or the same letter (ssecret, secrett)

  3. What is a strong password? A strong password: • Contains digits, symbols, and uppercase and lowercase characters. For example: a-z, A-Z, 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./ • Is at least eight characters long • Isn’t a word in any language, slang, or dialect • Isn’t based on personal information, names of family, etc.

  4. Examples Note: Do not use these as your password; they’re just examples! • Good one-time use password (> 16 char) • Example: e-mail a file-level protected Excel 2003 workbook • “ThisIsMy1timePasswordx2791” • A concatenated sentence plus extension • “CNET!2005Jun@hipaa#2791” • <company> [Shift]1 <date> [Shift]2 <type> [Shift]3 <extension> • Good normal use password (> 8 char) • Example: application login password • #win8hir05 • [Shift]3 <first 3 letters of your firstname> <random number> <last 3 letters of your lastname> <year> • Use a pattern that you can remember without writing it down

  5. Loss of Information The time to crack/hack passwords with respect to the password length and its complexity. The search speed supposedly equals 100,000 passwords per second (a very decent speed).

  6. Password do’s and don’ts DO: • Keep your user ID and password to yourself • Use antivirus software (both at home and at work) • Screen-lock or log off your computer desktop when you are away from the computer • Report security incidents immediately DON’T: • Reveal your password to anyone over the phone, e-mail, or IM • Share your password with your boss, family members, or a co-worker while you’re on vacation • Reveal a password on questionnaires or security forms • Use the “Remember Password" feature of applications in any public computer (conference room, airport, Internet café, etc).

  7. The password policy • Policy locationHighlights • Minimum password length is 8 characters • Complexity is strongly recommended • All user passwords (e-mail, login, etc.) must be changed at least every 90 days– no exceptions! • A password can’t be reused for at least two years • After 10 consecutive login failures, the account must be locked for a minimum of 30 minutes and the Account Administrator for the system must be notified • Support staff must be able to verify the identity of the requestor before resetting the password • Temporary passwords must be changed at the next login

  8. How Passwords Stolen Keylogger or Keystroke Logger A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer's keyboard. As a hardware device, a keylogger is a small battery-sized plug that serves as a connector between the user's keyboard and computer. information the device has gathered.

  9. How Passwords Stolen Keylogger or Keystroke Logger(cont’d) Because the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user's behavior to physically hide such a device "in plain sight." (It also helps that most workstation keyboards plug into the back of the computer.) As the user types, the device collects each keystroke and saves it as text in its own miniature hard drive. At a later point in time, the person who installed the keylogger must return and physically remove the device in order to access the information the device has gathered.

  10. How Passwords Stolen Keylogger or Keystroke Logger (cont’d) A keylogger program does not require physical access to the user's computer. It can be downloaded on purpose by someone who wants to monitor activity on a particular computer or it can be downloaded unwittingly asspywareand executed as part of a rootkitor remote administration (RAT)Trojan horse. A keylogger program typically consists of two files that get installed in the same directory: a dynamic link library (DLL) file (which does all the recording) and anexecutablefile (.EXE) that installs the DLL file and triggers it to work.

  11. How Passwords Stolen Keylogger or Keystroke Logger (cont’d) The keylogger program records each keystroke the user types and uploads the information over the Internet periodically to whoever installed the program. Although keylogger programs are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, most privacy advocates agree that the potential for abuse is so great that legislation should be enacted to clearly make the unauthorized use of keyloggers a criminal offense.

  12. How Passwords Stolen • Keylogger or Keystroke Logger (continued) • Prevention • Make sure anytime you are using a public computer make sure there are new devices between the computer and the keyboard. • There are detection programs for software keyloggers that are often installed as a part of some Malware or Rootkit. These are dangerous and the hardest to detect.

  13. How Passwords Stolen • Browser Stored Passwords • All of the Internet Browsers currently being used on most computers today have the facilities to store USER NAMES and PASSWORDS. This is one way that passwords are often stolen from Public Computers if we are careless about answering the typical question, “Do You Want to Save your password?” Make sure anytime you are using a public computer that there are known plugs or attachments between the computer and the keyboard.

  14. How Passwords Stolen • Browser Stored Passwords(con’t) • Because we frequently save them on our Home Computers this is a very easy mistake to make. If you do depending on which browser you are using they can be removed. Running your browser from a flash drive is a good idea when traveling or using a public computer. detect.

  15. Password Resources • The Internet has many resources to help create good protective passwords and tools to check your existing ones for their strength or weakness. • Microsoft On-line Safety is a very useful site with many recommendations on passwords and tools. • Symantec The Simplest Security: A Guide To Better Password Practices • TechRepublic is a good place for additional information.

  16. Password Generators • There are both programs you can install locally or on-line Internet Tools that can be used to generate or check passwords. • IObit Password Generator and Infinite Password Generator are two locally installed program that can be used to generate and maintain passwords. • Links below are two online Password Generator websites • Online Password • Aranis

More Related