Password Security
Password Complexity
Password should be at least 8 characters long, include 3 of 4 elements: one or more uppercase, one or more lowercase, one or more number, one or more special characters. should not include dictionary words, same length or contain login name, contain anything that can be easily identified with the user.
What is a password?
a secret word or string of characters that's used for authentication, prove identity or gain access to a resource.
reverse brute force attack
a type of brute force attack, uses a common password against multiple usernames
dictionary attacks
hash a copy of dictionary words & compare it with stolen password files or passwords
hacker
A person who secretly gains access to computers and files without permission.
Password Aging
Enforce password aging & prevent user from reusing password, have users change passwords every 60 to 90 days.
Password-based Passphrase
Formed using: taking first letter of each word in a sentence, taking first letter from first word & second letter from second word etc, combining words, replacing letters with special characters.
Random Password
Generated using a software, not easily remembered but are very secure, usually for one time use.
breach
a violation; a gap or break in security
single sign-on authentication
authenticate once to access multiple resources
What makes a good password?
not easily guessed or obtained using password-cracking utilities, easy-to-remember yet secure, changing passwords easily, not reusing old passwords.
social engineering attacks
phishing, shoulder surfing, dumpster diving
methods of generating a password
random password generator, passphrase, password following guidelines & policies
special characters
the non-alphanumeric symbols on a keyboard, such as $, @, and /
brute force attack
the password cracker tries every possible combination of characters using a common username
phishing attack
use deception to acquire sensitive personal information by masquerading as official-looking e-mails or instant messages.
