|
Intelligentedu.com
Home
-> Learn
About Computers, Software Development & Information Technology
-> Table of Contents
|
| |
Introduction to Password Security
If you want to protect your data and your personal information, if you want to know who has been accessing what, be it a building or a document, you had better have password protection. More than having a password, one must have good passwords, using different passwords for various tasks, one that cannot be easily cracked by others but one that you will easily remember. Coming up with good passwords may sound like a daunting task, but there really is a method to all this alphanumeric madness, as numbers and codes are part of the way of life in this information age. A high-quality password is very important both in order to save your own documents and to protect other accounts on the computers that you log in to. In case you think that you personally do not have any files that a hacker might be interested in, once the hackers are in through your account there is a greater chance that they will find some way to access other accounts.
The numbers of factors that contribute to the difficulty of cracking a password are in plenty. First and the foremost significant factor in password security is to keep it secret. You are advised not to share your password with anyone and do not leave it lying around on sticky notes or in desk drawers where others might find it. Second important factor in password security is its length. The longer a password is, the more difficult it becomes to crack. Another important factor is the character set by which a password is being created. Finally, the period of the password is important. This is the only reason you should change your password every two months and do not allow you to reuse recent passwords.
Poor and inadequate password security is the main reason why people can gain access to your account and the system. Once your system is being accessed, an unauthorized user can do any of the following:
Can get access to or destroy your data (email, web pages, homework, vital data, etc.).
Can use your account to breach security of your system or other machines on the network.
Can commit illegal and/or embarrassing acts that you may be blamed for.
The first and most important thing is to not use the same password for multiple purposes. Don't use your computer login password for your e-mail also. If you have extra secure documents or information on your computer, you may want to consider a second password, different from the first to access those very sensitive documents on your computer. While having all these passwords sounds very confusing it is very important to the security of your computer files. Say you did have an all-purpose security code, that means if another person finds this code out, that person has access to your e-mail, your work files, your home files, personal information, financial and otherwise. It also could mean that the person has access to bank accounts and credit card accounts. On the other hand, if your information is protected by many passwords, it puts a limit on the damage that can be done if someone were to find out your password. Below is a list of rules for password construction.
Login / Password Security
One of the main computer security elements is login names and passwords. Every system uses some form of password authentication and therefore must store a representation of the password in order to check whether a logon attempt is valid. Login and password security policy require that any user accessing a workstation or server have a valid login ID and password. Windows NT, Windows 2000, Windows XP, Novell Netware, and UNIX all have specific requirements for creating and changing passwords. The system administrator can also require that passwords be changed periodically. Setting screen savers that time out and activate the workstation lock are additional measures that enhance login security. If hardware manufactures supports, one can also set a NetBios password. This password is hardware dependent, less trivial to bypass than other passwords and comes up before an interloper has access to anything.
It has been common knowledge for quite some time that login names and password authentication schemes are inherently weak. Users usually choose bad passwords (i.e., ones that can easily be guessed), write passwords down, and mail passwords to co-workers or share passwords freely by telephone. For this reason, high security environments do not rely on password authentication alone, but combine password security with smart cards or biometrical authentication systems (finger, voice or eye iris scan).
Choosing a password
Your password is one of the most important utility and is the key to your data. It is considered to be the most important tool for keeping your data secure. Choosing a high quality and secure password is important to ensure that you only access your account. In the marketplace a variety of password guessing programs exist which allows a hacker to access personal data, damage workstations, or use individual computers that may eventually compromise entire systems or networks. A quality password is more likely should be impossible for someone to guess.
Given below are some do's and don'ts which you should adhere while choosing a password.
This list sounds daunting, how on earth are you going to come up with passwords that you can remember that meets these requirements? Well, there are a couple of easy ways that you can create passwords that you can actually remember that meet these stringent requirements.
Do:
Combine lower/uppercase alphabetic characters.
Replace alphabetic characters with non-alphabetic
Have a minimum of 7 characters.
Have your password contain at least one number.
Have your password contain at least one special character (#, %, &, *, !, @, $, ^, (, ), +, =, ?, /, ", ', <, >, , |, [, ], {, }, ;, :, _, -).
Allow 3 attempts to successfully logon to your account before it will be locked out.
Have your password expire every 90 days.
Combine easy to remember items. Let's say my birthday is 05/07 and my social security number is 123-45-678 and my dog's name is Molly. I could use 123 (the first three letters of my SSN), Mo (the first two letters of my dog's name and 7/5 (my birthday without the 0's in the European tradition of writing dates) suddenly, my password, 123Mo7/5 is pretty difficult to crack, but fairly easy for me to remember.
Use acronyms. Simple enough. My dog, Molly, needs a Bath! is Md,M,naB! It is a pretty good password and also easy to remember.
Find a pattern on the keyboard. Don't use QWERTY or any such thing, but what about !QsCdE3 It looks like a tough code, but try typing it on your computer and you will see the pattern.
Use silly languages and secret codes. Remember Pig Latin, or that code you wrote in your journal in to keep your siblings from snooping? Well, it might be time to use that facility for made up language once again. Molly, in Pig Latin, is OllyMay, a very good password and easy to remember.
Don't:
Use your login user name in any form
Use your or your family members names
Use your license plate numbers, telephone numbers, office number, birthdays, etc.
Use a password of all digits, or all the same letter
Let your password be shorter than eight characters
Let your alphabetic characters be replaced with non-alphabetic characters that are look-a-likes: '0' for 'o' or '1' for 'l'
Re-use any of your last 5 passwords.
Use your User ID in your password.
Use any part of your full name in the password.
Repeat sequences of 3 characters or more (i.e. ABCABC, 123123... should not be allowed).
Repeat characters 3 times or more (i.e. AAA, 111... should not be allowed).
Use words from the dictionary that are over 4 letters (this includes words from the English, German, French, Russian, and Spanish dictionaries).
1. Passwords must be at least six (6) characters long.
2. Passwords must contain characters from at least three (3) of the following four (4) classes:
English Upper Case Letters like A, B, C, ... Z
English Lower Case Letters like a, b, c, ... z
Westernized Arabic Numerals like 0, 1, 2, ... 9
Non-alphanumeric (Special characters and punctuation symbols)
3. Passwords may not contain your user name or any part of your full name.
Other Helpful Password Utilities &
Links
Great, so now you have passwords that are both difficult to crack and easy
for you to remember. The next trick is to remember which passwords you use for
each application. For this there are password management utilities found at
these locations:
http://www.sofotex.com/download/Security/Password_Managers/
http://www.totalshareware.com/asp/list_view.asp?catid=305
http://www.freedownloadscenter.com/Utilities/Password_Management_Utilities/index4.html
These applications help you to keep track of passwords by using clues to
prompt you to remember each password, in order to keep them secure from prying
eyes in your computer.
This utility is a Windows based application, which is designed to generate passwords of any length and character content. This application is smallest, easiest and fast which can be used by network administrators, Internet service providers and for other jobs where passwords are created and administered.
It enables a user to choose random number generator. This feature is used to generate an extremely random seed value. Advanced Password Generator is designed to create alphabetic, numeric, alphanumeric or all keyboard characters password as defined by the user of any length. Password can be generated in lowercase or mixed case. This program will generate upto 2000 password list.
It is a powerful tool for unlocking lost passwords on Windows NT/2000/XP/Server. It provides an easy-to-use Wizard. You will just have to select the account whose password you wish to change from a drop-down list, then enter and confirm the new password. Whenever the system is being rebooted, the new password will take effect.
It is a very useful utility that stores all your personal information safely and securely under one area. All your personal information like PINs, passwords, credit card numbers, bank accounts, frequent flyer info, and more can be kept safely. It is considered to be the easiest way to store all your personal info in one place and bring it with you wherever you go.
This utility is generally used to recover your lost password for Microsoft Access 95/97/2000/XP database. The unregistered version of this utility shows only first three characters of the password. Besides, registered version can remove the password from the database, and change it to the one of your choice (for Access 95/97 only).
This utility is considered to be one of the best methods to create passwords. This application was also featured in Windows Magazine as Superior Shareware. It can create up to 10,000,000 passwords with as many as 60 characters each at a time. You can run as many batches as desired. Therefore, this software will never run out of passwords, it will be a useful utility for years. You are also allowed to select the password criteria using numbers, upper and lowercase letters and/or special characters. Random Password Generator Pro also features a dictionary check, which will check new randomly generated passwords against a 260,000 word English dictionary, if a match is found the password will be discarded and a new password will be created in its place.
This application Generates a single random password or a list of random passwords based on a selected set of formatting options. The list of generated passwords can be saved in a Microsoft Access-Compatible database, normal text file as a list, or in a comma separated values (CSV) file for import into spreadsheets or other applications. It features includes:
Numeric, Character, Hexadecimal, AlphaNumeric, and Windows Extended Character combinations of output; Mixed, Upper, or Lower Case output
Embed text items in passwords
Generate a single or entire list of passwords
Saving password lists as a database, text, or CSV files.
Copyright 2006 by DeepSearcher Inc. - All rights reserved