password security

PASSWORD SECURITY

Avoid common password attacks by choosing good passwords to protect data

The importance of creating a secure password is often highly disregarded. Until smart keys, retinal scans or other biometric devices go mainstream, passwords will remain the popular method. Therefore, it is imperative that computer users and organizations understand the significance of password security to protect information, data loss and ultimately maintain a good reputation.

Password Attacks

Understanding the methods used to obtain passwords; the vulnerabilities within your organization, can assist you with making the necessary changes to protect unauthorized and potentially damaging access to files and your network. The following are four methods, listed by the physical ease of obtaining passwords.

1. Social Engineering – This method uses manipulation or persuasion to convince a user to disclose a password either by telephone, email or in person. Read Kevin Mitnick’s book, The Art of Deception to further understand this method of attack.

2. Viruses/Trojan Horses – Viruses, namely Trojan Horses are superficially innocent pieces of software that can be transmitted through email or social engineering methods to name a few. These programs have many capabilities, but are commonly used to monitor and record keystrokes of the infected computer and then send them to a third-party.

3. Network Sniffing – “Packet sniffing” is the process of monitoring network traffic to view keystrokes, passwords, email messages and the like. Encryption ‘scrambles’ data - rendering it useless to sniffers. Ethereal is a common packet sniffer that works with both Unix and Windows.

4. Brute-Force – This common attack often uses programs such as l0phtcrack to run entire dictionaries at an extremely fast rate through the password encryption process to uncover common passwords. A second method is using easily available programs to decrypt locked files.

Use this random generator to help create strong passwords

Obtain free specialized dictionaries from Grady's Moby Project
Download name lists from the U.S. Census Web site


Characteristics of a Good Password

  1. At least eight characters long
  2. Contain a combination of letters (upper and lower), numbers and symbols
  3. Not contain a username or name
  4. Not be a common word
    Be changed at least 8 times per year
  5. Is not written on a sticky note on your monitor or near the computer

An easy way to create a tough password to crack is by making up a sentence that is easy to remember. For example, “The Red Wings were Stanley Cup Champions 9 times!” Then derive your password from the first letter of each word. Therefore, your password for the above sentence would be: TRWwSCC9t!

Bad Passwords

  1. Your name, last name, spouses name, nickname, children’s or pets names
  2. Any of the above backwards, repeated, or suffixed/prefixed with a letter or symbol (e.g., 1password1)
  3. A word equivalent from foreign language

Summary

Data security is important at every level within an organization. Choose good passwords and never give your password to anyone over the phone, email or fax. Change your password often and if you have difficulty remembering it, choose a keyword instead that will assist only you in remembering your password.

Printer-Friendly Version


-Recommended Link Recommended Link

-Printer Friendly Version Available Printer Friendly

© MMIV, Carolyn Cross

[Home][About the Author][Contact Information][Credits][Glossary][Connection Weblog]
[Web Design Good Practices][Technology Guides][Internet Privacy][Reading List][Site Map]