1 / 22

Password Security

Password Security. Overview. What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices How to create a secure password. What are passwords?. Secret combination of characters that only a user should know.

chavezt
Download Presentation

Password Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Password Security

  2. Overview • What are passwords, why are they used? • Different types of attacks • Bad password practices to avoid • Good password practices • How to create a secure password

  3. What are passwords? • Secret combination of characters that only a user should know. • "Passwords are a compromise between security and convenience" • Password security used to secure information, and provide that information to authorized users easily.

  4. How are Passwords Compromised? • Brute force Attack • Dictionary Attack • Hybrid Attack • Social Engineering

  5. Brute Force Attack • Most widely used method of cracking passwords • Every combination of every character tried until password is found • Password is guaranteed to be found • The longer the password, the longer it will take to crack. • E.g password that is 2 chars long, is case sensitive,consists of letters and numbers * First char: lower case letters (26) + upper case letters (26) + numbers (10) = 62 *Second char: same as first = 62 * Total permutations 62 * 62 = 3,844

  6. Time to Crack Passwords using Brute Force

  7. Dictionary Attack • Uses a list of common values or words • "Dictionary" is uploaded to a cracking app • Words run against passwords • Intended to narrow field of possible password values • Succeed if password is single word that is easily predictable. • Easy to defeat, (adding single random char in middle)

  8. Hybrid Attack • Combines Brute force and Dictionary Attack • Checks all words in the dictionary along with it's variations. • Noticeably slower than a dictionary attack * Common: Integrates dictionary words with common mutations * Dates: Combines dictionary attack with dates in various formats * Numbers: Mixes dictionary words with various number combinations

  9. Social Engineering • Use of social skills to convince people to reveal access credentials or other valuable information • People are the easiest way to get information • Posing as someone else to gain access to a system • Stroking someones ego to get them to reveal information or passwords • Use of Authority to get information from someone

  10. Social Engineering Example http://www.youtube.com/watch?v=ZQDyCRHptbU Kevin Mitnic social engineering example

  11. What is a safe password? • Basic goal of a secure password is one that is easy for YOU to remember but hard for someone else to find out • Long complicated passwords are not always the best solution • E.g. : random password like !$fjDd&^fw43_f%@+ • Will you really be able to memorize that?

  12. Problems with Complicated Passwords If a password is too complicated and hard to remember, you are likely to: • Write it down • Need password resets • Use complicated password in many places • A password is only as secure as the weakest system you use it on.

  13. Easy to remember, easy to guess • Your Birthday • City you live in/ were born • Your boyfriend/ girlfriend • Pets names • Family members names • Any favorite thing (e.g. favorite team) • Student ID • Avoid any information, numbers, or words that anyone can associate with you

  14. Easy to remember, hard to guess • Birthday of a famous person • City your grandpa was born in • Any information that means something to you, but not anything that friends, family, would know

  15. Bad Practices • DO NOT write down your passwords • DO NOT share your password with anyone • DO NOT use any personal information • DO NOT use word or number patterns (e.g. "aaabbb", "qwerty" "123321", etc. )

  16. Good Practices • Minimum length of 8 characters • User numeric characters (0-9) • Use upper and lower case • Use special characters (e.g. ! ? & # * ) • Use passphrases

  17. Pass Phrases to Create Passwords 1. Think of a phrase or sentence that's easy for you to remember. • Example: "Making passwords is easy when you follow these 5 steps“ 2. Turn your sentence or phrase into a password. - Take the first letter of each word in your sentence to create a password   - Example: "mpiewyft5s"

  18. Pass Phrases Continued.. • 3. Make your password complex by using special characters and upper and lowercase. - For instance, substitute "i" with "!" , "e" with "3" and "s" with "$"    - "mpiewyft5s" becomes "Mp!3wYft53$" • 4. Consider testing your password with a password checker, which will rate your password on strength, complexity, length, etc.

  19. Pass Phrases Continued.. • 5. Change your passwords at least every 90 days and do not "recycle" passwords; i.e. using old passwords again, or slightly modifying your existing password.

  20. Conclusion • Be aware of different attacks, and how they are used to crack passwords • Do not fall for social engineering! • Basic goal of a secure password is one that is easy for YOU to remember but hard for someone else to find out • Use pass phrases to create secure passwords • Check the strength of your passwords • Change passwords often

  21. Questions?

More Related