Upload
rodney-garrett
View
213
Download
0
Embed Size (px)
Citation preview
Passwords
Outline
ObjectiveAuthenticationHow/Where Passwords are UsedWhy Password Development is ImportantGuidelines for Developing PasswordsSummaryList of References
Objective
To provide familiarity with how passwords are used, the importance of good password selection and guidelines for the development of good passwords.
Authentication
In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program.Authentication is performed with:
Something you have (a token, a swipe card, etc.)Something you are (biometrics)Something you know (a password)
http://en.wikipedia.org/wiki/Authentication
How/Where Passwords are UsedControlling access to a resource
Automated Teller Machines (ATM)Facility AccessCell PhonesOn-line AccountsComputers Etc.
Why Password Development is Important
Passwords control access to important resources.Attackers may capture a password file and have time to crack it.
Passwords stored as hash values and cracker programs can run at their leisure
Attackers may try to break into a live system.If a “time-out” policy is not implemented, they may keep trying until they succeedMany users use simple passwords or one associated with their life (profiling or social engineering)Many systems come with passwords set “out of the box”
Why Password Development is Important
Attackers have access to password cracking programsPrograms use two techniques:
Brute Force – Every combination of letters/numbers/characters possibleDictionary – Words (and combinations of words) found in a specialized dictionary
Assume a password of 7 alphabet characters in length. MaxCombinations = NumberAvailableCharsPasswordLength
MaxCombinations = 267 = 8,031,810,176 (8 Billion)
A 3GHz processor, guessing 3 million passwords per second will take approximately 45 minutes to guess the password
http://en.wikipedia.org/wiki/Password_strength
Guidelines for Developing Passwords
GOOD PASSWORDSAre 8 or more characters longHave a combination of upper and lowercase letters, numbers, and special charactersAre changed on a regular basis Are easy to remember and are not written downAre passphrases: Choose a line or two from a song or poem and use the first letter of each word. For example, “It is the East, and Juliet is the Sun'' becomes “IstE,@J1tS”Are not used over and over again for different programs and websites
BAD PASSWORDSContain your name, friends name, favorite pet, sports team, etc.Contain publicly accessible information about yourself, such as social security number, license numbers, phone numbers, address, birthdays, etc.Contain words found in a dictionary of any languageAre made of all numbers or all the same letterAre never changedAre written downAre shared with others
Summary
We discussed what passwords are used for, the importance of good password selection and guidelines for the development of good passwords.
List of References
http://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Password_strengthhttp://www.modernlifeisrubbish.co.uk/article/top-10-most-common-passwordshttp://tigger.uic.edu/~mbird/password.html
CyberPatriot wants to thank and acknowledge the CyberWatch programwhich developed the original version of these slides and who has graciously allowed their use for training in this competition.