Passwords

Outline

ObjectiveAuthenticationHow/Where Passwords are UsedWhy Password Development is ImportantGuidelines for Developing PasswordsSummaryList of References

Objective

To provide familiarity with how passwords are used, the importance of good password selection and guidelines for the development of good passwords.

Authentication

In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program.Authentication is performed with:

Something you have (a token, a swipe card, etc.)Something you are (biometrics)Something you know (a password)

http://en.wikipedia.org/wiki/Authentication

How/Where Passwords are UsedControlling access to a resource

Automated Teller Machines (ATM)Facility AccessCell PhonesOn-line AccountsComputers Etc.

Why Password Development is Important

Passwords control access to important resources.Attackers may capture a password file and have time to crack it.

Passwords stored as hash values and cracker programs can run at their leisure

Attackers may try to break into a live system.If a “time-out” policy is not implemented, they may keep trying until they succeedMany users use simple passwords or one associated with their life (profiling or social engineering)Many systems come with passwords set “out of the box”

Why Password Development is Important

Attackers have access to password cracking programsPrograms use two techniques:

Brute Force – Every combination of letters/numbers/characters possibleDictionary – Words (and combinations of words) found in a specialized dictionary

Assume a password of 7 alphabet characters in length. MaxCombinations = NumberAvailableCharsPasswordLength

MaxCombinations = 267 = 8,031,810,176 (8 Billion)

A 3GHz processor, guessing 3 million passwords per second will take approximately 45 minutes to guess the password

http://en.wikipedia.org/wiki/Password_strength

Guidelines for Developing Passwords

GOOD PASSWORDSAre 8 or more characters longHave a combination of upper and lowercase letters, numbers, and special charactersAre changed on a regular basis Are easy to remember and are not written downAre passphrases: Choose a line or two from a song or poem and use the first letter of each word. For example, “It is the East, and Juliet is the Sun'' becomes “IstE,@J1tS”Are not used over and over again for different programs and websites

BAD PASSWORDSContain your name, friends name, favorite pet, sports team, etc.Contain publicly accessible information about yourself, such as social security number, license numbers, phone numbers, address, birthdays, etc.Contain words found in a dictionary of any languageAre made of all numbers or all the same letterAre never changedAre written downAre shared with others

Summary

We discussed what passwords are used for, the importance of good password selection and guidelines for the development of good passwords.

List of References

http://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Password_strengthhttp://www.modernlifeisrubbish.co.uk/article/top-10-most-common-passwordshttp://tigger.uic.edu/~mbird/password.html

CyberPatriot wants to thank and acknowledge the CyberWatch programwhich developed the original version of these slides and who has graciously allowed their use for training in this competition.