passwords. outline objective authentication how/where passwords are used why password development is...
TRANSCRIPT
![Page 1: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/1.jpg)
Passwords
![Page 2: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/2.jpg)
Outline
ObjectiveAuthenticationHow/Where Passwords are UsedWhy Password Development is ImportantGuidelines for Developing PasswordsSummaryList of References
![Page 3: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/3.jpg)
Objective
To provide familiarity with how passwords are used, the importance of good password selection and guidelines for the development of good passwords.
![Page 4: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/4.jpg)
Authentication
In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program.Authentication is performed with:
Something you have (a token, a swipe card, etc.)Something you are (biometrics)Something you know (a password)
http://en.wikipedia.org/wiki/Authentication
![Page 5: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/5.jpg)
How/Where Passwords are UsedControlling access to a resource
Automated Teller Machines (ATM)Facility AccessCell PhonesOn-line AccountsComputers Etc.
![Page 6: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/6.jpg)
Why Password Development is Important
Passwords control access to important resources.Attackers may capture a password file and have time to crack it.
Passwords stored as hash values and cracker programs can run at their leisure
Attackers may try to break into a live system.If a “time-out” policy is not implemented, they may keep trying until they succeedMany users use simple passwords or one associated with their life (profiling or social engineering)Many systems come with passwords set “out of the box”
![Page 7: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/7.jpg)
Why Password Development is Important
Attackers have access to password cracking programsPrograms use two techniques:
Brute Force – Every combination of letters/numbers/characters possibleDictionary – Words (and combinations of words) found in a specialized dictionary
Assume a password of 7 alphabet characters in length. MaxCombinations = NumberAvailableCharsPasswordLength
MaxCombinations = 267 = 8,031,810,176 (8 Billion)
A 3GHz processor, guessing 3 million passwords per second will take approximately 45 minutes to guess the password
http://en.wikipedia.org/wiki/Password_strength
![Page 8: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/8.jpg)
Guidelines for Developing Passwords
GOOD PASSWORDSAre 8 or more characters longHave a combination of upper and lowercase letters, numbers, and special charactersAre changed on a regular basis Are easy to remember and are not written downAre passphrases: Choose a line or two from a song or poem and use the first letter of each word. For example, “It is the East, and Juliet is the Sun'' becomes “IstE,@J1tS”Are not used over and over again for different programs and websites
BAD PASSWORDSContain your name, friends name, favorite pet, sports team, etc.Contain publicly accessible information about yourself, such as social security number, license numbers, phone numbers, address, birthdays, etc.Contain words found in a dictionary of any languageAre made of all numbers or all the same letterAre never changedAre written downAre shared with others
![Page 9: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/9.jpg)
Summary
We discussed what passwords are used for, the importance of good password selection and guidelines for the development of good passwords.
![Page 10: Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary](https://reader036.vdocuments.mx/reader036/viewer/2022082818/56649ebc5503460f94bc4abe/html5/thumbnails/10.jpg)
List of References
http://en.wikipedia.org/wiki/Authenticationhttp://en.wikipedia.org/wiki/Password_strengthhttp://www.modernlifeisrubbish.co.uk/article/top-10-most-common-passwordshttp://tigger.uic.edu/~mbird/password.html
CyberPatriot wants to thank and acknowledge the CyberWatch programwhich developed the original version of these slides and who has graciously allowed their use for training in this competition.