Presentation is loading. Please wait.

Presentation is loading. Please wait.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Published bySofia McBride Modified over 10 years ago

Similar presentations

Presentation on theme: "Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work."— Presentation transcript:

1 P@$$w0rd Point3r$

2 Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work data relatively secure. Weak passwords are often worse than not having a password as it gives someone a false sense of security.

3 How long should your passwords be? The length depends on the value of the data being protected, how often the passwords must be changed, and the security of the authentication system. Passwords should be a minimum of eight to 10 characters to even begin to be considered non-trivial. A password of 15 characters or longer is considered secure for most general-purpose business applications. i.e. a pass phrase Good example: callingGodisafreecall Tip 1: Use a Pass Phrase

4 Tip 2: Disable LM Hashes Disable the storage of weak cached LM password hashes in Windows, they are simple to break Disable LM password hashes by using Group Policy, Local Security Policy or a Registry edit. In the former two, navigate to Computer –Configuration | Windows Settings | Security Settings | Local Policies | Security Options and enable Network Security: Do not store LAN Manager hash value on next password change.

5 Tip 3: True Password Complexity Complexity makes passwords harder to guess and crack. Complexity normally means inserting one or more non- alphabetic characters into the password or pass phrase – Higher complexity involves requiring one or more non-alphabetic and non-numeric symbols (e.g. !@#$%&, and so on). Password cracking tools know most people make the first letter uppercase. They know that typically numbers at the end and be either 1 of 2. The common special symbols, are substitutions @ for a, $ for s and so on. True password complexity, do something unexpected –Example: p7asswOrK is more complex than Password2

6 Tip 4: How Long? 15 Or More! Crackers say how easy it is to break dictionary-based passwords. When sent the password hashes for browngrassbrowngrass or hash-thispassword-word to crack, and they never seem to break them The secret: If you password is long enough, it doesnt need to be complex. Going 15 characters or longer defeats most common password crackers

7 Tip 5: Password Diversity Many people use the same password to protect their online gaming or other fun site information that they use at work Most people have dozens of logons across a multitude of Web sites around the Internet Often their logon name to each Web site that is their e- mail address When one password is compromised then often many others are also known Most passwords can be discovered after watching someone logon 7 times

8 Tip 6: Rooting Around On work systems: Avoid using the same passwords on different systems. To make it simpler pick a common root password and make slight changes to it on the various systems Example: email, billing and accounting systems greenemail32 greenebill21 greenaccount01

9 Tip 7: Storing Passwords-Hint Good passwords are a balance between complexity and your ability to remember Make a hint file on your cell –Example, the passwords listed in the previous tip might become gemail32, gebill21_32 and gaccount01_32 –Switch things up a bit, for instance using GEmail34 to indicate that the password includes capitalized letters and a different ending for that system (i.e. GreanEmail34). Notice Green is misspelled that is a good way to defeat dictionary attacks Never write down your password.

10 Tip 8 : Dos and Don'ts Use a pass phrase like ; callingGodis1freecall Dont use passwords with all CAPS Do not start with Capitol letters or end with a number most cracking software know to how to crack that in seconds Dont make it so hard you must right it down DO NOT write it down on a stick note and put it on the monitor in a drawer or under the keyboard Do not use family or pet names or your favorite team unless you put it in a phrase

11 Tip 9: Understand Wireless When on wireless your username is often broadcast in clear text even on a SSL site Several SSL sites also send passwords in clear text then your connection is encrypted after that but your user name and password are sent in clear text People can discover your user name and password without being on your wireless Public wireless access will often have someone running sniffing software on a regular basis

12 Tip 10: Social Engineering Never give out a password to anyone, even your IT staff. –They should have the ability to reset your passwords –Do not give out your naming scheme or the IT Staffer maybe able to guess your password for your bank account or other accounts –Use separate naming schemes for work and personal accounts Never use Personal Identifiable Information (PII) in your passwords –Birth date –SSN –Mothers maiden name Never respond to emails requesting you to verify your (PII) or requesting you to logon to website.

13 Bad Passwords These kind of passwords can be cracked in under three minutes: A name associated with you or your organization (SDA) A date associated with you or your organization(1844 or 1888) A dictionary word (unless it is a pass-phrase) Adding a number or a capital adds no more than a few minutes to the time it takes to crack short passwords

Download ppt "Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work."

Similar presentations

Cyber-Safety Instructors: Connie Hutchison & Christopher McCoy.

Cyber-Safety Instructors: Connie Hutchison & Christopher McCoy.
Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.

Fraud Protection. Agenda Start time: ____ Break time: ____ (10 minutes) End time: ____ Please set phones to silent ring and answer outside of the room.
©2002 TechRepublic, Inc. www.techrepublic.com. All rights reserved. Protecting Your Password Created By: Dana Norton Web Editor, IT Manager Republic.

©2002 TechRepublic, Inc. All rights reserved. Protecting Your Password Created By: Dana Norton Web Editor, IT Manager Republic.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Lesson 11 Using Online Banking. Key Terms Account Transfer – online transfer of money; ex. Savings to checking acct. Fraud – using trickery to convince.

Lesson 11 Using Online Banking. Key Terms Account Transfer – online transfer of money; ex. Savings to checking acct. Fraud – using trickery to convince.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Homework #4 Comments. Passwords: What are they good for? Today passwords are the #1 means of authenticating users on a day-to-day basis. –Email, Websites,

Homework #4 Comments. Passwords: What are they good for? Today passwords are the #1 means of authenticating users on a day-to-day basis. – , Websites,
Internet Safety By: Brianna Brown. Index What Is Internet Safety? Passwords Cyber Bullying Safety Tips Quiz.

Internet Safety By: Brianna Brown. Index What Is Internet Safety? Passwords Cyber Bullying Safety Tips Quiz.
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS.

Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS.
STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security.

STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).

MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.

Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.

PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

Similar presentations

Ads by Google