1. Passwords

2. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary List of References

3. Objective To provide familiarity with how passwords are used, the importance of good password selection and guidelines for the development of good passwords.

4. Authentication In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. Authentication is performed with: Something you have (a token, a swipe card, etc.) Something you are (biometrics) Something you know (a password) http://en.wikipedia.org/wiki/Authentication

5. How/Where Passwords are Used Controlling access to a resource Automated Teller Machines (ATM) Facility Access Cell Phones On-line Accounts Computers Etc.

6. Why Password Development is Important Passwords control access to important resources. Attackers may capture a password file and have time to crack it. Passwords stored as hash values and cracker programs can run at their leisure Attackers may try to break into a live system. If a “time-out” policy is not implemented, they may keep trying until they succeed Many users use simple passwords or one associated with their life (profiling or social engineering) Many systems come with passwords set “out of the box”

7. Why Password Development is Important Attackers have access to password cracking programs Programs use two techniques: Brute Force – Every combination of letters/numbers/characters possible Dictionary – Words (and combinations of words) found in a specialized dictionary Assume a password of 7 alphabet characters in length. MaxCombinations = NumberAvailableChars PasswordLength MaxCombinations = 26 7 = 8,031,810,176 (8 Billion) A 3GHz processor, guessing 3 million passwords per second will take approximately 45 minutes to guess the password http://en.wikipedia.org/wiki/Password_strength

8. Guidelines for Developing Passwords GOOD PASSWORDS Are 8 or more characters long Have a combination of upper and lowercase letters, numbers, and special characters Are changed on a regular basis Are easy to remember and are not written down Are passphrases: Choose a line or two from a song or poem and use the first letter of each word. For example, “It is the East, and Juliet is the Sun'' becomes “IstE,@J1tS” Are not used over and over again for different programs and websites BAD PASSWORDS Contain your name, friends name, favorite pet, sports team, etc. Contain publicly accessible information about yourself, such as social security number, license numbers, phone numbers, address, birthdays, etc. Contain words found in a dictionary of any language Are made of all numbers or all the same letter Are never changed Are written down Are shared with others

9. Summary We discussed what passwords are used for, the importance of good password selection and guidelines for the development of good passwords.

10. List of References http://en.wikipedia.org/wiki/Authentication http://en.wikipedia.org/wiki/Password_strength http://www.modernlifeisrubbish.co.uk/article/top-10-most- common-passwords http://tigger.uic.edu/~mbird/password.html CyberPatriot wants to thank and acknowledge the CyberWatch program which developed the original version of these slides and who has graciously allowed their use for training in this competition.