Presentation is loading. Please wait.

Presentation is loading. Please wait.

Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.

Published byMitchell Harper Modified over 8 years ago

Similar presentations

Presentation on theme: "Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices."— Presentation transcript:

1 Password Security

2 Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices How to create a secure password

3 What are passwords? Secret combination of characters that only a user should know. "Passwords are a compromise between security and convenience" Password security used to secure information, and provide that information to authorized users easily.

4 How are Passwords Compromised? Brute force Attack Dictionary Attack Hybrid Attack Social Engineering

5 Brute Force Attack Most widely used method of cracking passwords Every combination of every character tried until password is found Password is guaranteed to be found The longer the password, the longer it will take to crack. E.g password that is 2 chars long, is case sensitive,consists of letters and numbers * First char: lower case letters (26) + upper case letters (26) + numbers (10) = 62 *Second char: same as first = 62 * Total permutations 62 * 62 = 3,844

6 Time to Crack Passwords using Brute Force

7 Dictionary Attack Uses a list of common values or words "Dictionary" is uploaded to a cracking app Words run against passwords Intended to narrow field of possible password values Succeed if password is single word that is easily predictable. Easy to defeat, (adding single random char in middle)

8

9 Hybrid Attack Combines Brute force and Dictionary Attack Checks all words in the dictionary along with it's variations. Noticeably slower than a dictionary attack * Common: Integrates dictionary words with common mutations * Dates: Combines dictionary attack with dates in various formats * Numbers: Mixes dictionary words with various number combinations

10 Social Engineering Use of social skills to convince people to reveal access credentials or other valuable information People are the easiest way to get information Posing as someone else to gain access to a system Stroking someones ego to get them to reveal information or passwords Use of Authority to get information from someone

11 Social Engineering Example http://www.youtube.com/watch?v=ZQDyCR HptbU Kevin Mitnic social engineering example

12 What is a safe password? Basic goal of a secure password is one that is easy for YOU to remember but hard for someone else to find out Long complicated passwords are not always the best solution E.g. : random password like !$fjDd&^fw43_f%@+ Will you really be able to memorize that?

13 Problems with Complicated Passwords If a password is too complicated and hard to remember, you are likely to: Write it down Need password resets Use complicated password in many places A password is only as secure as the weakest system you use it on.

14 Easy to remember, easy to guess Your Birthday City you live in/ were born Your boyfriend/ girlfriend Pets names Family members names Any favorite thing (e.g. favorite team) Student ID –Avoid any information, numbers, or words that anyone can associate with you

15 Easy to remember, hard to guess Birthday of a famous person City your grandpa was born in Any information that means something to you, but not anything that friends, family, would know

16 Bad Practices DO NOT write down your passwords DO NOT share your password with anyone DO NOT use any personal information DO NOT use word or number patterns (e.g. "aaabbb", "qwerty" "123321", etc. )

17 Good Practices Minimum length of 8 characters User numeric characters (0-9) Use upper and lower case Use special characters (e.g. ! ? & # * ) Use passphrases

18 Pass Phrases to Create Passwords 1. Think of a phrase or sentence that's easy for you to remember. – Example: "Making passwords is easy when you follow these 5 steps“ 2. Turn your sentence or phrase into a password. - Take the first letter of each word in your sentence to create a password - Example: "mpiewyft5s"

19 Pass Phrases Continued.. 3. Make your password complex by using special characters and upper and lowercase. - For instance, substitute "i" with "!", "e" with "3" and "s" with "$" - "mpiewyft5s" becomes "Mp!3wYft53$" 4. Consider testing your password with a password checker, which will rate your password on strength, complexity, length, etc.

20 Pass Phrases Continued.. 5. Change your passwords at least every 90 days and do not "recycle" passwords; i.e. using old passwords again, or slightly modifying your existing password.

21 Conclusion Be aware of different attacks, and how they are used to crack passwords Do not fall for social engineering! Basic goal of a secure password is one that is easy for YOU to remember but hard for someone else to find out Use pass phrases to create secure passwords Check the strength of your passwords Change passwords often

22 Questions?

Download ppt "Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
©2002 TechRepublic, Inc. www.techrepublic.com. All rights reserved. Protecting Your Password Created By: Dana Norton Web Editor, IT Manager Republic.

©2002 TechRepublic, Inc. All rights reserved. Protecting Your Password Created By: Dana Norton Web Editor, IT Manager Republic.
Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.

Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.
251959084756578934940271832400483985714 292821262040320277771378360436620207075 955562640185258807844069182906412495150 821892985591491761845028084891200728449.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Www.durham.ac.uk/cmp Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.

Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.
13: Unlucky for some? …or how to test your WLAN passwords to make sure that it’s the hacker who is “unlucky” Ian Hughes Wireless Security Consultant

13: Unlucky for some? …or how to test your WLAN passwords to make sure that it’s the hacker who is “unlucky” Ian Hughes Wireless Security Consultant
Internet Safety By: Brianna Brown. Index What Is Internet Safety? Passwords Cyber Bullying Safety Tips Quiz.

Internet Safety By: Brianna Brown. Index What Is Internet Safety? Passwords Cyber Bullying Safety Tips Quiz.
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
2014-2005. Today’s Objective: I will create a strong, private password.

Today’s Objective: I will create a strong, private password.
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.

Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.
STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security.

STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security.
Password Management PA Turnpike Commission

Password Management PA Turnpike Commission
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.

Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.

Similar presentations

Ads by Google