Presentation is loading. Please wait.

Presentation is loading. Please wait.

Taken from Hazim Almuhimedi presentation modified by Graciela Perera

Published byRandall Alexander Modified over 6 years ago

Similar presentations

Presentation on theme: "Taken from Hazim Almuhimedi presentation modified by Graciela Perera"— Presentation transcript:

1 Taken from Hazim Almuhimedi presentation modified by Graciela Perera
Text passwords Taken from Hazim Almuhimedi presentation modified by Graciela Perera

2 Agenda How good are the passwords people are choosing? Human issues

3 Authentication Mechanisms
Something you have cards Something you know Passwords Cheapest way. Most popular. Something you are Biometric fingerprint

4 Password is a continuous problem
Password is a series real-world problem. SANS Top Security Risks Every year, password’s problems in the list: Weak or non-existent passwords Users who don’t protect their passwords OS or applications create accounts with weak/no passwords Poor hashing algorithms. Access to hash files Source: Jeffery Eppinger, Web application Development.

5 Poor, Weak Password Poor, weak passwords have the following characteristics: The password contains less than 15 characters. The password is a word found in a dictionary (English or foreign) The password is a common usage word. Source: Password Policy. SANS 2006

6 Strong Password Strong passwords have the following characteristics:
Contain both upper and lower case characters Have digits and punctuation characters Are at least 15 alphanumeric characters long and is a passphrase. Are not a word in any language , slang , dialect , jargon. Are not based on personal information. Passwords should never be written down or stored on-line. Source: Password Policy. SANS 2006

7 Strong Password ?

8 Strong Password At least 8 characters.
Contain both upper and lower case characters. Have digits and punctuation characters

9 Password length Average: 8 characters.

10 Password length There is a 32-character password Other long passwords:
"1ancheste23nite41ancheste23nite4“ Other long passwords: "fool2thinkfool2thinkol2think“ "dokitty17darling7g7darling7"

11 Character Mix

12 Common Passwords Top 20 passwords in order. password1 abc123 myspace1
Blink182 qwerty1 fuckyou 123abc baseball1 football1 123456 soccer monkey1 liverpool1 princess1 jordan23 slipknot1 superman1 iloveyou1 monkey

13 Common Password "qwerty1" refers to
QWERTY is the most common keyboard layout on English-language computer.

14 Passwords getting better
Who said the users haven’t learned anything about security?

15 Human is often the weakest link in the security chain.
Human Issues Social Engineering. Difficulties with reliable password Entry. Difficulties with remembering the password. Human is often the weakest link in the security chain.

16 Human Issues Social Engineering.
Attacker will extract the password directly from the user. Attacks of this kind are very likely to work unless an organization has a well-thought-out policies. In his 2002 book, The Art of Deception, Mitnick states that he compromised computers solely by using passwords and codes that he gained by social engineering. Motorola case (3:09) Kevin Mitnick: It's much easier to trick someone into giving you his or her password for a system than to spend the effort to hack in. (2:00) Source: Wikipedia. Social engineering

17 Human Issues Social Engineering. How to solve this problem?
Strong and well-known policy.

18 Human Issues Difficulties with remembering the password.
The greatest source of complaints about passwords is that most people find them hard to remember. When users are expected to memorize passwords They either choose values that are easy for attackers to guess. Write them down. Or both.

19 Human Issues Conclusion:
The majority of users select phrases from music lyrics, movies, literature, or television shows. This opens the possibility that a dictionary could be built for mnemonic passwords. If a comprehensive dictionary is built, it could be extremely effective against mnemonic passwords. Mnemonic-phrase based passwords offer a user-friendly alternative for encouraging users to create good passwords.

Download ppt "Taken from Hazim Almuhimedi presentation modified by Graciela Perera"

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
©2002 TechRepublic, Inc. www.techrepublic.com. All rights reserved. Protecting Your Password Created By: Dana Norton Web Editor, IT Manager Republic.

©2002 TechRepublic, Inc. All rights reserved. Protecting Your Password Created By: Dana Norton Web Editor, IT Manager Republic.
Authentication and Constructing Strong Passwords.

Authentication and Constructing Strong Passwords.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Analysis of Passwords Renier van Heerden and Johannes Vorster CSIR, DPSS Research funded by DST, CSIR DPSS.

Analysis of Passwords Renier van Heerden and Johannes Vorster CSIR, DPSS Research funded by DST, CSIR DPSS.
95752:3-1 Access Control. 95752:3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.

95752:3-1 Access Control :3-2 Access Control Two methods of information control: –control access –control use or comprehension Access Control Methods.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
Password Management PA Turnpike Commission

Password Management PA Turnpike Commission
GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO-0901223488 Under the guidance of Mrs. Chinmayee Behera.

GRAPHICAL PASSWORD AUTHENTICATION PRESENTED BY SUDEEP KUMAR PATRA REGD NO Under the guidance of Mrs. Chinmayee Behera.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
©2002 TechRepublic, Inc. www.techrepublic.com. All rights reserved. Information Security Don’t Be the Weakest Link or “But, I use a password!!”

©2002 TechRepublic, Inc. All rights reserved. Information Security Don’t Be the Weakest Link or “But, I use a password!!”
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
Password Fundamentals. UMB-Dental School New Password Policy Passwords must be eight characters or longer. Password must contain characters from three.

Password Fundamentals. UMB-Dental School New Password Policy Passwords must be eight characters or longer. Password must contain characters from three.
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.

Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.
The memorability and security of passwords – some empirical results By: Jianxin Yan, Alan Blackwell, Ross Anderson, Alasdair Grant Presenter: Roy Ford.

The memorability and security of passwords – some empirical results By: Jianxin Yan, Alan Blackwell, Ross Anderson, Alasdair Grant Presenter: Roy Ford.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,

1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
Session 7 LBSC 690 Information Technology Security.

Session 7 LBSC 690 Information Technology Security.
Password security Dr.Patrick A.H. Bours. 2 Password: Kinds of passwords Password A string of characters: PIN-code A string.

Password security Dr.Patrick A.H. Bours. 2 Password: Kinds of passwords Password A string of characters: PIN-code A string.

Similar presentations

Ads by Google