Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

Slides:

Advertisements

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Advertisements

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

Password Cracking Lesson 10. Why crack passwords?

Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Tom Parker Project Manager Identity Management Team IT Security Group.

Chapter 3 Passwords Principals Authenticate to systems.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

Today’s Objective: I will create a strong, private password.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

Password Management PA Turnpike Commission

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

Staying Safe Online Keep your Information Secure.

CIS 450 – Network Security Chapter 8 – Password Security.

File Protection Mechanisms  All-None Protection Lack of trustLack of trust All or nothingAll or nothing Timesharing issuesTimesharing issues ComplexityComplexity.

Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.

1 Safely Using Shared Computers Amanda Grady December 2013.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

10/8/20151 Computer Security Authentication. 10/8/20152 Entity Authentication Entity Authentication is the process of verifying a claimed identity It.

Access Control Identification and Authentication.

Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.

Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.

Brute Force Password Cracking and its Role in Penetration Testing Andrew Keener and Uche Iheadindu.

Digital Citizenship Project. Netiquette Do’s -Read before you post messages. -Try to keep your postings brief and easy to read. -Be kind when others make.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication.

Passwords Internet Safety for grades Introduction to Passwords Become part of our everyday life –Bank cards, , chat programs, online banking,

Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.

 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.

Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst

How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Lecture 7 Page 1 CS 236 Online Authentication CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.

1 Data Access Control, Password Policy and Authentication Methods for Online Bank Md. Mahbubur Rahman Alam B. Sc. (Statistics) Dhaka University M. Sc.

Passwords and Password Policies An Important Part of IT Control – by Craig Piercy.

Building Structures. Building Relationships. Passwords February 2010 Marshall Tuck.

CSCI 530 Lab Authentication. Authentication is verifying the identity of a particular person Example: Logging into a system Example: PGP – Digital Signature.

"Using An Enhanced Dictionary to Facilitate Auditing Techniques Related to Brute Force SSH and FTP Attacks" Ryan McDougall St. Cloud State University

1 Day 2 Logging in, Passwords, Man, talk, write. 2 Logging in Unix is a multi user system –Many people can be using it at the same time. –Connections.

CHAPTER 5 MANAGING USER ACCOUNTS & GROUPS. User Accounts Windows 95, 98 & Me do not need a user account like Windows XP Professional to access computer.

Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.

Internet2 Base CAMP Topics in Middleware: Authentication.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.

CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.

Safe Computing Practices. Outline Objective Safe Computing Defined Safe Computing Methods Summary List of References.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Password Theft By: Markie Jones. Road Map Do’s Do Not’s What can someone do with it? How do they get it? Who’s most at risk? When & Where are consumers.

Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.

Chapter Six: Authentication 2013 Term 2 Access Control Two parts to access control Authentication: Are you who you say you are?  Determine whether access.

Understanding Security Policies Lesson 3. Objectives.

Digital Citizenship Unit 2 Lesson 1: Strong Passwords

Technological Awareness for Teens and Young Adults.

7/10/20161 Computer Security Protection in general purpose Operating Systems.

PASSWORD SECURITY A Melbourne Athenaeum Library

Taken from Hazim Almuhimedi presentation modified by Graciela Perera

Password strength Dr. X.

Password Cracking Lesson 10.

Fun gym Cambridge Nationals R001.

Computer Security Authentication

Computer Security Protection in general purpose Operating Systems

Presentation transcript:

Passwords

Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary List of References

Objective To provide familiarity with how passwords are used, the importance of good password selection and guidelines for the development of good passwords.

Authentication In computer security, authentication is the process of attempting to verify the digital identity of the sender of a communication such as a request to log in. The sender being authenticated may be a person using a computer, a computer itself or a computer program. Authentication is performed with: Something you have (a token, a swipe card, etc.) Something you are (biometrics) Something you know (a password)

How/Where Passwords are Used Controlling access to a resource Automated Teller Machines (ATM) Facility Access Cell Phones On-line Accounts Computers Etc.

Why Password Development is Important Passwords control access to important resources. Attackers may capture a password file and have time to crack it. Passwords stored as hash values and cracker programs can run at their leisure Attackers may try to break into a live system. If a “time-out” policy is not implemented, they may keep trying until they succeed Many users use simple passwords or one associated with their life (profiling or social engineering) Many systems come with passwords set “out of the box”

Why Password Development is Important Attackers have access to password cracking programs Programs use two techniques: Brute Force – Every combination of letters/numbers/characters possible Dictionary – Words (and combinations of words) found in a specialized dictionary Assume a password of 7 alphabet characters in length. MaxCombinations = NumberAvailableChars PasswordLength MaxCombinations = 26 7 = 8,031,810,176 (8 Billion) A 3GHz processor, guessing 3 million passwords per second will take approximately 45 minutes to guess the password

Guidelines for Developing Passwords GOOD PASSWORDS Are 8 or more characters long Have a combination of upper and lowercase letters, numbers, and special characters Are changed on a regular basis Are easy to remember and are not written down Are passphrases: Choose a line or two from a song or poem and use the first letter of each word. For example, “It is the East, and Juliet is the Sun'' becomes Are not used over and over again for different programs and websites BAD PASSWORDS Contain your name, friends name, favorite pet, sports team, etc. Contain publicly accessible information about yourself, such as social security number, license numbers, phone numbers, address, birthdays, etc. Contain words found in a dictionary of any language Are made of all numbers or all the same letter Are never changed Are written down Are shared with others

Summary We discussed what passwords are used for, the importance of good password selection and guidelines for the development of good passwords.

List of References common-passwords CyberPatriot wants to thank and acknowledge the CyberWatch program which developed the original version of these slides and who has graciously allowed their use for training in this competition.