Passwords and Password Policies An Important Part of IT Control – by Craig Piercy.

Slides:



Advertisements
Similar presentations
Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Advertisements

Book Title By Author.
Password Cracking Lesson 10. Why crack passwords?
Probability II (2 nd Lesson) By Samuel Chukwuemeka (Samdom For Peace)
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
Cryptography and Network Security Chapter 20 Intruders
13: Unlucky for some? …or how to test your WLAN passwords to make sure that it’s the hacker who is “unlucky” Ian Hughes Wireless Security Consultant
Homework #4 Comments. Passwords: What are they good for? Today passwords are the #1 means of authenticating users on a day-to-day basis. – , Websites,
Click here for getting your Student User Id & password.
August 15 click! 1 Basics Kitsap Regional Library.
How to Login into SSA ?. Home Page Click on My Profile.
user guide Having a strong password allows other users to struggle to guess. To make a strong password you should use up to 12 letters and 1 or 2.
Strong Passwords How to make your passwords work for you…. Linda A. LeBlanc IT Security Support IS&T.
Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.
. Open a Click on your inbox and click on a you want to open then it will open.
Cryptography Programming Lab
Information guide.
Federal Student Aid Identification username and password – this is how students and parents will sign the FAFSA application. The FSA ID process replaced.
Password Management PA Turnpike Commission
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
CIS 450 – Network Security Chapter 8 – Password Security.
Chapter X When can I consider my personal data secure?
Security Planning and Administrative Delegation Lesson 6.
Password Fundamentals. UMB-Dental School New Password Policy Passwords must be eight characters or longer. Password must contain characters from three.
Password Security Everything (well… a lot, anyway) you didn’t know, or want to, but really actually need to.
Identification and Authentication University of Sunderland COM380 Harry R. Erwin, PhD.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
Password security Dr.Patrick A.H. Bours. 2 Password: Kinds of passwords Password A string of characters: PIN-code A string.
How to use ? By Martyna Haliniak. How to log on? In order to log on, you have to type in your username & password in the text boxes, and then click.
Information Systems Security
By Sasha Radjuk. - Etiquette and User Guide Give some basic notes on how to log in. To login go on Google and type in outlook web app and the type.
Pinterest Project The Fault in Our Stars Project.
1 Choosing the Right Wand (or for those who like boring titles – Managing Account Passwords: Policies and Best Practices) Harvard Townsend IT Security.
Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst
STAYING SAFE: Here are some safety tips when using Change your password regularly and keep it in a safe place. Don’t share your password with anyone.
Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.
2 nd Grade.  ______ make passwords eight or more characters long.
Representing Characters in a computer Pressing a key on the computer a code is generated that the computer can convert into a symbol for displaying or.
Instructions for Claiming Student Accounts and Using OneDrive Eric Angat Teacher Thanks to Ms. Johnson for providing the steps.
CRYPTOGRAPHY. WHAT IS PUBLIC-KEY ENCRYPTION? Encryption is the key to information security The main idea- by using only public information, a sender can.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
November 19, 2008 CSC 682 Do Strong Web Passwords Accomplish Anything? Florencio, Herley and Coskun Presented by: Ryan Lehan.
Permutations Assignment One area where permutations are important is in password protection for computers. You may have heard network administrators encourage.
Building Structures. Building Relationships. Passwords February 2010 Marshall Tuck.
Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.
Page 1 of 42 To the ETS – Create Client Account & Maintenance Online Training Course Individual accounts (called a Client Account) are subsets of the Site.
Prepare to set up you new Gmail Account. What are you using? Software Program Name Owned bySoftware Location Outlook ExpressMicrosoftOn Your Computer.
Passwords Keep Your Information Secure. Online Lives need Good Locks “A password is like a toothbrush: Choose a good one and don’t share it.”
How to set up an account- Non-Technical Aimee Lilley.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Digital Citizenship Unit 2 Lesson 1: Strong Passwords
Welcome! To the ETS – Create Client Account & Maintenance
Taken from Hazim Almuhimedi presentation modified by Graciela Perera
Password Cracking Lesson 10.
How to Register with ERS and E2
New User Guide Learning how to use your NxPay Account
Setting up an online account
Protecting Your Password
Setting up Google Account
Keeping Our Data Secure
Presentation transcript:

Passwords and Password Policies An Important Part of IT Control – by Craig Piercy

Why Passwords? Primary means for many systems for implementing authentication and authorization. Authentication – verifying that you are who you say you are. Authorization – allowing access to the parts of the system that you need and only those parts.

Could this be you?

Or This?

How well do you follow good Password procedures? Do you use a name for your password? Do you use a real, “dictionary” word? Do you use the same password for all or most of your accounts? Is you password short (< 6 digits)? Do you still use the default or provided password? Do you keep your password forever? Is you password “password,” “default”, “123”? If you answered “yes” to any of the above, then you are failing an important part of good use of passwords.

Why do you do these things? “weak” password – a password that is fairly easy to guess or “crack.” “strong” password – a password that is difficult to guess or “crack.” For most, there is a trade-off between having “strong” passwords and being able to remember them.

Passwords as Business Control “Just saw that UGA has now implemented strong password requirement controls. The password policy found on MyID.uga.edu is a good example of a policy which contains controls that have been implemented and are required to be followed. The verbiage and layout are similar to what I have seen at the clients I audit” – Jason Lannen, KPMG UGA’s Password Policy Why do you think it is important that organizations require their associates to follow good password policies?

Characteristics of “strong” passwords DO NOT use a real word or name Long rather than short --- >=8 characters Use a mix of characters – text characters – upper and lower case, numeric digits, punctuation Use different passwords on different accounts Change your password regularly. DO NOT write your passwords down. (see TIES box on page 209 – Chapter 7)

A two step Method for Making Strong Passwords that you can remember. 1. Come up with a “key” that you can remember easily. 2. Come up with as set of simple rules for converting your key into a password

Example - Key 1. Choose a key – my preference is a line of text – favorite song titles are good, could be a proverb, famous quotation, line from a poem, etc. Example – “The leaves have fallen all around…”

Key – Rule 1 2. Make up some rules Take initials of key phrase. The leaves have fallen all around tlhfaa

Key – Rule 2 2. Make up some rules 2.2 – Starting with second character every other one upper case. tlhfaa tLhFaA

Key – Rule 3 2. Make up some rules 2.3 – Add one or more special characters in- between the letters. tLhFaA t$L$h$F$a$A

Notes: These are my rules. Make up your own! Make as many rules in your algorithm that you can remember – rule of thumb 3 to 5 is probably good enough. Make sure that your key is long enough to generate a long enough password. Even though you have a stronger password, you still need to be aware of how you use it and when it might be compromised. What should you do if you think that your password has been compromised?

What about multiple accounts? Some come up with a code for each account and then concatenate onto their password. Example: AccountAccount Code Password My laptopplapt$L$h$F$a$A_plap UGA accountUgat$L$h$F$a$A_uga Gmail accountGmt$L$h$F$a$A_gm

What about changing regularly? Change the key and apply the rules. Example: New key: “… Time I was on my way.” Apply rules: 1. Take initials of key phrase. 2. Starting with second character every other one upper case. 3. Add one or more special characters in-between the letters. What’s the new password for the uga account? t$I$w$O$m$W_uga

Discussion Are there any problems in my algorithm? How could I improve it? Incidentally, I did a slightly dangerous thing in choosing the second key: 1 st key – 1 st line of Ramble On by Led Zeppelin 2 nd key – 2nd line of Ramble On by Led Zeppelin What would be a safer way of choosing second key?

How about PIN numbers? Can’t make them as strong. Why? Should we try to keep our PIN numbers strong? What characteristics should a strong PIN number have?

A PIN number example: 1. Pick a key: 1492 (Columbus sailed the ocean blue) 2. Rules: 1. Choose last for digits of credit card 2. For cards: Add key to last for digits of card for PIN. For other accounts find a “look-up-able” related number and add to key. AccountLast 4 or relatedPIN MasterCard AMEX OASIS3452 (last four of student ID) 4944

Discussion What’s good about the example PIN number algorithm? What’s bad about it? How would you improve it?

Call to Action 1. Come up with your key and password algorithm. 2. Use it to come up with your new UGA MyID. 3. Use it to adjust your other passwords. 4. Start changing your password frequently. About once every 3 months (policies may vary)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.