Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Computing Series Computer Password Safety.

Published byAdelia Daniels Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Computing Series Computer Password Safety."— Presentation transcript:

1 Secure Computing Series Computer Password Safety

2 Course Author: Lynne Presley Course Data: George Floyd, Information Technology Lynne Presley, Training & Staff Development (Other data sources cited in text) Course Issued: May 30, 2007 Course Credit: 30 minutes Oracle course code: COMPI06048 Course Information

3 After completing this course, students will: understand the function of passwords know what password-cracking software is understand the difference between weak and strong passwords know how to use a phrase to remember a password identify steps to protect passwords Course Objectives

4 Just what is a password? It's a secret authentication that controls access to a resource. Passwords are not new technology – they have been used throughout history. Introduction Hail Caesar! You may not enter the coliseum without the correct password...

5 Historical Password Use Did you know that the U.S. Marine Corps used a special code for some passwords in WWII? They recruited native Navajo speakers, who enlisted and were trained to use unrelated and truncated Navajo verbs and nouns to communicate and authenticate information among Marine units. The coded messages and passwords baffled the enemy and helped to win the war. These courageous and patriotic Marines were called "Code Talkers." PFC Carl Gorman, Navajo Code Talker from Arizona, in action on Saipan during WWII.

6 Why does our agency care about passwords? It's simple – they protect the integrity of our computers and network. Any network is only as strong as the weakest link – and passwords are our agency's first defense against unauthorized access. Network Protection

7 The integrity of our network depends on strong passwords. If someone gains unauthorized access, we risk losing our entire network to contamination of data, vandalism, theft, and other negative acts. Intrusion can also affect users on a personal level - see the chart on the next slide for examples of what can happen to you if your password is stolen. Dangers of Intrusion

8 Intruder tries to log onto computer No password set Guesses password Uses password cracking software Finds written password Tricks user into divulging password Password discovered SnoopsBlackmailsSteals data, identity, and ideasVandalizes & destroys Anatomy of an Intrusion

9 Our agency is working to strengthen passwords throughout the network. Users are expected to create strong, secure passwords. As network systems and servers are upgraded, strong password creation will be enforced and access to the network may be denied if a password is weak. However, if you'll follow the suggestions in this course, you'll be ready to create strong passwords. Access to Network

10 It helps to "think like a thief" to foil intrusion attempts. Thieves use software programs that attempt to "crack" passwords. These programs usually include multi-language alphabets and dictionaries. Step I: Create a Strong Password The programs methodically try all words in the dictionaries and combinations of words, as well as commonly-used abbreviations and acronyms. The programs also will check dates (days, years, and months). You'll have to take precautions to make your password strong enough to withstand "cracking."

11 Additionally, thieves may try to use personal knowledge of you to guess your password. Do not choose easy and obvious passwords, such as your name, address, nickname, car model, license plate number, the name of your pet, or any other words, numbers or dates easily identifiable with you. Step I: Create a Strong Password TIP: Reversing common words in a password will not make the password stronger. The password "mary" is weak and easily guessed. Reversing the password to "yram" (mary spelled backwards) does not make the password stronger – cracking software will try reversed spelling of all common words.

12 Use a minimum of 8 random characters Step I: Create a Strong Password Keeping all this in mind, when it's time to create a password, remember to include the following: Example J'OIz#1@cor These characters are random, and can not be looked up in any dictionary.

13 Step I: Create a Strong Password Why is it preferable to create passwords with at least 8 random characters? The more characters there are = the longer it takes to crack Examine the chart on the next slide to see how fast an average personal computer can crack passwords that are created using mixed upper and lower case letters, numbers and symbols. (Chart data provided by lockdown.com.uk). As you can see, if your password contains at least 8 characters including letters, numbers, mixed cases, and symbols, the average thief will most likely go away and try to steal another, weaker password!

14 Length of password Possible combinations Time to crack 29,216Instant 3884,73688 ½ seconds 485 million2 ¼ hours 58 billion9 ½ days 6782 billion2 ½ years 775 trillion238 years 87.2 quadrillion22,875 years The chart below assumes that the password was created using mixed upper and lower case alphabet, numbers and symbols.

15 Use at least one case change Step I: Create a Strong Password Example The letters J, O and I are in uppercase, as opposed to the other lowercase letters. J'OIz#1@cor

16 Include at least one number Step I: Create a Strong Password Example The number 1 is used, in combination with the other letters, punctuation and symbols. J'OIz#1@cor

17 Include punctuation and special characters Step I: Create a Strong Password Example The apostrophe punctuation mark is used, as well as two different characters (# and @). J'OIz#1@cor

18 Do not choose a password that's the same or similar to your user name Step I: Create a Strong Password Example Password: User Name: fred.brown If the thief does not know your user name, certain systems require that the user name be cracked, too. Making sure your password is different from your user name makes the theft more difficult. The example shown above meets this criteria, since it does not contain the user's name. J'OIz#1@cor

19 Step I: Create a Strong Password Example TIP: You can create a strong password that's easy to remember but hard to crack by using the first letters of words in a phrase, song, or book that's familiar to you, mixed with symbols. For instance, "J'me Overstreet is number one at corrections" produced the password we've been using as an example below. (There is a detailed breakdown of how the password was produced on the next slide.) J'OIz#1@cor

20 Step I: Create a Strong Password J'O (stands for J'me Overstreet) Iz (capital I and Z stands for is) #1 (stands for number one) @cor (stands for at corrections) Phrase: "J'me Overstreet is number one at corrections" Password breakdown: J'OIz#1@cor

21 Step I: Test Your Knowledge Is this password strong or weak? aaaBBB111!!! Example The password is weak. It contains only two letters in alphabetical sequence, and only one (repeated) number and punctuation mark. It wouldn't take long to crack this password, because it's not random. A truly random password means each letter, number, and symbol has an equal probability of appearing. Creating truly random sequences is difficult, but is something we should strive for. Think of it as exercise for your brain!

22 Step I: Test Your Knowledge Can you guess the number one mistake many people make when creating a password? Answer: They choose the word "password" for a password. This mistake is so prevalent that it's the first word thieves will try when trying to crack a password. Other commonly used and cracked passwords are "admin", "123", "temp", and "letmein".

23 Step I: Practice Creating Passwords The PC Tools Password Generator allows you to create random passwords that are strong and difficult to crack. If your computer has Internet access, click on the link below to try this free tool. (If you receive a pop-up "Security Alert" window, click "OK" to continue.) https://www.pctools.com/guides/password/

24 Step II: Protect Your Password Creating a strong password is only the first step. Now you must protect it. Don't put it on a yellow sticky note on your monitor or anywhere around your computer, keyboard or desk. Don't write it on your desk blotter or calendar, either. Memorize it!

25 Step II: Protect Your Password Don't tell anyone else your password. When you do this, you are giving your identity and network authorization away. From the "Believe it or Not" department: During a poll at Waterloo Station in London conducted during the Info Security 2003 Europe conference, 90% of polled office workers divulged their passwords to the poll-taker in exchange for a cheap pen.

26 Step II: Protect Your Password Be wary of people standing around your computer. Do not allow them to shoulder surf (to look over your shoulder and watch while you type in your password).

27 Step II: Protect Your Password Change your password every 90 days. Without fail. Do it!

28 Step II: Protect Your Password Never e-mail your password to anyone, and never store your password or list of passwords in a file on your computer. To do so increases the risk of having them intercepted and stolen.

29 Conclusion Remember that cyber thieves don't follow the rules. They will go to great lengths to break into our computers, because they only have to find one opening to exploit our entire network. Therefore, everyone in our agency who uses a computer has an obligation to create strong, secure passwords.

Download ppt "Secure Computing Series Computer Password Safety."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Web Shift Booking System

Web Shift Booking System
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Tom Parker Project Manager Identity Management Team IT Security Group.

Tom Parker Project Manager Identity Management Team IT Security Group.
How To Protect Your Privacy and Avoid Identity Theft Online.

How To Protect Your Privacy and Avoid Identity Theft Online.
How to Create (and use) Strong & Unique Passwords Larry Magid Co-director ConnectSafely.org.

How to Create (and use) Strong & Unique Passwords Larry Magid Co-director ConnectSafely.org.
Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.

Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).

MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).
Password Management PA Turnpike Commission

Password Management PA Turnpike Commission
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
©2002 TechRepublic, Inc. www.techrepublic.com. All rights reserved. Information Security Don’t Be the Weakest Link or “But, I use a password!!”

©2002 TechRepublic, Inc. All rights reserved. Information Security Don’t Be the Weakest Link or “But, I use a password!!”
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.
Computer Security Preventing and Detecting Unauthorized Use of Your Computer.

Computer Security Preventing and Detecting Unauthorized Use of Your Computer.
Online Security By:. The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access.

Online Security By:. The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access.
Adrian Ellison Assistant Director, IT Services Wednesday 23 November 2011.

Adrian Ellison Assistant Director, IT Services Wednesday 23 November 2011.
Password Fundamentals. UMB-Dental School New Password Policy Passwords must be eight characters or longer. Password must contain characters from three.

Password Fundamentals. UMB-Dental School New Password Policy Passwords must be eight characters or longer. Password must contain characters from three.
Protecting Your Personal Information November 15, 2013.

Protecting Your Personal Information November 15, 2013.
INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,

INFORMATION SECURITY WHAT IS IT? Information Security The protection of Information Systems against unauthorized access to or modification of information,

Similar presentations

Ads by Google