Presentation is loading. Please wait.

Presentation is loading. Please wait.

Passwords and Password Policies An Important Part of IT Control – by Craig Piercy.

Published byLaureen Gwenda Foster Modified over 9 years ago

Similar presentations

Presentation on theme: "Passwords and Password Policies An Important Part of IT Control – by Craig Piercy."— Presentation transcript:

1 Passwords and Password Policies An Important Part of IT Control – by Craig Piercy

2 Why Passwords? Primary means for many systems for implementing authentication and authorization. Authentication – verifying that you are who you say you are. Authorization – allowing access to the parts of the system that you need and only those parts.

3 Could this be you?

4 Or This?

5 How well do you follow good Password procedures? Do you use a name for your password? Do you use a real, “dictionary” word? Do you use the same password for all or most of your accounts? Is you password short (< 6 digits)? Do you still use the default or provided password? Do you keep your password forever? Is you password “password,” “default”, “123”? If you answered “yes” to any of the above, then you are failing an important part of good use of passwords.

6 Why do you do these things? “weak” password – a password that is fairly easy to guess or “crack.” “strong” password – a password that is difficult to guess or “crack.” For most, there is a trade-off between having “strong” passwords and being able to remember them.

7 Passwords as Business Control “Just saw that UGA has now implemented strong password requirement controls. The password policy found on MyID.uga.edu is a good example of a policy which contains controls that have been implemented and are required to be followed. The verbiage and layout are similar to what I have seen at the clients I audit” – Jason Lannen, KPMG UGA’s Password Policy Why do you think it is important that organizations require their associates to follow good password policies?

8 Characteristics of “strong” passwords DO NOT use a real word or name Long rather than short --- >=8 characters Use a mix of characters – text characters – upper and lower case, numeric digits, punctuation Use different passwords on different accounts Change your password regularly. DO NOT write your passwords down. (see TIES box on page 209 – Chapter 7)

9 A two step Method for Making Strong Passwords that you can remember. 1. Come up with a “key” that you can remember easily. 2. Come up with as set of simple rules for converting your key into a password

10 Example - Key 1. Choose a key – my preference is a line of text – favorite song titles are good, could be a proverb, famous quotation, line from a poem, etc. Example – “The leaves have fallen all around…”

11 Key – Rule 1 2. Make up some rules 2.1 - Take initials of key phrase. The leaves have fallen all around tlhfaa

12 Key – Rule 2 2. Make up some rules 2.2 – Starting with second character every other one upper case. tlhfaa tLhFaA

13 Key – Rule 3 2. Make up some rules 2.3 – Add one or more special characters in- between the letters. tLhFaA t$L$h$F$a$A

14 Notes: These are my rules. Make up your own! Make as many rules in your algorithm that you can remember – rule of thumb 3 to 5 is probably good enough. Make sure that your key is long enough to generate a long enough password. Even though you have a stronger password, you still need to be aware of how you use it and when it might be compromised. What should you do if you think that your password has been compromised?

15 What about multiple accounts? Some come up with a code for each account and then concatenate onto their password. Example: AccountAccount Code Password My laptopplapt$L$h$F$a$A_plap UGA accountUgat$L$h$F$a$A_uga Gmail accountGmt$L$h$F$a$A_gm

16 What about changing regularly? Change the key and apply the rules. Example: New key: “… Time I was on my way.” Apply rules: 1. Take initials of key phrase. 2. Starting with second character every other one upper case. 3. Add one or more special characters in-between the letters. What’s the new password for the uga account? t$I$w$O$m$W_uga

17 Discussion Are there any problems in my algorithm? How could I improve it? Incidentally, I did a slightly dangerous thing in choosing the second key: 1 st key – 1 st line of Ramble On by Led Zeppelin 2 nd key – 2nd line of Ramble On by Led Zeppelin What would be a safer way of choosing second key?

18 How about PIN numbers? Can’t make them as strong. Why? Should we try to keep our PIN numbers strong? What characteristics should a strong PIN number have?

19 A PIN number example: 1. Pick a key: 1492 (Columbus sailed the ocean blue) 2. Rules: 1. Choose last for digits of credit card 2. For cards: Add key to last for digits of card for PIN. For other accounts find a “look-up-able” related number and add to key. AccountLast 4 or relatedPIN MasterCard30044496 AMEX12062698 OASIS3452 (last four of student ID) 4944

20 Discussion What’s good about the example PIN number algorithm? What’s bad about it? How would you improve it?

21 Call to Action 1. Come up with your key and password algorithm. 2. Use it to come up with your new UGA MyID. 3. Use it to adjust your other passwords. 4. Start changing your password frequently. About once every 3 months (policies may vary)

Download ppt "Passwords and Password Policies An Important Part of IT Control – by Craig Piercy."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Book Title By Author.

Book Title By Author.
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?
Probability II (2 nd Lesson) By Samuel Chukwuemeka (Samdom For Peace)

Probability II (2 nd Lesson) By Samuel Chukwuemeka (Samdom For Peace)
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.

Security Security comes in three forms. 1.Encryption – making data and information transmitted by one person unintelligible to anyone other than the intended.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Section 3.8: More Modular Arithmetic and Public-Key Cryptography

Section 3.8: More Modular Arithmetic and Public-Key Cryptography
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.

Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
13: Unlucky for some? …or how to test your WLAN passwords to make sure that it’s the hacker who is “unlucky” Ian Hughes Wireless Security Consultant

13: Unlucky for some? …or how to test your WLAN passwords to make sure that it’s the hacker who is “unlucky” Ian Hughes Wireless Security Consultant
Homework #4 Comments. Passwords: What are they good for? Today passwords are the #1 means of authenticating users on a day-to-day basis. –Email, Websites,

Homework #4 Comments. Passwords: What are they good for? Today passwords are the #1 means of authenticating users on a day-to-day basis. – , Websites,
Click here for getting your Student User Id & password.

Click here for getting your Student User Id & password.
August 15 click! 1 Email Basics Kitsap Regional Library.

August 15 click! 1 Basics Kitsap Regional Library.
How to Login into SSA ?. Home Page https://ssa.mahindrasatyam.com Click on My Profile.

How to Login into SSA ?. Home Page Click on My Profile.
Email user guide Having a strong password allows other users to struggle to guess. To make a strong password you should use up to 12 letters and 1 or 2.

user guide Having a strong password allows other users to struggle to guess. To make a strong password you should use up to 12 letters and 1 or 2.
Strong Passwords How to make your passwords work for you…. Linda A. LeBlanc IT Security Support IS&T.

Strong Passwords How to make your passwords work for you…. Linda A. LeBlanc IT Security Support IS&T.
Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.

Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.
Email. Open a email Click on your inbox and click on a email you want to open then it will open.

. Open a Click on your inbox and click on a you want to open then it will open.

Similar presentations

Ads by Google