Embed Size (px)
DESCRIPTION
User Management: Passwords. cs3353. Passwords. Policy: “Choose a password you can’t remember and don’t write it down”. Passwords. Of the 200 most common passwords, at least one was used at every site tested [Grampp & Morris]. Passwords. - PowerPoint PPT Presentation
Citation preview
User Management: Passwords
cs3353
Passwords
Policy:“Choose a password you can’t remember and
don’t write it down”
Passwords
• Of the 200 most common passwords, at least one was used at every site tested [Grampp & Morris].
Passwords
• Users will spare no creativity when it comes to working against the password policy
Making a Secure Password
• User practice (in general):– Users don’t like long passwords– Users don’t like to type complex character strings– Users don’t like to change their passwords often
Making Secure Passwords
• User behavior requires the SA to create a set of enforceable guidelines for password creation.
Making a Secure Password
• Use a combination of characters that includes:– Digits– Punctuation marks– Alphabet letters– Possibly other special characters?
Making a Secure Password
• Passwords to exclude:– Proper nouns– Dictionary words from any language– Consecutive letters or digits
Making a Secure Password
• Require passwords to be changed occasionally:– Example: Once per year
• Set the rules on minimum and maximum password lengths: – minimum is 6-10 characters (is 6 is too short?)– maximum is 16-32 characters– Some password applications have limits on
password length
Making a Secure Password
• The longer and more complex the password, the harder it is to crack.– Long complex passwords are difficult to
remember and difficult to type.
Password Experiment
• A: Control group – choose any password you like.
• B: Passphrase group – use a passphrase• C: Random P-word group – random characters
are used.
Password Experiment
• The successful cracking rate was:– A = 30%– B = 10%– C = 10%
Password Experiment
• Forgetting your password– Groups A and B had the same rate– Group C had a significantly higher rate, and were
more likely to record their password somewhere.
Making a Secure Password
• There are websites that rate password strength, but be careful how you use such a site.
Making a Secure Password
• Methods– Formula: • Prefix• Infix• Postfix
– Catch-phrase• Use the first letter of each word in an easy to
remember catch-phrase.
Making a Secure Password• Formula Example– Prefix:– Infix:– Postfix:Bank password example:per$wgh29_BoO
per=personal$ and_ are the field separatorswgh = Warren G. Harding, 29th president of USBoO = Bank of Oklahoma
Making a Secure Password
• Catch phrase:– Admiral Nelson defeats French at Trafalgar.
• Becomes the password:Ad.NlsnD3fF@T
