Importance of Passwords
Why
length and complexity is important -
As we know, passwords are used to identify yourself, or authenticate your ability to enter a network, your computer, your banking information, and a host of other internet sites we visit daily. "For years we’ve been hearing that a random jumble of letters, numbers and symbols is the recipe for a strong password. But is there more to password security than a few dollar signs and ampersands? (1)" Many sites only require a 6 character password. But as time has progressed and the attackers have refined their craft, more sites are requiring 8 characters minimum with at least one number and a capital letter. As we have come to learn, the longer the password is, the harder it is for attackers to crack.
Attacks
on passwords-
Passwords are a secret combination of letters, numbers, and/or characters only the user should know, but one weakness is that it often requires being committed to memory. There are a variety of attacks that can be used on passwords:
Brute Force- Uses every possible combination of letters, numbers and characters.
Dictionary- Common dictionary words.
Hybrid attacks- Uses both Dictionary and Brute Force.
Rainbow tables- Creating a large pre generated data set.
Social engineering- phishing, shoulder surfing, dumpster diving!
Capturing- Use of a key logger, man-in-the-middle attack.
Limitations on password supplements-
Dictionary- Common dictionary words.
Hybrid attacks- Uses both Dictionary and Brute Force.
Rainbow tables- Creating a large pre generated data set.
Social engineering- phishing, shoulder surfing, dumpster diving!
Capturing- Use of a key logger, man-in-the-middle attack.
Limitations on password supplements-
Many people find creating strong passwords for each account cumbersome. One solution is to rely on technology rather then human memory. Modern web browsers such as Firefox, Internet Explorer, and Google chrome allow a user to save a password that has been entered into the web browser (called auto complete Password in IE) through a separate dialog box that pops up over the browser. Auto complete passwords are stored in the Microsoft Windows registry.
There are several disadvantages to using the auto complete feature:
- The user is restricted to that computer where the passwords are located.
- If other people are allowed to use that computer, the passwords are accessible to them.
There are several disadvantages to using the auto complete feature:
- The user is restricted to that computer where the passwords are located.
- If other people are allowed to use that computer, the passwords are accessible to them.
Other types of authentication-
Tokens are typically a small device that share a unique algorithm with the corresponding authentication server. The use of tokens provide a significant increase to the level of security and authentication credentials. The Token generates a code from the algorithm once every 30 to 60 seconds. The code is valid for only brief period of time.
Smart cards can be used as authentication credentials also. They contain an integrated circuit chip that contains the information.
1. security.com/2013/07/09/which-is-more-important-password-complexity-or-length/
No comments:
Post a Comment