secure computing series computer password safety

Download Secure Computing Series Computer Password Safety

Post on 24-Dec-2015

213 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • Secure Computing Series Computer Password Safety
  • Slide 2
  • Course Author: Lynne Presley Course Data: George Floyd, Information Technology Lynne Presley, Training & Staff Development (Other data sources cited in text) Course Issued: May 30, 2007 Course Credit: 30 minutes Oracle course code: COMPI06048 Course Information
  • Slide 3
  • After completing this course, students will: understand the function of passwords know what password-cracking software is understand the difference between weak and strong passwords know how to use a phrase to remember a password identify steps to protect passwords Course Objectives
  • Slide 4
  • Just what is a password? It's a secret authentication that controls access to a resource. Passwords are not new technology they have been used throughout history. Introduction Hail Caesar! You may not enter the coliseum without the correct password...
  • Slide 5
  • Historical Password Use Did you know that the U.S. Marine Corps used a special code for some passwords in WWII? They recruited native Navajo speakers, who enlisted and were trained to use unrelated and truncated Navajo verbs and nouns to communicate and authenticate information among Marine units. The coded messages and passwords baffled the enemy and helped to win the war. These courageous and patriotic Marines were called "Code Talkers." PFC Carl Gorman, Navajo Code Talker from Arizona, in action on Saipan during WWII.
  • Slide 6
  • Why does our agency care about passwords? It's simple they protect the integrity of our computers and network. Any network is only as strong as the weakest link and passwords are our agency's first defense against unauthorized access. Network Protection
  • Slide 7
  • The integrity of our network depends on strong passwords. If someone gains unauthorized access, we risk losing our entire network to contamination of data, vandalism, theft, and other negative acts. Intrusion can also affect users on a personal level - see the chart on the next slide for examples of what can happen to you if your password is stolen. Dangers of Intrusion
  • Slide 8
  • Intruder tries to log onto computer No password set Guesses password Uses password cracking software Finds written password Tricks user into divulging password Password discovered SnoopsBlackmailsSteals data, identity, and ideasVandalizes & destroys Anatomy of an Intrusion
  • Slide 9
  • Our agency is working to strengthen passwords throughout the network. Users are expected to create strong, secure passwords. As network systems and servers are upgraded, strong password creation will be enforced and access to the network may be denied if a password is weak. However, if you'll follow the suggestions in this course, you'll be ready to create strong passwords. Access to Network
  • Slide 10
  • It helps to "think like a thief" to foil intrusion attempts. Thieves use software programs that attempt to "crack" passwords. These programs usually include multi-language alphabets and dictionaries. Step I: Create a Strong Password The programs methodically try all words in the dictionaries and combinations of words, as well as commonly-used abbreviations and acronyms. The programs also will check dates (days, years, and months). You'll have to take precautions to make your password strong enough to withstand "cracking."
  • Slide 11
  • Additionally, thieves may try to use personal knowledge of you to guess your password. Do not choose easy and obvious passwords, such as your name, address, nickname, car model, license plate number, the name of your pet, or any other words, numbers or dates easily identifiable with you. Step I: Create a Strong Password TIP: Reversing common words in a password will not make the password stronger. The password "mary" is weak and easily guessed. Reversing the password to "yram" (mary spelled backwards) does not make the password stronger cracking software will try reversed spelling of all common words.
  • Slide 12
  • Use a minimum of 8 random characters Step I: Create a Strong Password Keeping all this in mind, when it's time to create a password, remember to include the following: Example J'OIz#1@cor These characters are random, and can not be looked up in any dictionary.
  • Slide 13
  • Step I: Create a Strong Password Why is it preferable to create passwords with at least 8 random characters? The more characters there are = the longer it takes to crack Examine the chart on the next slide to see how fast an average personal computer can crack passwords that are created using mixed upper and lower case letters, numbers and symbols. (Chart data provided by lockdown.com.uk). As you can see, if your password contains at least 8 characters including letters, numbers, mixed cases, and symbols, the average thief will most likely go away and try to steal another, weaker password!
  • Slide 14
  • Length of password Possible combinations Time to crack 29,216Instant 3884,73688 seconds 485 million2 hours 58 billion9 days 6782 billion2 years 775 trillion238 years 87.2 quadrillion22,875 years The chart below assumes that the password was created using mixed upper and lower case alphabet, numbers and symbols.
  • Slide 15
  • Use at least one case change Step I: Create a Strong Password Example The letters J, O and I are in uppercase, as opposed to the other lowercase letters. J'OIz#1@cor
  • Slide 16
  • Include at least one number Step I: Create a Strong Password Example The number 1 is used, in combination with the other letters, punctuation and symbols. J'OIz#1@cor
  • Slide 17
  • Include punctuation and special characters Step I: Create a Strong Password Example The apostrophe punctuation mark is used, as well as two different characters (# and @). J'OIz#1@cor
  • Slide 18
  • Do not choose a password that's the same or similar to your user name Step I: Create a Strong Password Example Password: User Name: fred.brown If the thief does not know your user name, certain systems require that the user name be cracked, too. Making sure your password is different from your user name makes the theft more difficult. The example shown above meets this criteria, since it does not contain the user's name. J'OIz#1@cor
  • Slide 19
  • Step I: Create a Strong Password Example TIP: You can create a strong password that's easy to remember but hard to crack by using the first letters of words in a phrase, song, or book that's familiar to you, mixed with symbols. For instance, "J'me Overstreet is number one at corrections" produced the password we've been using as an example below. (There is a detailed breakdown of how the password was produced on the next slide.) J'OIz#1@cor
  • Slide 20
  • Step I: Create a Strong Password J'O (stands for J'me Overstreet) Iz (capital I and Z stands for is) #1 (stands for number one) @cor (stands for at corrections) Phrase: "J'me Overstreet is number one at corrections" Password breakdown: J'OIz#1@cor
  • Slide 21
  • Step I: Test Your Knowledge Is this password strong or weak? aaaBBB111!!! Example The password is weak. It contains only two letters in alphabetical sequence, and only one (repeated) number and punctuation mark. It wouldn't take long to crack this password, because it's not random. A truly random password means each letter, number, and symbol has an equal probability of appearing. Creating truly random sequences is difficult, but is something we should strive for. Think of it as exercise for your brain!
  • Slide 22
  • Step I: Test Your Knowledge Can you guess the number one mistake many people make when creating a password? Answer: They choose the word "password" for a password. This mistake is so prevalent that it's the first word thieves will try when trying to crack a password. Other commonly used and cracked passwords are "admin", "123", "temp", and "letmein".
  • Slide 23
  • Step I: Practice Creating Passwords The PC Tools Password Generator allows you to create random passwords that are strong and difficult to crack. If your computer has Internet access, click on the link below to try this free tool. (If you receive a pop-up "Security Alert" window, click "OK" to continue.) https://www.pctools.com/guides/password/
  • Slide 24
  • Step II: Protect Your Password Creating a strong password is only the first step. Now you must protect it. Don't put it on a yellow sticky note on your monitor or anywhere around your computer, keyboard or desk. Don't write it on your desk blotter or calendar, either. Memorize it!
  • Slide 25
  • Step II: Protect Your Password Don't tell anyone else your password. When you do this, you are giving your identity and network authorization away. From the "Believe it or Not" department: During a poll at Waterloo Station in London conducted during the Info Security 2003 Europe conference, 90% of polled office workers divulged their passwords to the poll-taker in exchange for a cheap pen.
  • Slide 26
  • Step II: Protect Your Password Be wary of people standing around your computer. Do not allow them to shoulder surf (to look over your shoulder and watch while you type in your password).
  • Slide 27
  • Step II: Protect Your Password Change your password every 90 days. Without fail. Do it!
  • Slide 28