Password Security
- Passwords
- often first and only line of defense
- typically not used well (trivial / default passwords used)
- passwords not frequently changed
- random passwords - trypically requires to write down the password
- Legal Implications of accessing other's passwords
- Future - International Biometric Group
- Fingerprint scan
- Hand scan
- Voice scan
- Retinal scan
- Facial scan
- Password Management
- Have and enforce a password policy
- Require strong passwords
- Minimum length of ten characters
- Must contain at least 3 of the following: lowercase alpha, uppercase alpha, digit, and special character
- Alpha, number and special characters must be mixed up
- Do not use "dictionary" words
- Do not reuse the previous five passwords
- Minimum password age of ten days
- Maximimum password age of 45 days
- Lock password after five failed logon attempts
- Protect passwords: strong encryption, shadow files
- Password Attacks
- Scheme for password cracking
- Types of password cracking attacks
- Dictionary Attack - uses a file that contains most of the words found in a dictionary
- Brute Force Attack - tries every possible combination of letters, numbers and special characters
- Hybrid Attack - concatenates extra characters to dictionary words
- Social Engineering - convince someone to give you their user ID and password
- Shoulder surfing
- Dumpster diving
Please mail any comments about this page to wsummers@cs.nmhu.edu