1. Passwords
   • often first and only line of defense
   • typically not used well (trivial / default passwords used)
   • passwords not frequently changed
   • random passwords - trypically requires to write down the password
2. Legal Implications of accessing other's passwords
3. Future - International Biometric Group
   • Fingerprint scan
   • Hand scan
   • Voice scan
   • Retinal scan
   • Facial scan
4. Password Management
   • Have and enforce a password policy
   • Require strong passwords
     • Minimum length of ten characters
     • Must contain at least 3 of the following: lowercase alpha, uppercase alpha, digit, and special character
     • Alpha, number and special characters must be mixed up
     • Do not use "dictionary" words
     • Do not reuse the previous five passwords
     • Minimum password age of ten days
     • Maximimum password age of 45 days
     • Lock password after five failed logon attempts
   • Protect passwords: strong encryption, shadow files
5. Password Attacks
   • Scheme for password cracking
   • Types of password cracking attacks
     • Dictionary Attack - uses a file that contains most of the words found in a dictionary
     • Brute Force Attack - tries every possible combination of letters, numbers and special characters
     • Hybrid Attack - concatenates extra characters to dictionary words
   • Social Engineering - convince someone to give you their user ID and password
   • Shoulder surfing
   • Dumpster diving

Please mail any comments about this page to summers_wayne@ColumbusState.edu