What?
Traditionally, a password is a key that allows a certain person to gain access to resources of a certain group which they would otherwise could not. This has not changed with the age of technology, with passwords being allocated to an increasing number of aspects of our daily lives. Therefore, consideration of them should be undertaken, although this is often overlooked as there is a lack of understanding in this area.
Why?
There are many reasons why an individual should ensure that each password that they use for any service is secure. The most important being just that, for security purposes. If there is no other procedure in place for authentication, someone could easily enough obtain someone else's password and would have access to anything the user does, as they appear exactly the same to the system.
How?
Guidelines
Security involving passwords can be easily strengthened by ensuring that your password complies with the following guidelines:
It cannot be found in a dictionary or based on a dictionary word.
It isn't a name or anything else that is related to you. eg. The name, birthdate etc. of you or a family member / friend.
It isn't written down or stored anywhere.
It is at least 8 characters long and contains upper and lower case letters as well as numbers and perhaps even symbols (control characters are extremely secure but not recommended as they cannot be entered in certain situations).
If using numbers try to place them within the rest of the password instead of being appended to the end.
It isn't used as a password for anything else. ie. Don't use the same password for services with very different security levels and/or consequences following the event of your account being compromised. eg. Your root system password should not be the same as one you use on a website or similar.
It is changed regularly. The urgency of this depends on what that particular password is protecting.
Password Creation Methodology
This is personally my favourite way of constructing a secure password, but you can always contruct your own.
Think up a phrase, in this case it will be 'OSIX is the place to be and stay at'.
This can that be converted to an acronym while also converting some characters to numbers or symbols. 'OSIXitp2B&s@'.
This password contains upper and lower case letters, numbers as well as symbols and therefore should be difficult to crack as there are approximately 475920314814253376475136 combinations up to the 12 character point (of letters,numbers and symbols on the keyboard).
Tools
There are also many applications available which will generate a completely random password, although it is strongly suggested that you don't use these as the password is usually complicated enough so that it can not be remembered without writing it down or storing it in another application such as a 'password safe', which breaks rule #3 in the guidelines above. These password storage programs are a great security liability, as if an attacker gains the knowledge of that password and they have local or remote access to that machine, they are able to have access to every single password 'protected' by that program and therefore every service that each of those passwords protect.
There are actually some password tools that are recommended, these being those that will assist with the decision about whether or not a chosen password is secure. The most prominent in this area are:
John The Ripper — A fast and flexible password cracking program. It allows the use of multiple word lists and is capable of brute-force password cracking. It is available athttp://www.openwall.com/john/
Crack — Perhaps the most well known password cracking software, Crack is also very fast, though not as easy to use as John The Ripper. It can be found athttp://www.crypticide.org/users/alecm/
Slurpie — Slurpie is similar to John The Ripper and Crack except it is designed to run on multiple computers simultaneously, creating a distributed password cracking attack. It can be found along with a number of other distributed attack security evaluation tools at http://www.ussrback.com/distributed.htm
Traditionally, a password is a key that allows a certain person to gain access to resources of a certain group which they would otherwise could not. This has not changed with the age of technology, with passwords being allocated to an increasing number of aspects of our daily lives. Therefore, consideration of them should be undertaken, although this is often overlooked as there is a lack of understanding in this area.
Why?
There are many reasons why an individual should ensure that each password that they use for any service is secure. The most important being just that, for security purposes. If there is no other procedure in place for authentication, someone could easily enough obtain someone else's password and would have access to anything the user does, as they appear exactly the same to the system.
How?
Guidelines
Security involving passwords can be easily strengthened by ensuring that your password complies with the following guidelines:
Password Creation Methodology
This is personally my favourite way of constructing a secure password, but you can always contruct your own.
Tools
There are also many applications available which will generate a completely random password, although it is strongly suggested that you don't use these as the password is usually complicated enough so that it can not be remembered without writing it down or storing it in another application such as a 'password safe', which breaks rule #3 in the guidelines above. These password storage programs are a great security liability, as if an attacker gains the knowledge of that password and they have local or remote access to that machine, they are able to have access to every single password 'protected' by that program and therefore every service that each of those passwords protect.
There are actually some password tools that are recommended, these being those that will assist with the decision about whether or not a chosen password is secure. The most prominent in this area are:
No comments:
Post a Comment