Password Security - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

Password Security

Description:

Never use a word found in a dictionary (English or foreign) ... The password uses Gonzaga, zags, bulldogs, spikes, or any derivation ... – PowerPoint PPT presentation

Number of Views:89
Avg rating:3.0/5.0
Slides: 22
Provided by: black
Category:

less

Transcript and Presenter's Notes

Title: Password Security


1
Password Security
  • Cyber Security Month
  • October 2006

2
What are we going to talk about today?
  • Why my account?
  • Best practices when creating passwords
  • Creating easy to remember passwords
  • Password Policy
  • Strong vs. Weak passwords
  • Protection Standards

3
Password Security, Why Passwords?
  • Your user ID is your identification
  • It links you to your actions on the system
  • Your password authenticates your user ID
  • Protect your ID and password
  • Generally, you are responsible for actions taken
    with your ID and password

4
What is the big deal?
Internet/network
5
Who are the Threats?
  • Disgruntled or Mischievous Employee or Student
    Employee
  • Anonymous Random Outsider
  • Informed Outsider

6
Disgruntled Student/Employee
  • Sending email from your accounts
  • Changing/deleting information or documents
  • Disabling your workstation
  • Access to any account in your browser with a
    saved passwords (bank, etc)
  • Common password exposure
  • Caused by password sharing, writing down, or
    Personal info or Gonzaga related passwords

7
Anonymous Random Outsider
  • Take control of your workstation
  • Illegal activities, unethical activities
  • Collect personal information
  • DoB, SSN, address, Email addresses
  • Expose sensitive GU data to other potential
    outsiders
  • Caused by simple passwords such as dictionary
    words or easy sequences

8
Common Attacks
  • Dictionary attack uses a list of predefined
    words.
  • Lists can be generated from websites, indexed
    from local files, dictionaries, encyclopedias or
    wikipedias
  • Bruteforce
  • Guesses every character combination in sequence
  • Statistical attacks
  • Guesses based on common human tendencies and can
    be catered to a targeted enviornment

9
Common Attacks
  • Dictionary attacks smart substitutions
  • Replace common letter/character substitutions
    (e.g. 1 for I, 3 for e, _at_ for a)
  • Misspellings (snoball for snowball)
  • Reverse spellings
  • Letter shifting (owballsn for snowball)
  • Transposed letters (snobwall)

10
Common Attacks
  • Statistical attacks
  • Catered to a targeted audience or system
  • Optimized based off of system rules
  • Optimized based on human tendencies
  • Required number is last digit
  • Only minimum number of characters required
  • First character is capitalized
  • Integrating zag or gonzaga into the scheme

11
Informed Outsider
  • After sensitive data for profit
  • Send spam/malware/viruses through your computer
    or from GU account information obtained from your
    account
  • They do their homework
  • Use dictionary and brute force attacks

12
Password Security cont
  • Best practices
  • Passwords should be changed periodically
  • Dont reuse your previous passwords
  • Dont use the same password for each of your
    accounts
  • NEVER tell or share your password with ANYONE
  • When your computer prompts you to save your
    password, click on NO

13
Password Security, Best practices cont
  • Never use a word found in a dictionary (English
    or foreign)
  • If you think your password has been compromised,
    change it immediately
  • Make your password as long as possible eight or
    more characters
  • Create a password thats hard to guess but easy
    for you to remember
  • Use a mix of numbers and letters, special
    characters or use only the consonants of a word
  • Try using the first letter of each word in a
    phrase, song, quote or sentence
  • The big Red fox jumped over the Fence to get the
    hen? becomes TbRfjotF2gth?

14
Password Security, Policies cont
  • Weak Passwords have ANY of the following
    characteristics
  • The password contains less than eight characters
  • The password is a word found in a dictionary
    (English or foreign)
  • The password is a common usage word such as
    names of family, pets, friends, co-workers, media
    characters, city, state, etc.
  • The password uses Gonzaga, zags, bulldogs,
    spikes, or any derivation
  • Birthdays and other personal information such as
    addresses and phone numbers

15
Password Security, Policies cont
  • Strong Passwords have all of the following
    characteristics
  • Contain both upper and lower case characters
  • Have digits and punctuation characters as well as
    letters
  • Are at least eight alphanumeric characters long
  • Are not a word in any language, slang, dialect,
    jargon, etc.
  • Are not based on personal information, names of
    family, etc.

16
Sample Password Schemes
  • Ideally it would be random
  • K3w-bA1iL)
  • Basketball
  • Swt16-2005
  • goRT,Lakers
  • Politics
  • Ivoted4THATGuy?
  • Ivoted4ThatGuy!
  • Movie
  • WeRep.D.L011yGuild

17
Sample Password Schemes continued
  • Items that may help you think of and remember
    passwords
  • Movies
  • Songs
  • Plays
  • Bible Verses
  • Life Events

18
Password Security, Policies Protection cont
  • Word or number patterns like aaabbb, zyxwvuts,
    123321, etc.
  • Any of the above spelled backwards
  • Any of the above preceded or followed by a digit
    (e.g. secret1, 1secret)
  • Creating Passwords
  • Try to create passwords that are easily
    remembered
  • Password Protection Standards
  • Do not use the same password for Gonzaga accounts
    as for other non-Gonzaga access
  • Do not share passwords
  • If someone requests your password, report the
    incident immediately to the Help Desk x5550
  • Do not use the Remember Password feature of
    applications (Internet Explorer, Firefox, Outlook)

19
Password Security cont
  • Policy
  • View it at the http//cybersecurity.gonzaga.edu
    website
  • Main points
  • All user-level and system-level passwords must
    conform to the strong password as defined below
  • All personnel passwords must be changed at least
    every six months. Recommended change interval is
    three months
  • Users must not store or transmit passwords
    electronically in clear text
  • Passwords must not be written down
  • All passwords a user has available to them must
    be changed if the user changes positions or is no
    longer employed at the University. This includes
    work study personnel
  • Individual user passwords must not be shared

20
Password Security, Protection cont
  • Do not write passwords down or store them
    anywhere in your office
  • Do not store passwords in a file on ANY computer
    system without strong encryption
  • If an account or password is suspected to have
    been compromised immediately report the incident
    to the Help Desk
  • Periodic password auditing will be performed on a
    random basis by IT or its delegates. Users will
    be required to change any password that fails the
    audit

21
How Do I Change My Password
  • Universal Method
  • http//passwordreset.gonzaga.edu
  • Registration required with current password
  • On Campus PC with Windows
  • When Logged on press Ctrl Alt Delete
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Password Security" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!