[iwar] [fc:Password.Protection.101]

From: Fred Cohen (fc@all.net)
Date: 2001-10-31 22:15:08
Next message: Fred Cohen: "[iwar] [fc:New.York.is.the.Internet.capital.-.TeleGeography]"
Previous message: Fred Cohen: "[iwar] [fc:Sources:.bin.Laden.May.Have.Ordered.New.Attacks]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200111010615.fA16F8H12414@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Wed, 31 Oct 2001 22:15:08 -0800 (PST)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] [fc:Password.Protection.101]
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Password Protection 101

NIPC, 10/31/2001
<a href="http://www.nipc.gov/publications/nipcpub/password.htm">http://www.nipc.gov/publications/nipcpub/password.htm>

Every year thousands of computers are illegally accessed because of weak
passwords. How many users are guilty of any of the following things:

Writing down a password on a sticky note placed on or near your
computer.  Using a word found in a dictionary. That's right, a
dictionary. Any dictionary!  Using a word from a dictionary followed by
2 numbers.  Using the names of people, places, pets, or other common
items.  Sharing your password with someone else.  Using the same
password for more than one account, and for an extended period of time. Using the 
default password provided by the vendor. 
Chances are, if you are anything like the majority of computer users,
you answered yes to one or more of the above questions. The problem is,
hackers are aware of these problems as well and target those who don't
take the correct precautions. 
Why Is There A Problem? 
Passwords are one of the first lines of defense that users have to
protect their systems. Unfortunately, people are not accustomed to
remembering difficult passwords consisting of numbers and weird
characters. The ever-increasing number of passwords required to work in
today's world only makes this problem worse. Many people have
compensated for this problem by writing down their password and keeping
that information in an unsecured area, like stuck to a computer screen. 
One of the first things a hacker will attempt to do against a system is
run a program that will attempt to guess the correct password of the
target machine. These programs can contain entire dictionaries from
several different languages. In addition to words found in dictionaries,
these programs often contain words from popular culture such as science
fiction movies and novels. 
Hackers like to attack people's weaknesses. One of the major weaknesses
is the reluctance to remember several, long, difficult to guess words
such as passwords. Therefore, once one is chosen, the likelihood that
the same password is used for several accounts is very high. This is
similar to the problem with default passwords because users have a
tendency to keep the same password for a long period of time, thereby
allowing the attacker that much more time to gain access to a system. 
What You Can Do? 
Remembering long passwords can be difficult, but there are some basic
techniques users can employ to lessen the pain. First, choose a phrase
that you will remember. As an example, we will use the phrase "The pearl
in the river." You can then take a number that you are familiar with,
such as a birthday. For this example we will use 7/4/01. Next, you can
take the first letter of your phrase and interlace it with the chosen
date to make something similar to t7p4i0t1r. This method creates a
password that won't be found in any dictionary and is unique to the
person who created it. 
t p i t r =t7p4i0t1r 7 4 0 1

It is important to remember though, that any password can be guessed if
given enough time. Therefore, it is important to change your password
within the amount of time it would take an attacker to guess it. For
example, with the previous password it may take an attacker 60 days on a
very fast computer to guess what it is. In order to ensure your systems
safety then, a user must change their password before those 60 days come
to an end. 
While password security is a very important deterrent to hackers gaining
access to your system, it is only one component to the "defense in
depth" principle. What this means, is passwords need to be used along
with other measures such as updated anti-virus software and a personal
firewall such as Zone Alarm. This is the first in a continuing series of
articles that will help explain the importance of safe computing in
today's networked world. If you have any questions on the above article
please contact the watch at nipc.watch@fbi.gov. Additionally, please
visit the following web sites for more information on the importance of
strong passwords along with many other computer security matters.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide!
http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:New.York.is.the.Internet.capital.-.TeleGeography]"
Previous message: Fred Cohen: "[iwar] [fc:Sources:.bin.Laden.May.Have.Ordered.New.Attacks]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:58 PST