Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Dylan Pantell
Hiral Merchant
Introduction
Password security is a serious problem for major companies as well as regular users.
Without proper password security, anybody can obtain access to the private information of a
company or another user. To understand the difference between a secure or insecure password we
must first understand exactly what a password is.
A password is simply a series of characters that a user needs in order to gain access to
their account or files. The purpose of a password is to act as a layer of security between the
public and important information. A password by itself is not very secure, especially if it is not
maintained or handled properly. What makes a password secure is how it is created, stored, and
entered into a system. The purpose of this document is to inform users about common ways that
passwords can be stolen and teach users methods that can be used to prevent stolen passwords.
This next image shows how powerful the length of a password can be. A password only
using uppercase and lowercase letters is considered to be very secure at high lengths.
Lengths 15 and 20 are great examples of a secure password.
Figure 3: The security of short to long alphabetical passwords.[2]
Lastly, here is an example of two passwords that both use lowercase letters, uppercase
letters, and symbols, but have different password lengths.
authentication
three types of
Multifactor
comprises of
security [5]:
Summary
Computers are getting faster at cracking passwords and are forcing users to make their
passwords longer and more complex. It turns out that a password on its own is no longer
sufficient enough to guarantee decent security. Hackers will go to great lengths in order to get the
information that they want, and without proper password maintenance users risk becoming
victims of stolen accounts. A user needs to make sure that their password is not based on
personal information so that their password is not easy to guess. A user should also use different
passwords for each of their accounts, or else they can all be stolen at once. A password needs to
contain numbers, letters, and symbols, but more importantly a password needs to be long. If a
password is not strong, then the password can easily be cracked through methods such as a brute
force attack. A password manager is not essential but it is a very convenient tool for securing lots
of passwords at once. A password manager can generate strong passwords as well an encrypt
passwords into a protected and unreadable form. This adds another layer of security against
people trying to steal the users password. Finally, the last method of securing a password is
using a two-factor or multi factor authentication system. Multi-factor authentication gives
additional requirements for being able to log into an account. It uses factors that are out of reach
of potential attackers on the web, such as a code on the users phone or speech recognition.
Conclusion
Every time a user creates or logs into an account on the internet, there is a chance that
their information is being tracked. Hackers are devious; they have many tools to get into a users
account and steal their information. By following the guidelines above anybody can create a
defense against these hackers and make cracking your password less feasible.
Recommendations
It is recommended that the every user does the following: make sure all passwords for all
accounts are converted into strong passwords, find and install a password manager, and enable
two-factor or multifactor authentication with the password manager. There are two different
ways to handle password management, either through a browser or locally on the desktop. For
browsers, it is recommended that users use LastPass which is very easy for beginners and has
many tutorials. If however, a local desktop password manager is preferred, then KeyPass is a
great choice and is open source. LastPass has native two-factor support and KeyPass has plugins
to enable such features if needed. With these three elements combined, a users password is
extraordinarily safe and the user has significantly reduced their risk of having their password or
account stolen.
References
1. Hospital Chs Hack. Digital image. cnn.com. CNN, 18 Aug. 2014. Web. 13 Mar. 2015.
<http://money.cnn.com/2014/08/18/technology/security/hospital-chs-hack/>
2.
Password Cracking Speeds. Digital image. Lockdown. N.p., 10 July 2009. Web. 11 Mar. 2015.
<http://www.lockdown.co.uk/?pg=combi&s=articles>
3. Test Encryption Routine. Digital image. Tony Marston's Web Site. Tony Marston, 10 July 2000.
Web. 12 Mar. 2015. <http://www.tonymarston.net/uniface/tip05.html>.
4. Access Control System. Digital image. Understanding Multi-Factor Authentication in
EmpowerID. N.p., 2013. Web. 15 Mar. 2015.
<https://empowerid.atlassian.net/wiki/display/EIDAG2013/Understanding+MultiFactor+Authentication+in+EmpowerID>.
5. Schneider, Fred. "Something You Know, Have, or Are." Cornell.edu. Web. 11 Mar. 2015.
<https://www.cs.cornell.edu/courses/cs513/2005fa/nnlauthpeople.html>.