Passwords - Can Users be Trained: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
 
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.
Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.
<br>
<br><br>
''' ''Conditions for creating good passwords:'' '''
''' ''Conditions for creating good passwords:'' '''
<br><br>
'''Never use:'''<br>
- Computer name, account name, hostnames<br>
- Any names.<br>
- The license number of your car<br>
- Telefon numbers<br>
- Birthdays<br>
- Words, which are in any dictionaries<br>
- Simple charakter combination ... abcd, 1234<br>
- Keyboard patterns ... qwertz<br>
- All of the variations above reversly<br>
- NCC-1701D is not a good choice<br>
<br>
<br>
'''Never use:'''


'''Use instead:'''<br>
- Computer name, account name, hostnames
- At least 8 signs<br>
- Any names.
- Letters (small and big) + numbers + special signs<br>
- The license number of your car
- A password which seems to be a random combination<br>
- Telefon numbers
<br>
- Birthdays
'' '''Mentioning a good way to create passwords:''' ''<br>
- Words, which are in any dictionaries

- Simple charakter combination ... abcd, 1234,
Using mnemonic phrases such as ''I’s12n&Iah'' retrieved from the sentence: '''“It’s 12 noon and I am hungry”'''
- Keyboard patterns ... qwertz

- All of the variations above reversly
+ : easy to remember as naively selected passwords and as hard to guess as random passwords
- NCC-1701D is not a good choice

<br><br>
- : problem of user compliance<br><br>

'' '''Another way:''' ''<br>
Randomly created and centrally assigned passwords (e.g. as used in military purposes)

+ : they guarantee a certain quality

- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind<br><br>

'''Ideal solution:'''<br>

Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough.




'''Use instead:'''
- At least 8 signs
- Letters (small and big) + numbers + special signs
- A password which seems to be a random combination


----
----

Latest revision as of 21:54, 8 November 2004

Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.

Conditions for creating good passwords:

Never use:
- Computer name, account name, hostnames
- Any names.
- The license number of your car
- Telefon numbers
- Birthdays
- Words, which are in any dictionaries
- Simple charakter combination ... abcd, 1234
- Keyboard patterns ... qwertz
- All of the variations above reversly
- NCC-1701D is not a good choice

Use instead:
- At least 8 signs
- Letters (small and big) + numbers + special signs
- A password which seems to be a random combination

Mentioning a good way to create passwords:

Using mnemonic phrases such as I’s12n&Iah retrieved from the sentence: “It’s 12 noon and I am hungry”

+ : easy to remember as naively selected passwords and as hard to guess as random passwords

- : problem of user compliance

Another way:
Randomly created and centrally assigned passwords (e.g. as used in military purposes)

+ : they guarantee a certain quality

- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind

Ideal solution:

Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough.




Back (Intrusion Detection Issues) | Table of Contents | Next (Growing Need For Security Data)