Passwords - Can Users be Trained: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
No edit summary
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.
Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.
<br><br><
<br><br>
''' ''Conditions for creating good passwords:'' '''
''' ''Conditions for creating good passwords:'' '''
<br>
<br><br>
'''Never use:'''
'''Never use:'''<br>

- Computer name, account name, hostnames<br>
- Computer name, account name, hostnames<br>
- Any names.<br>
- Any names.<br>
Line 15: Line 14:
- All of the variations above reversly<br>
- All of the variations above reversly<br>
- NCC-1701D is not a good choice<br>
- NCC-1701D is not a good choice<br>
<br><br>
<br>


'''Use instead:'''
'''Use instead:'''<br>
- At least 8 signs<br>
- At least 8 signs<br>
- Letters (small and big) + numbers + special signs<br>
- Letters (small and big) + numbers + special signs<br>
- A password which seems to be a random combination<br>
- A password which seems to be a random combination<br>
<br>
'' '''Mentioning a good way to create passwords:''' ''<br>

Using mnemonic phrases such as ''I’s12n&Iah'' retrieved from the sentence: '''“It’s 12 noon and I am hungry”'''

+ : easy to remember as naively selected passwords and as hard to guess as random passwords

- : problem of user compliance<br><br>

'' '''Another way:''' ''<br>
Randomly created and centrally assigned passwords (e.g. as used in military purposes)

+ : they guarantee a certain quality

- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind<br><br>

'''Ideal solution:'''<br>

Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough.





----
----

Latest revision as of 21:54, 8 November 2004

Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.

Conditions for creating good passwords:

Never use:
- Computer name, account name, hostnames
- Any names.
- The license number of your car
- Telefon numbers
- Birthdays
- Words, which are in any dictionaries
- Simple charakter combination ... abcd, 1234
- Keyboard patterns ... qwertz
- All of the variations above reversly
- NCC-1701D is not a good choice

Use instead:
- At least 8 signs
- Letters (small and big) + numbers + special signs
- A password which seems to be a random combination

Mentioning a good way to create passwords:

Using mnemonic phrases such as I’s12n&Iah retrieved from the sentence: “It’s 12 noon and I am hungry”

+ : easy to remember as naively selected passwords and as hard to guess as random passwords

- : problem of user compliance

Another way:
Randomly created and centrally assigned passwords (e.g. as used in military purposes)

+ : they guarantee a certain quality

- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind

Ideal solution:

Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough.




Back (Intrusion Detection Issues) | Table of Contents | Next (Growing Need For Security Data)