Passwords - Can Users be Trained: Difference between revisions
No edit summary |
No edit summary |
||
| (7 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
<br><br> |
<br><br> |
||
''' ''Conditions for creating good passwords:'' ''' |
''' ''Conditions for creating good passwords:'' ''' |
||
<br> |
<br><br> |
||
'''Never use:''' |
'''Never use:'''<br> |
||
- Computer name, account name, hostnames<br> |
- Computer name, account name, hostnames<br> |
||
- Any names.<br> |
- Any names.<br> |
||
| Line 15: | Line 14: | ||
- All of the variations above reversly<br> |
- All of the variations above reversly<br> |
||
- NCC-1701D is not a good choice<br> |
- NCC-1701D is not a good choice<br> |
||
<br> |
|||
'''Use instead:''' |
'''Use instead:'''<br> |
||
- At least 8 signs<br> |
- At least 8 signs<br> |
||
- Letters (small and big) + numbers + special signs<br> |
- Letters (small and big) + numbers + special signs<br> |
||
- A password which seems to be a random combination<br> |
- A password which seems to be a random combination<br> |
||
<br> |
|||
'' '''Mentioning a good way to create passwords:''' ''<br> |
|||
Using mnemonic phrases such as ''I’s12n&Iah'' retrieved from the sentence: '''“It’s 12 noon and I am hungry”''' |
|||
+ : easy to remember as naively selected passwords and as hard to guess as random passwords |
|||
- : problem of user compliance<br><br> |
|||
'' '''Another way:''' ''<br> |
|||
Randomly created and centrally assigned passwords (e.g. as used in military purposes) |
|||
+ : they guarantee a certain quality |
|||
- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind<br><br> |
|||
'''Ideal solution:'''<br> |
|||
Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough. |
|||
---- |
---- |
||
Latest revision as of 21:54, 8 November 2004
Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.
Conditions for creating good passwords:
Never use:
- Computer name, account name, hostnames
- Any names.
- The license number of your car
- Telefon numbers
- Birthdays
- Words, which are in any dictionaries
- Simple charakter combination ... abcd, 1234
- Keyboard patterns ... qwertz
- All of the variations above reversly
- NCC-1701D is not a good choice
Use instead:
- At least 8 signs
- Letters (small and big) + numbers + special signs
- A password which seems to be a random combination
Mentioning a good way to create passwords:
Using mnemonic phrases such as I’s12n&Iah retrieved from the sentence: “It’s 12 noon and I am hungry”
+ : easy to remember as naively selected passwords and as hard to guess as random passwords
- : problem of user compliance
Another way:
Randomly created and centrally assigned passwords (e.g. as used in military purposes)
+ : they guarantee a certain quality
- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind
Ideal solution:
Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough.
Back (Intrusion Detection Issues) | Table of Contents | Next (Growing Need For Security Data)