Passwords - Can Users be Trained: Difference between revisions

From
Jump to navigation Jump to search
No edit summary
No edit summary
 
(5 intermediate revisions by the same user not shown)
Line 14: Line 14:
- All of the variations above reversly<br>
- All of the variations above reversly<br>
- NCC-1701D is not a good choice<br>
- NCC-1701D is not a good choice<br>
<br><br>
<br>


'''Use instead:'''<br>
'''Use instead:'''<br>
Line 20: Line 20:
- Letters (small and big) + numbers + special signs<br>
- Letters (small and big) + numbers + special signs<br>
- A password which seems to be a random combination<br>
- A password which seems to be a random combination<br>
<br>
'' '''Mentioning a good way to create passwords:''' ''<br>


Using mnemonic phrases such as ''I’s12n&Iah'' retrieved from the sentence: '''“It’s 12 noon and I am hungry”'''
''Mentioning a good way to create passwords:''

Using mnemonic phrases such as I’s12n&Iah retrieved from the sentence: '''“It’s 12 noon and I am hungry”'''


+ : easy to remember as naively selected passwords and as hard to guess as random passwords
+ : easy to remember as naively selected passwords and as hard to guess as random passwords


- : problem of user compliance
- : problem of user compliance<br><br>

'' '''Another way:''' ''<br>
Randomly created and centrally assigned passwords (e.g. as used in military purposes)

+ : they guarantee a certain quality

- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind<br><br>

'''Ideal solution:'''<br>

Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough.







Latest revision as of 21:54, 8 November 2004

Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.

Conditions for creating good passwords:

Never use:
- Computer name, account name, hostnames
- Any names.
- The license number of your car
- Telefon numbers
- Birthdays
- Words, which are in any dictionaries
- Simple charakter combination ... abcd, 1234
- Keyboard patterns ... qwertz
- All of the variations above reversly
- NCC-1701D is not a good choice

Use instead:
- At least 8 signs
- Letters (small and big) + numbers + special signs
- A password which seems to be a random combination

Mentioning a good way to create passwords:

Using mnemonic phrases such as I’s12n&Iah retrieved from the sentence: “It’s 12 noon and I am hungry”

+ : easy to remember as naively selected passwords and as hard to guess as random passwords

- : problem of user compliance

Another way:
Randomly created and centrally assigned passwords (e.g. as used in military purposes)

+ : they guarantee a certain quality

- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind

Ideal solution:

Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough.




Back (Intrusion Detection Issues) | Table of Contents | Next (Growing Need For Security Data)