Passwords - Can Users be Trained
Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.
Conditions for creating good passwords:
- Computer name, account name, hostnames
- Any names.
- The license number of your car
- Telefon numbers
- Words, which are in any dictionaries
- Simple charakter combination ... abcd, 1234
- Keyboard patterns ... qwertz
- All of the variations above reversly
- NCC-1701D is not a good choice
- At least 8 signs
- Letters (small and big) + numbers + special signs
- A password which seems to be a random combination
Mentioning a good way to create passwords:
Using mnemonic phrases such as I’s12n&Iah retrieved from the sentence: “It’s 12 noon and I am hungry”
+ : easy to remember as naively selected passwords and as hard to guess as random passwords
- : problem of user compliance
Randomly created and centrally assigned passwords (e.g. as used in military purposes)
+ : they guarantee a certain quality
- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind
Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough.