Passwords - Can Users be Trained

Revision as of 22:54, 8 November 2004 by Schumann (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Finally the teaching of users to choose good passwords and giving negative feedback if not is essentially on that topic.

Conditions for creating good passwords:

Never use:
- Computer name, account name, hostnames
- Any names.
- The license number of your car
- Telefon numbers
- Birthdays
- Words, which are in any dictionaries
- Simple charakter combination ... abcd, 1234
- Keyboard patterns ... qwertz
- All of the variations above reversly
- NCC-1701D is not a good choice

Use instead:
- At least 8 signs
- Letters (small and big) + numbers + special signs
- A password which seems to be a random combination

Mentioning a good way to create passwords:

Using mnemonic phrases such as I’s12n&Iah retrieved from the sentence: “It’s 12 noon and I am hungry”

+ : easy to remember as naively selected passwords and as hard to guess as random passwords

- : problem of user compliance

Another way:
Randomly created and centrally assigned passwords (e.g. as used in military purposes)

+ : they guarantee a certain quality

- : built from an algorithm and not strictly random, some people will write it down, because it is not easy to keep in mind

Ideal solution:

Instruct users to choose mnemonic passwords and use a password filter and request another password if the first alternative was not save enough.

Back (Intrusion Detection Issues) | Table of Contents | Next (Growing Need For Security Data)