-
November 23rd, 2003, 10:59 AM
#1
Creating and Managing passwords
Passwords
Nearly everywhere on the internet and on your computer you use passwords to protect all sorts of accounts and data
example user account(s) online banking, Etc from people that shouldn’t have access to them
Your password is the key that unlocks the information that is locked behind the door. Not using a password would make all of your data out in the open and anyone could take a peek at it and do malicious things with it if they choose to do so.
A user name with a password is the most common way of securing data there are other methods being used today such as fingerprints, retina readers and smartcards with out passwords and these devices any person could pretend to be you in chat rooms ,your credit cards web site Etc
For system administration your user name and password are very important the system uses that information to identify you from all the other users that may have accounts on the system and to give you the proper system access and permissions As a example you wouldn’t want a guest on your network to have Administrator privileges if they make one mistake they can really mess things up
What not to do when creating passwords
Don't use passwords that are names of children, pets, favorite sports teams and movies These are considered to be weak passwords because password crackers can very quickly generate countless words, names and variations of those words and names
Avoid using consecutive patterns on your keyboard example abcd,123 zxcv or uiop
Never tape a list of your passwords to your monitor or type them in to wordpad or notepad anyone that has physical access to your computer can use this to get into your data
Don't use use any word or name for your root passwords
Don't reuse old parts of previous passwords
Don't use passwords that are written in different languages
Don't use any part of your login name in your password(s)
Now since you now know what not to do it is time to show you what you should do
Create passwords
When creating a random password use Mnemonics( this is a rhyme or a phrase that you can use to help yourself to rember the password)
example of mnemonics "The cat in the hat comes back" in password form and using special characters the password would look like this
T1c(I5t8HcB
Create different passwords for each account that has access to data that you consider to be sensitive such as credit card web site(s) the admin and your user account on your computer Etc
For sites that contain nonsensitive data such as online news sites etc you can use a one word password
Do change your password every three to six months or sooner ( if you feel it is nessary to do so)
Make the password at least 8 or more characters in length
Create single password for access to nonsensitive data
Different versions of windows comes with various levels of password protection they range from somewhat secure to very secure
Windows 95/98 and Me
Offer low end password protection because it lets you create profiles so you can have your own settings such as wallpaper screen saver Etc
So if you don't know the users password you can't access these features but if you fail to input a password you can still access the programs and harddrive
Windows 2000
Has the option to have users enter a user name and a password before they can use the computer there are three types of group membership that can be granted to a user
1. standard user(poweruser group): Users can modify the computer and install programs but can not read files that belong to other users
2. Restricted user( users group)Users can operate the computer and save documents but can not install programs or make changes to the system files and settings
3. Administrators :Admin have complete and unrestricted access to the system
windows 2000 also has the following options
Enforce password history
Maximum password age
Minimum password age
Minimum password length
Passwords must meet Complexity requirements
Store password using reversible encryption for all users in the domain
Windows xp
is on the very secure end because any person that wishes to use the desktop or computer has to have a user account, password protecting your user account and admin account will prevent anyone from using it intill they input the correct password
Windows Xp provides two types of accounts Admin and user
The admin account can install programs access all files and folders add and delete accounts
the Limited user account(s) are limited account(s) they can't install programs or make system changes unless they have the permission to do so and have access to fewer files
There are software programs that will help you create and manage your passwords
Freeware programs
Descriptions are available on the web site these programs work with 98/Me/NT/200 and XP
www.romanlab.com/apw/index.html for any password
www.webattack.com/get/passafe.html for the password safe
www.webattack.com/get/didentity.html digital identity is not only a password manager it also uses steganography
www.webattack.com/get/whisper.html
www.webattack.com/get/Oubiette.html
www.dillobits.com
Programs that cost money
Dvasoft
has a program called Personal passworder this program costs $14.99 this program offers a number of features such as a personal passworder that lets you create seperate password protected accounts for multiple users, organize passwords into groups, search your list of passwords and has a customizable password generator with a password expiration
www.dvasoft.com
L0pht crack
LC4 is used to check the strength of users passwords by using different types of cracking methods: dictionary, hybrid, and brute force analysis
15 day trial
cost 1 upgrade License $95.00
1 license $350.00
www.atstake.com
-
November 23rd, 2003, 11:57 PM
#2
Nice Tut Deadaddict.
one other password tool I might add though would be brutus.
HTTP (Basic Authentication)
HTTP (HTML Form/CGI)
POP3
FTP
SMB
Telnet
Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples
http://www.hoobie.net/brutus/
-
November 24th, 2003, 12:09 AM
#3
yap it doesn't bring nothing new to more experienced users but many can still learn from it...
I liked the way you stressed:
What not to do when creating passwords
Don't use passwords that are names of children, pets, favorite sports teams and movies These are considered to be weak passwords because password crackers can very quickly generate countless words, names and variations of those words and names
Avoid using consecutive patterns on your keyboard example abcd,123 zxcv or uiop
Never tape a list of your passwords to your monitor or type them in to wordpad or notepad anyone that has physical access to your computer can use this to get into your data
Don't use use any word or name for your root passwords
Don't reuse old parts of previous passwords
Don't use passwords that are written in different languages
Don't use any part of your login name in your password(s)
It's unbelievable the amount of dictionary pass you'll find if you brute force a random account. People still use keyboard sequences thinking no one ever thought of that... i've done this myself but hey, no one's born perfect right?
anyways nice going
-
November 24th, 2003, 12:19 AM
#4
Wow thanks cheyenne I can't believe I didn't come across find that site when I was writing this. I am giving it a test run
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|