Results 1 to 4 of 4

Thread: Creating and Managing passwords

  1. #1
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583

    Creating and Managing passwords

    Passwords

    Nearly everywhere on the internet and on your computer you use passwords to protect all sorts of accounts and data
    example user account(s) online banking, Etc from people that shouldn’t have access to them
    Your password is the key that unlocks the information that is locked behind the door. Not using a password would make all of your data out in the open and anyone could take a peek at it and do malicious things with it if they choose to do so.

    A user name with a password is the most common way of securing data there are other methods being used today such as fingerprints, retina readers and smartcards with out passwords and these devices any person could pretend to be you in chat rooms ,your credit cards web site Etc
    For system administration your user name and password are very important the system uses that information to identify you from all the other users that may have accounts on the system and to give you the proper system access and permissions As a example you wouldn’t want a guest on your network to have Administrator privileges if they make one mistake they can really mess things up

    What not to do when creating passwords

    Don't use passwords that are names of children, pets, favorite sports teams and movies These are considered to be weak passwords because password crackers can very quickly generate countless words, names and variations of those words and names

    Avoid using consecutive patterns on your keyboard example abcd,123 zxcv or uiop

    Never tape a list of your passwords to your monitor or type them in to wordpad or notepad anyone that has physical access to your computer can use this to get into your data

    Don't use use any word or name for your root passwords

    Don't reuse old parts of previous passwords

    Don't use passwords that are written in different languages

    Don't use any part of your login name in your password(s)

    Now since you now know what not to do it is time to show you what you should do

    Create passwords

    When creating a random password use Mnemonics( this is a rhyme or a phrase that you can use to help yourself to rember the password)

    example of mnemonics "The cat in the hat comes back" in password form and using special characters the password would look like this
    T1c(I5t8HcB

    Create different passwords for each account that has access to data that you consider to be sensitive such as credit card web site(s) the admin and your user account on your computer Etc

    For sites that contain nonsensitive data such as online news sites etc you can use a one word password

    Do change your password every three to six months or sooner ( if you feel it is nessary to do so)

    Make the password at least 8 or more characters in length

    Create single password for access to nonsensitive data

    Different versions of windows comes with various levels of password protection they range from somewhat secure to very secure

    Windows 95/98 and Me
    Offer low end password protection because it lets you create profiles so you can have your own settings such as wallpaper screen saver Etc
    So if you don't know the users password you can't access these features but if you fail to input a password you can still access the programs and harddrive

    Windows 2000

    Has the option to have users enter a user name and a password before they can use the computer there are three types of group membership that can be granted to a user
    1. standard user(poweruser group): Users can modify the computer and install programs but can not read files that belong to other users

    2. Restricted user( users group)Users can operate the computer and save documents but can not install programs or make changes to the system files and settings

    3. Administrators :Admin have complete and unrestricted access to the system
    windows 2000 also has the following options
    Enforce password history
    Maximum password age
    Minimum password age
    Minimum password length
    Passwords must meet Complexity requirements
    Store password using reversible encryption for all users in the domain

    Windows xp
    is on the very secure end because any person that wishes to use the desktop or computer has to have a user account, password protecting your user account and admin account will prevent anyone from using it intill they input the correct password

    Windows Xp provides two types of accounts Admin and user
    The admin account can install programs access all files and folders add and delete accounts
    the Limited user account(s) are limited account(s) they can't install programs or make system changes unless they have the permission to do so and have access to fewer files

    There are software programs that will help you create and manage your passwords

    Freeware programs
    Descriptions are available on the web site these programs work with 98/Me/NT/200 and XP

    www.romanlab.com/apw/index.html for any password
    www.webattack.com/get/passafe.html for the password safe
    www.webattack.com/get/didentity.html digital identity is not only a password manager it also uses steganography
    www.webattack.com/get/whisper.html
    www.webattack.com/get/Oubiette.html
    www.dillobits.com

    Programs that cost money

    Dvasoft
    has a program called Personal passworder this program costs $14.99 this program offers a number of features such as a personal passworder that lets you create seperate password protected accounts for multiple users, organize passwords into groups, search your list of passwords and has a customizable password generator with a password expiration
    www.dvasoft.com

    L0pht crack
    LC4 is used to check the strength of users passwords by using different types of cracking methods: dictionary, hybrid, and brute force analysis
    15 day trial
    cost 1 upgrade License $95.00
    1 license $350.00
    www.atstake.com

  2. #2
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Nice Tut Deadaddict.

    one other password tool I might add though would be brutus.
    HTTP (Basic Authentication)
    HTTP (HTML Form/CGI)
    POP3
    FTP
    SMB
    Telnet
    Other types such as IMAP, NNTP, NetBus etc are freely downloadable from this site and simply imported into your copy of Brutus. You can create your own types or use other peoples
    http://www.hoobie.net/brutus/
    =

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    yap it doesn't bring nothing new to more experienced users but many can still learn from it...
    I liked the way you stressed:
    What not to do when creating passwords

    Don't use passwords that are names of children, pets, favorite sports teams and movies These are considered to be weak passwords because password crackers can very quickly generate countless words, names and variations of those words and names

    Avoid using consecutive patterns on your keyboard example abcd,123 zxcv or uiop

    Never tape a list of your passwords to your monitor or type them in to wordpad or notepad anyone that has physical access to your computer can use this to get into your data

    Don't use use any word or name for your root passwords

    Don't reuse old parts of previous passwords

    Don't use passwords that are written in different languages

    Don't use any part of your login name in your password(s)
    It's unbelievable the amount of dictionary pass you'll find if you brute force a random account. People still use keyboard sequences thinking no one ever thought of that... i've done this myself but hey, no one's born perfect right?

    anyways nice going

  4. #4
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    Wow thanks cheyenne I can't believe I didn't come across find that site when I was writing this. I am giving it a test run

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •