User:Smsalahshoor

PASSWORD SECURITY
In the fast passed technology driven world we live in, there are password requirements at every turn (Debit/Credit cards, telephone, work laptop, PC, email etc) where access to sensitive and confidential information is accomplished by user authentication through passwords. The strength or weakness of these passwords determines the line of defense against crackers with intent to access information for use in malicious ways. The goal of this entry is to provide education to the general public on measures people can use to ensure they maintain a secure network and information system whether at home or work.A password is a secret word or combination of characters that only the user should know (Whitman. An unspaced sequence of characters is used to determine that a computer user requesting access to a computer system is really that particular user (techtarget). Security is the freedom from risk or danger; safety. Password security measures are a fundamental control that when implemented through effective policies and procedures mitigate risk to ensure a secure network and information system for the organization. In case after case, however, weak passwords have been shown to compromise security allowing breaches to occur that put the entire network and information system at risk not to mention an unknowing customer. A simple form of protection that is a vital component of the security system, passwords should be a core component of the organization’s or individual's security management practices. Passwords are a “something you know” form of authentication mechanism. This authentication mechanism verifies the user’s identity by means of a password or passphrase [9]. Experts say there were one billion attempts by criminals to break into online accounts last year [1]. In the space of a single week last year, 6.5 million LinkedIn, 1.5 million eHarmony and an estimated 17 million Last.fm users' password hashes were uploaded to hacking forums [3]. An apparently simple measure to maintain security continues to elude us in our password creation efforts.

Weak Passwords
Maintaining strong passwords are the cornerstone to secure computing online and within the organization. Weak passwords that lack complexity are more susceptible to brute-force and crackers with ill intent creating a security risk to the individual and the organization. A password crack is an attempt to reverse-calculate or guess a password; password attacks include dictionary attacks, brute force attacks, and man-in-the middle attacks [9]. Experts recommend refraining from reusing the same password, a practice that exposes users to lists posted by hackers repeated damage from a single security breach [5] with potentially devastating results. The most common consumer passwords based on an analysis of 32 million passwords exposed in the recent Rockyou.com breach are [6]:
 * 1) 123456
 * 2) 12345
 * 3) 1234567
 * 4) Password
 * 5) iloveyou
 * 6) princess
 * 7) rockyou
 * 8) 1234567
 * 9) 12345678
 * 10) abcl23

A password should be difficult to guess, which means it cannot be a word that is easily associated with the user such as the name of a spouse, child, pet, or numbers that may be associated with the user (Whitman). Even when the database stores passwords in a seemingly unrecoverable manner, weak passwords may be retrieved readily enough through brute force. With the scrambled data in hand, crackers can run through trillions of possibilities with off-the-shelf hardware [10]. The length and complexity of a password determines the effort required to mount a brute force attack [7].

Creating Strong Passwords
Information security available and the messaging communicated in creating strong passwords is consistent. One of the biggest debates in security focuses on the complexity of passwords [9]. A password should include a mix of uppercase and lowercase letters and incorporate numerals and special characters [2]. Taking this advice creates a defense making it tougher for sophisticated cyber-criminals to crack your password code. Many have suggested that creating passphrases that are long enough to withstand brute force attacks, and random enough to withstand dictionary attacks [10] are another measure to ensure establishment of a secure password. A passphrase is a plain-language phrase, typically longer than a password, from which a virtual password is derived [9]. Some experts have gone so far as to suggest memorizing a sonnet which consists of 14 lines and creating a passphrase using the first letter of each line to maintain a safe and secure password. Length rather than using symbols and numbers, is actually a greater indicator of password strength [4]. To increase security, changing passwords every two to three months is another measure to help keep crooks out of your account.

Password Management
Adding to the problem of creating strong passwords is the ability to remember and manage our passwords effectively. IS security experts recommend using several different passwords to minimize risk and maintain safety. There are multiple products available focused on keeping passwords safe, secure and easy to access. Password management programs memorize and store the login information you choose in an encrypted file [8]. Some organizations have resorted to storing multiple fake passwords referred to as “honeywords” as a security breach protection measure. The term "honeywords" is a play on "honeypot," which in the information security realm refers to creating fake servers and then learning how attackers attempt to exploit [3]. By taking on the duty of memorizing and regurgitating usernames and passwords, a password management program makes your accounts safer because you can use stronger passwords and change them more frequently [8].

Security Awareness
For the organization and individual computer user password security training and awareness are a step in the right direction to maintaining a safe computing environment. The balance of power between security controls and attack methods shifts quite dramatically if you assume the attacker has high-performance computing available at low cost (Antonopoulos 2010). People can be the weakest or strongest link in the information security landscape. One of the least frequently implemented but most effective security methods is the security awareness program [9]. Employee education with clearly documented policy aligned with training is a step in the right direction to building awareness. Individuals should make an effort to understand the importance of secure passwords in their personal computing efforts.