Basic security with passwords
To make users create strong passwords, and in that way improve the security of a system, it's a good idea to define the type of password that can be created. There are several ways to do this:
  • make them use a password generator
  • setup some guidelines like how much the password has to be long, what characters have to be used, etc.
  • check the integrity of existing passwords with a cracking program and alert users with a weak password.
There are various cracking programs that you can use, some of them are:It's wise to change the password frequently as well as avoiding having people look at you when you type your password. There's never enough paranoia when it comes to protecting your data.

Default passwords

Many applications, that need identification in order to be used, have a default password. Although this password may be easy to remember, you should change it as soon as possible. Lists of default passwords can be found all over the net and that's probably one of the first things an attacker is going to try using. The same thing applies for any situation when a password is assigned to you, login and change it, right away.

An example of a list of default passwords can be found here.

For much more information on passwords and other methods of authentication, I recommend reading the excellent Authentication: From Passwords to Public Keys by Richard Smith.

As it says on the Addison-Wesley book page:

"[This book] gives readers a clear understanding of what an organization needs to reliably identify its users and how different techniques for verifying identity are executed."

And, to close this article, here are two interesting articles you might be interested in:


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th