Basic security with passwords
To make users create strong passwords, and in that way improve the security of a system, it's a good idea to define the type of password that can be created. There are several ways to do this:
  • make them use a password generator
  • setup some guidelines like how much the password has to be long, what characters have to be used, etc.
  • check the integrity of existing passwords with a cracking program and alert users with a weak password.
There are various cracking programs that you can use, some of them are:It's wise to change the password frequently as well as avoiding having people look at you when you type your password. There's never enough paranoia when it comes to protecting your data.

Default passwords

Many applications, that need identification in order to be used, have a default password. Although this password may be easy to remember, you should change it as soon as possible. Lists of default passwords can be found all over the net and that's probably one of the first things an attacker is going to try using. The same thing applies for any situation when a password is assigned to you, login and change it, right away.

An example of a list of default passwords can be found here.



For much more information on passwords and other methods of authentication, I recommend reading the excellent Authentication: From Passwords to Public Keys by Richard Smith.

As it says on the Addison-Wesley book page:

"[This book] gives readers a clear understanding of what an organization needs to reliably identify its users and how different techniques for verifying identity are executed."

And, to close this article, here are two interesting articles you might be interested in:

Spotlight

The Software Assurance Marketplace: A response to a challenging problem

Posted on 20 October 2014.  |  The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has recognized how critical the state of software security is to the DHS mission.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //