Password Protection Essay

Today, everyone is having online banking account and  e-mail account . Safety is an important aspect. If some intruder steal our password, then we have to pay high price for it. So protecting password is a significant factor for each and every one in this e-world. This speech provides mechanism to protect our online password. Choosing a Good Password Your password is what tells the computer that you are who you say you are. Until we can do retina scans like in James Bond movies, the password is the best that we can do. But, because your password is like a key to your account, you need to safeguard it.

Anyone who has your password can get into your account, and your files. Anyone who can guess your password has it. Anyone who has your password can pose as you. Therefore, you may be held responsible for someone else’s actions, if they are able to get your password. You may not wish this to happen. Tips on safeguarding your password * First and foremost, NEVER give your password to anyone. “Anyone” means your coworkers, your spouse, your systems administrator. In the event of an emergency, the sysadmin can change your password. Your sytems administrator never has a need to know your personal password.

We will write a custom essay sample on
Password Protection Essay
or any similar topic only for you
Order now

If someone needs to get onto our machines, and has a reason to be here, do not give them access to your account. Speak to the systems staff about us setting up an account for them. We would be very happy to give them one. * Make your password something you can remember. Do not write it down. If you really, honestly forget your password, we can easily give you a new one. We’d rather set your password once a month because you forgot it than have someone find it written down and gain unauthorized access to your account. * Make your password difficult for others to guess.

This is not as hard as it initially seems. See the section below on chosing a good password. * DO NOT Change your password because of mail from someone claiming to be your systems administrator, supposedly needing access to your files!! This is a popular scam in some circles. Remember, your systems administrator never needs your password for any reason. If someone needs to ask you to change your password so that they can gain entry to your account, they do not have reason to be there. We run sophisticated password crackers on the password files of our machines.

If we guess your password, you will have to come see a staffer to have it changed. These are the same crackers that the bad guys have access to, so if you have a weak password, it’s better if we find out about it first. How Not to Choose a Password Here are some of the types of passwords that will be picked up by our crackers: * Words in the dictionary. * Words in any dictionary. * Your user name. * Your real name. * Your spouse’s name. * Anyone’s name (crackers don’t necessarily know that your aunt’s middle name is Agnes, but it’s easy enough to get a list of 100,000 names and try each one). Any word in any “cracking dictionary. ” There are lists of words that crackers use to try to crack passwords: passwords that a lot of people use. Some of these lists include: Abbreviations, Asteroids, Biology, Cartoons, Character Patterns, Machine names, famous names, female names, Bible, male names, Movies, Myths-legends, Number Patterns, Short Phrases, Places, Science Fiction, Shakespeare, Songs, Sports, Surnames * Any of the above, with a single character before or after it (“8dinner”, “happy1”). Any of the above, capitalized (“cat” –> “Cat”) * Any of the above, reversed (“cat” –> “tac”), doubled (“cat” –> “catcat”) or mirrored (“cat” –> “cattac”). * We used to tell people that taking a word and substituting some characters (a 0 (zero) for an o, or a 1 for an l) made a good password. This is no longer the case. New crackers have the capability to crack things like this, in certain situations. * Words like “foobar”, “xyzzy” and “qwerty” are still just plain words. They are also popular passwords, and the crack programs look for them. Avoid them. Any of the sample passwords, good or bad, mentioned in this document. How to Choose a Good Password I know that coming up with a good password can be difficult, so here are some guidelines to use. * Choose a password that is at least six characters long. This should be long enough to discourage a brute-force attack. Currently, the maximum password length on many Unix systems is eight characters, but if you want to add a few more characters to make it easier to remember, go ahead. Just bear in mind that anything after the eighth character will be ignored (so “abnormalbrain” is the same as “abnormal”). In general, a good password will have a mix of lower- and upper-case characters, numbers, and punctuation marks, and should be at least 6 characters long. Unfortunately, passwords like this are often hard to remember and result in people writing them down. Do not write your passwords down! * The license plate rule: take a phrase and try to squeeze it into eight characters, as if you wanted to put it on a vanity license plate. * Some people like to pick several small words, separated by punctuation marks of some kind. * Put a punctuation mark in the middle of a word, e. g. , “vege%tarian”. Use some unusual way of contracting a word. You don’t have to use an apostrophe. One of my favorite passwords was “kEp*-h;y”: “kEp” –> “keep”, “*-” –> “laser” (like those signs that you see outside of physics labs), and “h&y” –> “handy”; “Keep your laser handy! ” * You can use control characters. Just bear in mind that a lot of them have special meanings. If you use ^D, ^H or ^U, for example, you might not be able to log in again. * Think of an uncommon phrase, and take the first, second or last letter of each word. “You can’t always get what you want” would yield “ycagwyw”.

Throw in a capital letter and a puntuation mark or a number or two, and you can end up with “yCag5wyw”. * Deliberately misspelling one or more words can make your password harder to crack. * Use several of the techniques above. * Something that no one but you would ever think of. The best password is one that is totally random to anyone else except you. It is difficult to tell you how to come up with these, but people are able to do it. Use your imagination! Create strong passwords| Strong passwords are important protections to help you have safer online transactions. Keys to password strength: length and complexity

An ideal password is long and has letters, punctuation, symbols, and numbers. * Whenever possible, use at least 14 characters or more. * The greater the variety of characters in your password, the better. * Use the entire keyboard, not just the letters and characters you use or see most often. Create a strong password you can remember There are many ways to create a long, complex password. Here is one way that may make remembering it easier: What to do | Suggestion | Example | Start with a sentence or two (about 10 words total). | Think of something meaningful to you. | Long and complex passwords are safest.

I keep mine secret. (10 words) | Turn your sentences into a row of letters. | Use the first letter of each word. | lacpasikms (10 characters)| Add complexity. | Make only the letters in the first half of the alphabet uppercase. | lACpAsIKMs (10 characters)| Add length with numbers. | Put two numbers that are meaningful to you between the two sentences. | lACpAs56IKMs (12 characters)| Add length with punctuation. | Put a punctuation mark at the beginning. | ? lACpAs56IKMs (13 characters)| Add length with symbols. | Put a symbol at the end. | ? lACpAs56IKMs” (14 characters)| Test your password with a password checker

A password checker evaluates your password’s strength automatically. Try our secure password checker. Protect your passwords from prying eyes * The easiest way to “remember” passwords is to write them down. It is okay to write passwords down, but keep them secure. See 5 tips to keep your passwords secret. Common password pitfalls to avoid Cyber criminals use sophisticated tools that can rapidly decipher passwords. Avoid creating passwords using: * Dictionary words in any language. Words in all languages are vulnerable. * Words spelled backwards, common misspellings, and abbreviations. Words in all languages are vulnerable. Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty). * Personal information. Your name, birthday, driver’s license, passport number, or similar information. 5 tips to help keep your passwords secret| Treat your passwords with as much care as you treat the information that they protect. Use strong passwords to log on to your computer and to any site where you enter your credit card number, or any financial or personal information—including social networking sites. 1. Never provide your password over e-mail or in response to an e-mail request. Internet “phishing” scams use fraudulent e-mail messages to entice you to reveal your user names and passwords, steal your identity, and more. Learn more about phishing scams and how to deal with online fraud. 2. Do not type passwords on computers that you do not control * Computers such as those in Internet cafes, computer labs, kiosk systems, conferences, and airport lounges should be considered unsafe for any personal use other than anonymous Internet browsing. * Cyber criminals can purchase keystroke logging devices which gather information typed on a computer, including passwords. . Don’t reveal passwords to others * Keep your passwords hidden from friends or family members (especially children) who could pass them on to other, less trustworthy individuals. 4. Protect any recorded passwords * Don’t store passwords on a file in your computer, because criminals will look there first. * Keep your record of the passwords you use in a safe, secure place. 5. Use more than one password * Use different passwords for different Web sites and services. How to reduce the risk of online fraud| Online fraud can be annoying and costly and might pose serious risks to your computer.

To help reduce online fraud, learn to recognize scams and take steps to avoid them. Identity theft is not new, but the cost to consumers has risen since criminals have gone online. Criminals who want to gain access to your online accounts use phishing, hoaxes, or other scams to obtain personal information such as your name, social security number, account name, or password. What is a phishing scam? Phishing is a type of deception designed to steal your valuable personal data such as credit card numbers, Windows Live IDs, and other account data and passwords. Phishing is also known as identity theft and is a type of social engineering.

Common phishing scams: * Spoofs of businesses that you know and trust. These are e-mail messages that purport to be from companies or services that you know and trust such as your bank and could contain urgent messages with threats of account closures or other alarming consequences. * Lottery scams and other advanced fee fraud scams. For example, an e-mail message might request your help in a financial transaction such as the transfer of a large sum of money into your account. Or a message might contain a claim that you have received a large inheritance from someone you do not know or that you have won a lottery that you did not enter.

For more information, see Scams that promise money, gifts, or prizes. * Rogue security software scams. These are e-mail messages, Web sites, or pop-up windows that tell you that your computer is unsafe. If you download the software they offer so you can receive help, you could damage your system or waste money on software that you don’t need. You might see a phishing scam: * In e-mail messages, even if the messages appear to be from a coworker or someone you know. * On social networking Web sites. * On Web sites that appear to accept donations for charity. On Web sites that spoof familiar sites but that use slightly different Web addresses. * In your instant message (IM) program. * On your cell phone or other mobile device. Six signs of a scam 1. Generic greetings such as “Dear Customer,” which indicate that the sender does not know you and should not be trusted. 2. Alarming or urgent statements that require you to respond immediately. 3. Requests for personal or financial information, such as user names, passwords, credit card or bank account numbers, social security numbers, dates of birth, or other information that can be used to steal your identity. . Misspellings and grammatical errors, including Web addresses. The Web address might look very similar to the address of a legitimate business, but with a minor alteration. For example, instead of www. microsoft. com, the scammer might use www. micrsoft. com. For more information, see Typos can cost you. 5. The text of the link in the e-mail message to you is different from the Web address that you are directed to when you click the link. You can identify the actual Web address in a link by hovering over the link without clicking it.

The Web address appears in a text box above the link. 6. The “From” line in the original e-mail message to you shows a different Web address than the one that appears when you try to reply to the message. How can I help prevent a scam from happening to me? The following suggestions could help you avoid online fraud. * Delete spam. Do not open it or reply to it, even to ask to be removed from a mailing list. When you reply, you confirm to the senders that they have reached an active e-mail account and make yourself vulnerable to further abuse. Use caution when you click links in e-mail messages, text messages, pop-up windows, or instant messages. Instead, type Web addresses in a Web browser, or use your online Favorites or bookmarks. * Do not open e-mail attachments or click instant message download links unless you know who sent the message and you were expecting the attachment or link. * Be cautious about providing your personal or financial information online. Do not fill out forms in e-mail messages that ask for personal or financial information. * Create strong passwords and avoid using the same password for your bank and other important accounts.

To test the strength of your password, use our Password Checker. For more information, see Creating a strong password for your e-mail account: why you should and how to do it. * Use Internet Explorer 8 or similar Web browsers that include an additional layer of protection with sites that use Extended Validation (EV) SSL Certificates. With Internet Explorer 8, the address bar turns green to notify you that there is more information available about the Web site you are visiting. The identity of the Web site owner is also displayed on the address bar. Turn on SmartScreen Filter in Internet Explorer 8 to help detect unsafe and potentially unsafe Web sites as you browse. Read the messages warning messages that you see to decide if you want to proceed to a suspicious Web site or not. * Visit Microsoft Update to install the latest security updates and turn on automatic updating. * Make sure your computer’s firewall is turned on and that you use antivirus and antispyware software that is updated automatically, such as Microsoft Security Essentials. For more information, see Help protect your PC with Microsoft Security Essentials. Check your bank and credit card statements closely to identify and report any transactions that are not legitimate. * Never pay bills, bank, shop, or conduct other financial transactions on a public or shared computer or over a public wireless network. If you do log on to public computers, look for computers on networks that require a password, which increases security. What should I do with fraudulent e-mail messages? If you think an e-mail message might be fraudulent, we recommend taking the following precautions. * Delete the message. Do not respond or click links in it. Report any suspicious activity. (See below for contact information. ) * If you believe that someone is using your Windows Live account, you can reset your password. Go to http://login. live. com and click Forgot your password? * Fraudulent e-mail messages sometimes contain unwanted or malicious software (also known as malware). If you think you might have malware on your computer, go to safety. live. com and scan your computer to check for and remove unwanted software. For more information, see What to do if you’ve responded to a phishing scam. Where to report suspicious activity

If you suspect that something is wrong, there are several ways to report the possible fraud. Microsoft * If you suspect that you’ve received a phishing e-mail message, click report phishing scam on the message toolbar in Windows Live Hotmail or report the message to Microsoft. * To report the Microsoft Lottery fraud, send an e-mail message to [email protected] com. * For any other suspicious activity, go to support. live. com. * For Hotmail, go to the Hotmail Online Solutions Center. United States agencies Federal Trade Commission * To report advance fee fraud in the United States, forward the e-mail essage to [email protected] gov. * To report identity theft in the United States, visit the U. S. Federal Trade Commission (FTC) online or call toll free: (877) 438-4338. * To report other online scams or fraud in the United States, visit Filing a Complaint with the FTC, or call toll free: (877) 382-4357. Additional Resources Visit these Web sites for additional information about how to protect yourself from fraud in the United States. * Federal Government – OnGuard Online * Internet Crime Complaint Center * United States Postal Inspection Service * LooksTooGoodToBeTrue. om Why do you need a password? Think about the number of personal identification numbers (PINs), passwords, or passphrases you use every day: getting money from the ATM or using your debit card in a store, logging on to your computer or email, signing in to an online bank account or shopping cart… the list seems to just keep getting longer. Keeping track of all of the number, letter, and word combinations may be frustrating at times, and maybe you’ve wondered if all of the fuss is worth it. After all, what attacker cares about your personal email account, right?

Or why would someone bother with your practically empty bank account when there are others with much more money? Often, an attack is not specifically about your account but about using the access to your information to launch a larger attack. And while having someone gain access to your personal email might not seem like much more than an inconvenience and threat to your privacy, think of the implications of an attacker gaining access to your social security number or your medical records. One of the best ways to protect information or physical property is to ensure that only authorized people have access to it.

Verifying that someone is the person they claim to be is the next step, and this authentication process is even more important, and more difficult, in the cyber world. Passwords are the most common means of authentication, but if you don’t choose good passwords or keep them confidential, they’re almost as ineffective as not having any password at all. Many systems and services have been successfully broken into due to the use of insecure and inadequate passwords, and some viruses and worms have exploited systems by guessing weak passwords. How do you choose a good password?

Most people use passwords that are based on personal information and are easy to remember. However, that also makes it easier for an attacker to guess or “crack” them. Consider a four-digit PIN number. Is yours a combination of the month, day, or year of your birthday? Or the last four digits of your social security number? Or your address or phone number? Think about how easily it is to find this information out about somebody. What about your email password—is it a word that can be found in the dictionary? If so, it may be susceptible to “dictionary” attacks, which attempt to guess passwords based on words in the dictionary.

Although intentionally misspelling a word (“daytt” instead of “date”) may offer some protection against dictionary attacks, an even better method is to rely on a series of words and use memory techniques, or mnemonics, to help you remember how to decode it. For example, instead of the password “hoops,” use “IlTpbb” for “[I] [l]ike [T]o [p]lay [b]asket[b]all. ” Using both lowercase and capital letters adds another layer of obscurity. Your best defense, though, is to use a combination of numbers, special characters, and both lowercase and capital letters.

Change the same example we used above to “Il! 2pBb. ” and see how much more complicated it has become just by adding numbers and special characters. Longer passwords are more secure than shorter ones because there are more characters to guess, so consider using passphrases when you can. For example, “This passwd is 4 my email! ” would be a strong password because it has many characters and includes lowercase and capital letters, numbers, and special characters. You may need to try different variations of a passphrase—many applications limit the length of passwords, and some do not accept spaces.

Avoid common phrases, famous quotations, and song lyrics. Don’t assume that now that you’ve developed a strong password you should use it for every system or program you log into. If an attacker does guess it, he would have access to all of your accounts. You should use these techniques to develop unique passwords for each of your accounts. Here is a review of tactics to use when choosing a password: * Don’t use passwords that are based on personal information that can be easily accessed or guessed. * Don’t use words that can be found in any dictionary of any language. Develop a mnemonic for remembering complex passwords. * Use both lowercase and capital letters. * Use a combination of letters, numbers, and special characters. * Use passphrases when you can. * Use different passwords on different systems. How can you protect your password? Now that you’ve chosen a password that’s difficult to guess, you have to make sure not to leave it someplace for people to find. Writing it down and leaving it in your desk, next to your computer, or, worse, taped to your computer, is just making it easy for someone who has physical access to your office.

Don’t tell anyone your passwords, and watch for attackers trying to trick you through phone calls or email messages requesting that you reveal your passwords (see Avoiding Social Engineering and Phishing Attacks for more information). If your internet service provider (ISP) offers choices of authentication systems, look for ones that use Kerberos, challenge/response, or public key encryption rather than simple passwords (see Understanding ISPs and Supplementing Passwords for more information).

Consider challenging service providers that only use passwords to adopt more secure methods. Also, many programs offer the option of “remembering” your password, but these programs have varying degrees of security protecting that information. Some programs, such as email clients, store the information in clear text in a file on your computer. This means that anyone with access to your computer can discover all of your passwords and can gain access to your information.

For this reason, always remember to log out when you are using a public computer (at the library, an internet cafe, or even a shared computer at your office). Other programs, such as Apple’s Keychain and Palm’s Secure Desktop, use strong encryption to protect the information. These types of programs may be viable options for managing your passwords if you find you have too many to remember. There’s no guarantee that these techniques will prevent an attacker from learning your password, but they will make it more difficult.


Hi there, would you like to get such a paper? How about receiving a customized one? Check it out