| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Exploits & Weaknesses in Password Security This paper covers exploits in passwords and describes each tangent associated within the realm of administration security practices. It is interesting that despite the many additional defense mechanisms in operating systems to deter brute-force attacks, many computers today are cracked because of weaknesses in the password itself.
Paul Gurgul,
11/16/2004
|
|
Passwords - Common Attacks and Possible Solutions Making sure authorized users have access to either sensitive company information or their personal e-mail can be a dauntning task, given the fact that an average user has to remember at least 4/5 passwords, a couple of which have to be changed on a monthly basis. The majority of users are frustrated when choosing or remembering a password, and are highly unaware of the consequences of their actions while handling accounting data.
Dancho Danchev,
11/10/2004
|
|
Options for Secure Personal Password Management In this paper I have used my personal needs for password management as a starting point, trying to determine a solution which would work both for IT personnel, and which would also be suitable for use by the average computer user. I examine the arguments for and against password storage, define the requirements of a secure password management application, develop evaluation criteria, and evaluate a number of password management applications.
By Hugh Ranalli, 07/08/2004
|
|
The Password Web Page The password web page helps keep systems secure by giving users an easy way to pick good computer generated passwords. The web page can be designed to run with any command line password generator. We will look on the Internet for password generators and research ways to safely encrypt and store the passwords. Once the user selects a password, it is encrypted and stored until a root level process can enter it onto the system.
By Curt Kuper, 04/23/2004
|
|
Passphrase FAQ Frequently asked question for simple and effective password use. For example, suppose a user chooses the password 'david.' On the surface the entropy of this key (or the number of different equiprobable key states) appears to be five characters chosen from a set of twenty-six with replacements: 26^5 or 1.188 x 10^7. But since the user is apparently biased toward common given names, which a majority appear in lists numbering only 6,000-7,000 entries, the true entropy is undoubtedly much closer to 6.5 x 10^3, or about four orders of magnitude smaller than the raw length might suggest. (In fact this password probably possesses a much smaller entropy than even this for the very common name "david" would be one of the first names to be checked by an optimized dictionary attack program.)
By Grady Ward, 04/23/2004
|
|
Password security and the means of achieving it within a Novell environment This paper will focus on the need for password security and the various means of implementing and maintaining it within a Novell NDS / eDirectory environment. Securing the accounts in your directory involves a combination enforcing strong passwords, account lockout periods and security policies, in addition to providing the users with training. An additional security add-on called Novell Modular Authentication Services allows for definable password characteristics and multifactor authentication using smart cards, tokens, or biometrics.
By Erik Ball, 04/17/2004
|
|
Secure Password Storage Passwords, the keys to our networks, Safeguards of our information privacy, financial transactions, intellectual property - sometimes even our physical security! How do we store and protect these keys, yet present them immediately for use when: a Sysadmin takes up extreme sports - with disastrous results -- and is no longer there to help, even over the phone? The "big one" finally hits and the IT staff are headed for a recovery hot site? A critical password is simply forgotten or lost? This is a challenge that faces IT shops of almost any size. Passwords/authentication methods must be protected from unauthorized disclosure and tampering but must also be readily available to allow fast recovery in the event of a service interruption or loss of personnel. Coming up with a secure method to archive and retrieve passwords for my company has become one of my personal goals.
By Shelby Reeves, 04/03/2004
|
|
Password Security in NIS Systems This material begins with a dual survey of NIS security and password security and goes beyond the initial reading into an attempt to advance password security practice in NIS. It could present a launching point for further projects in NIS security. The necessity of these security projects is taken as given, due to the number of established sites using NIS, the new sites coming online, and the multiplatform or administrative inadequacies of some of the proposed successors to NIS.
By Eric Gallagher, 03/24/2004
|
|
Password Protection: Is This the Best We Can Do? More often than not, the last barrier between the "outside world" and most computer systems is some kind of password authentication. While passwords are practically ubiquitous in modern computer systems, numerous deficiencies associated with passwords present a critical challenge to network security professionals. If an attacker is able to determine a valid username and password to a computer system, they will be able to impersonate the valid user and access the system. Since valid credentials are presented, these intrusions often go unnoticed.
By Jason Mortensen, 03/24/2004
|
|
Securing Access: Making Passwords a Legitimate Corporate Defense This paper outlines four easy steps to secure access to your systems using strong passwords, even those selected by users. Being forced to select a new password can be a frustrating experience for users. By the time they've memorized their latest secure (or favorite, but insecure) password, "The System" forces them to change it again. Users don't necessarily care about security issues; they just want to get their work done. It's your role to ensure that system and application passwords are secure from both internal and external attacks. Making that easy for users is critical. All this causes you to lose sleep at night.
By David H Sherrod, 03/24/2004
|
|
Page: 1 2 |
