🔐

Guide to Secure Password Selection

Jun 3, 2025

Lecture Notes: Selecting Secure Passwords

Introduction

  • Importance of secure passwords despite alternative authentication methods.
  • Many users still rely on passwords for various accounts.
  • Risks of using simple, easy-to-remember passwords.

Common Password Attack Methods

  • Guessing: Attempting common words and phrases related to the user.
  • Online Dictionary Attack: Automated programs use word lists to try to log in.
  • Offline Dictionary Attack: Uses stolen password files to determine passwords.
  • Offline Brute Force Attack: Generates all possible passwords to match hashes.

Strong Passwords

  • Strong passwords can defeat attack methods.
  • Character Classes:
    • Lowercase letters
    • Uppercase letters
    • Numerals
    • Non-alphanumeric symbols
    • Unicode characters
  • Strong passwords should use characters from at least three of these groups.

Pass Phrases vs Passwords

  • Pass phrases provide security and are easier to remember.
  • Example: "I re@lly want to buy 11 Dogs!" (do not use this example).

Windows Password Storage

  • Passwords stored as hashes, not plaintext.
  • LM Hash: Less secure, used for backward compatibility.
  • NTLM Hash: More secure, uses MD4 hash.
  • Importance of understanding password hashes and entropy.

Importance of Password Complexity

  • Entropy increases security by making passwords less predictable.
  • Use of ALT key combinations for Unicode characters enhances strength.
  • Avoid using easy-to-guess patterns or common characters.

Developing a Password Policy

  • Identify operating systems in use to set appropriate policies.
  • Technical Password Requirements:
    • Enforce password history (e.g., 24 passwords remembered).
    • Set maximum password age (e.g., 42 days).
    • Determine minimum password age (e.g., 2 days).
    • Minimum password length (e.g., 8 characters).
    • Ensure passwords meet complexity requirements.

Communicating and Implementing Password Policies

  • Document and communicate policies to organization members.
  • Include tips on creating memorable and strong passwords:
    • Use more than one word and symbols instead of characters.
    • Choose events or people unique to you.
    • Use phonetics for additional complexity.
    • Avoid personal information and common patterns.

Additional Resources

View note sourcehttps://msdn.microsoft.com/en-us/library/cc875839.aspx