Difference between revisions of "Password Security"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 9: Line 9:
=== The Password Quality ===
=== The Password Quality ===


'''Personal information''' is used to create passwords which is a polpular target for social engineering. Often '''standard passwords''' like "123456" or "passowrd" are used. Actually, "123456" is the most used password for the last years [2]. The re-use of passwords is one of the main topics: many users use the '''same password for various accounts'''. It is obvious that it is not a good idea to use the same password for online banking and for Adobe account.  
'''Personal information''' is used to create passwords which is a polpular target for social engineering (names, dates, etc.). Often '''standard passwords''' like "123456" or "passowrd" are used. Actually, "123456" is the most used password for the last years [2]. The re-use of passwords is one of the main topics: many users use the '''same password for various accounts'''. It is obvious that it is not a good idea to use the same password for online banking and for Adobe account.  


== Good Passwords ==
== Good Passwords ==
Line 31: Line 31:
  Are you sorry we drifted apart?
  Are you sorry we drifted apart?


Resulting password: Ayl2n?Dymm2n?Ayswda?
The resulting password might be: Ayl2n?Dymm2n?Ayswda?
 
* Think about approx. 4 different words which make sense for you but in general, the combination does not make any sense at all. Meaningful sentences  are no good passwords.
 
Here's an example:
Concrete
Ocean
Mouse
Egg
 
You'll have to add a special character and a digit. The resulting password might be: ConcreteOcean4MouseEgg!
 





Revision as of 15:28, 2 March 2020

Summary

This documentation provides advice about secure passowrds. It covers known problems with passwords and elaborates various solutions for secure password creation and usage. The issue "bad passwords" is the number 1 vulnerability in the Internet-of-Things (IoT)[1].

Problems with Passwords

There are several more or less widely known bad habits regarding passwords.

The Password Quality

Personal information is used to create passwords which is a polpular target for social engineering (names, dates, etc.). Often standard passwords like "123456" or "passowrd" are used. Actually, "123456" is the most used password for the last years [2]. The re-use of passwords is one of the main topics: many users use the same password for various accounts. It is obvious that it is not a good idea to use the same password for online banking and for Adobe account.

Good Passwords

There are 3 general aspects for good passwords: the length plays a main role, the pwassword must not be trivial, and the password must be easily memorized. Leet speak is not a good idea because meanwhile all password crackers know leet speak.

Good Password Checklist

  • Minimum length of 12 characters
  • Contains lower & upper case letters, digits, and special characters
  • As random as possible
  • Easy to remember

How to Create a Good Password

  • Think about your favorite lines of a song, poem, or movie, etc. Take the first letters and special characters to create your password.

Here's an example:

Are you lonesome tonight? 
Do you miss me tonight?
Are you sorry we drifted apart?

The resulting password might be: Ayl2n?Dymm2n?Ayswda?

  • Think about approx. 4 different words which make sense for you but in general, the combination does not make any sense at all. Meaningful sentences are no good passwords.

Here's an example:

Concrete
Ocean
Mouse
Egg

You'll have to add a special character and a digit. The resulting password might be: ConcreteOcean4MouseEgg!


Requirements

none - so far...

In order to complete these steps, you must have followed Some Other Documentation before.

Description

Step 1

Enter these commands in the shell

echo foo
echo bar

Step 2

Make sure to read

  • War and Peace
  • Lord of the Rings
  • The Baroque Cycle

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

References