Password Security, Threats and Measures

From Embedded Lab Vienna for IoT & Security
Revision as of 01:17, 4 March 2024 by NSelimovic (talk | contribs) (Created page with "== Summary == This documentation provides an overview of the threats to passwords and the security measures taken against them. Furtheron, this article provides a presentation on how to crack a password with the pentesting tool "John The Ripper". == Password Security == Passwords are the most used authentication method. Therefore, the security of a password is of significant importance. The strenght of a password can be measured through the quality of the password or...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Summary

This documentation provides an overview of the threats to passwords and the security measures taken against them. Furtheron, this article provides a presentation on how to crack a password with the pentesting tool "John The Ripper".

Password Security

Passwords are the most used authentication method. Therefore, the security of a password is of significant importance. The strenght of a password can be measured through the quality of the password or its entropy. Besides the quality and entropy of a password, factors like personal data or known passwords have to be considered.

The quality of a password is described as the time it takes to crack a password using the trial and error method. Passwords which take longer to crack are considered to be of higher quality. The entropy of a password is described as the randomness and unpredictability of a password. The entropy of a password can be impacted through factors like the length and character set size.

Password Managers

Password managers can store the passwords, guide the creation and provide security when sharing passwords. Password managers can include aid in the cases of long, complex and important passwords as they store the passwords of the user and provide a certain level of security. These managers often consist of several authentication steps in order to achieve this certain level of security. The functionality can differ as there are different types of managers.

Types of password managers:

  • Cloud-Based Password Managers
  • Local Password Managers
  • Browser-Based Managers
  • Enterprise Managers
  • Hardware Password Managers

Vulnerabilities and Threats

Passwords are mostly created by humans and are therefore a subject to vulnerabilities. Humans seek simplicity and comfort and they try to create easy to remember passwords. They often use personal information in order to provide a memorable word. Most of them use the same passwords on multiple websites and neither do they change them frequently. Close to two thirds of users do not use special characters in their passwords.

These factors create many vulnerabilities as they make the passwords predictable, of low quality or entropy and therefore easier to crack.

Threats

These weakly created passwords are often the victim to different threats. These threats are

Requirements

  • Operating system/Platform: Kali Linux
  • Packages: git openwall/john


Description

Step 1

Enter these commands in the shell 

echo foo
echo bar

Step 2

Make sure to read

  • War and Peace
  • Lord of the Rings
  • The Baroque Cycle

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

Courses

References

Retrieved from "https://wiki.elvis.science/index.php?title=Password_Security,_Threats_and_Measures&oldid=14517"