.: OS Tips and help  :.
Windows XP
Windows 98
Windows 95
Mac
.:This and That :.
Handling Virus Hell
Email 
Firewalls
Desktop Fun
File Management
File Types
IP Addys
Spyware
Burning CD's
Software Types
Screen Resolution
Spammer Revenge
Tech Lingo?
What The Hell Dammit?
.: Tweeks and Tricks :.
REG Edit
Maintenance
Hard Drive Tweeks
BIOS tweeks
Memory tweeks
Modem Tweeks
Video card tweeks
3D FX Tweeks
Clocking your CPU
CD ROM Tweeks
 Tutorials
HTML
Java Script
CSS
Paint shop Pro
 
 

  Security Columns

Welcome to the section of Empire Computers devoted to security. We hope you enjoy our first edition. Due to the complexity of the issues we will not be running this section with a regular host. Instead Security articles may be submitted to empire_editors@yahoo.com Include a small photo of yourself and your websites url.

Article List

Click here for "Trojans an indepth look at sub7

Zip sneaks under anti virus radar 

Feeling Cocky Punk?

Good Password: A Practical Guide.

  By Jdenny 

Original Tutorial 

Introduction.

Since the computer was invented, people have been dealing with passwords. In
the raise of client-server computing, people have to have to deal with
passwords even more. We must enter a pair of user ID and password everytime
we logon to our machine, start an application, dial to get into the Internet, 
open our mailbox, etc. This list seems never stop expanding.

Currently, Internet business and many other transactions require a more 
stringent means than user ID and password combination. The use of digital 
certificates issued and verified by a Certificate Authority (CA) as part of a
public key infrastructure is considered likely to become the standard way to go.
But until all systems apply and conform to this new standard, we will still 
have to deal with passwords, i.e. choose the good ones and maintain them.


Definitions.

Before talking further about password, we'll need to talk about two processes
which explain why we would need passwords in the first place: authentication 
and authorization.

Authentication is the process of determining whether someone or something is,
in fact, who or what it is declared to be. In private and public computer 
networks (including the Internet), authentication is commonly done through the 
use of logon passwords. Knowledge of password is assumed to be a proof of 
identification.

Authorization is the process of giving someone permission to do or have
something based on an access control list. This list, defined by a system 
administrator maps users to the resources of the system and what privileges
of use (such as access to which file directories, hours of access, amount of
allocated storage space, and so forth).

Logically, authentication precedes authorization, although they may often seem 
to be combined in a single process.

So, password is a secret, unspaced sequence of characters used to 
authenticate a user requesting access to a system. Typically, users of a system
claim a unique name, his/her user ID, that can be generally known. In order to 
verify that someone entering that user ID really is that person, a second 
identification, his/her password, known only to that person and to the system 
itself, is entered by the user. 


Criteria for a Good Password.

A password is typically somewhere between four and 16 characters, depending on
how the system is set up. When a password is entered, the computer system is 
careful not to display the characters on the display screen, in case others
might see it.

Ideally, the password should be something that nobody could guess. That makes
the password secure. But don't make it too difficult to remember. For example,
iU81mDha is a hard to guess password. But can you remember it easily? What 
would you do if have to use that password and cannot change it to something 
else? Some people would render their password useless by writing them down on 
a sticky note on top of their monitor. This is a silly thing to do, since
anybody could see it and misuse it.

In practice, most people choose a simple word that is easy to remember, such as:
- their name or their initials
- their girl/boyfriend name
- their child name
- their pet name
- "password", "secret", "system", in any language
- blank 

This is also a silly thing to do, since anybody could guess it and again,
misuse it.

In short, there two important things when choosing a password: hard to guess, 
but easy to remember.

General criteria for setting up password guidelines include the following: 
- Don't pick a password that is same as your user ID
- Don't pick a password that is similar to your previous password 
- Don't pick a password that someone can easily guess if they know who you are
(including your social security number, birthday, or maiden name) 
- Don't pick a word that can be found in the dictionary (since password cracker
programs can easily be configured to perform dictionary attack) 
- Don't pick a word that is currently newsworthy 
- Don't pick the same password for all systems that you've been given access to
- Do pick a word that you can easily remember
- Do pick a mixture of letters and at least one number

AO QuickTip from ZeroOne:
Passwords are like underpants. Change them often enough (especially if asked 
to), use only your own ones, don't keep them visible, don't brag about them 
and remember that changing them too often is not a sin.

Some systems even requires a stricter policy regarding password, such as:
- Don't pick a password that has at least three same characters as your 
previous one
- Do pick a password that starts with letters, followed by numbers, and ends 
with letters

Some security experts also recommend the use of combination of lowercase and 
uppercase letters, and even special characters like #, $, !, etc. While it is a
good practice to follow, be careful not to allow you easily forget your 
password because it's too complicated.

Finally, some security policy explicitly forbid password sharing. All users must
have and maintain their own password.


Common Practices.

In this tutorial, I will suggest you some common practices on how to make a 
good password.

1. Pick an ordinary word and replace some letters with numbers.

This is probably the most simple technique you can use to create a good 
password. Some hackers may even naturally read and write words this way. 
The idea is to replace letter in the base word with number that has similar
look. We will start with this conversion list:
O -> 0
I -> 1
Z -> 2
E -> 3
A -> 4
S -> 5
G -> 6
J -> 7
B -> 8

Note that you can have your own list. The important thing is that you can 
easily do the conversion without having to look at the list. That's the 
reason why we convert letter into number with similar look.

It's time to practice now. What's your favorite word? Let's try favorite.
After converted, favorite becomes f4v0r1te. Well, this is good password. 
Don't you love your grandmother? Grandmother converts into 6r4ndm0ther. 
This is also a good one. Does Jessica make you crazy? Jessica turns into 
7e551c4. Wow! Easy, isn't it?

Easy, yes. But this technique could be easy to crack. Some password cracker
programs can be configured to crack passwords based on dictionary words then
try to apply the conversion. As long as you use dictionary words or other 
common words, the resulted password should be immune to the converted 
dictionary attack.

2. Pick some words and replace some with single letter/number.

This technique is as simple as the first one. The idea is to replace word 
with letter/number that has similar sound. We will start with this 
conversion list:
bee -> b
see -> c
eye -> i
and -> n
you -> u
tea -> t
why -> y
to -> 2
too -> 2
for -> 4
fore -> 4

Again, you can have your own custom list. Just make it easy for you to 
remember.

So, TooHardForYou becomes 2hard4u, and AndYouSeeOneTooNow becomes nuc12now.
Or perhaps you want to be a bit more creative and make TeaForTwoPlease 
convert into t42pls?

All passwords created with this technique are generally better than the 
previous ones, since they include more than one word. As a result, they are 
more immune to crackers (except when he/she decides to use the brute force 
attack, or even social engineering).

You can also combine technique 1 and 2. Then ISeeYouSmile becomes icusm1le,
and WhyCantYouSee becomes yc4ntuc. Be careful, though, not to make the 
conversion rule too complicated and hard to remember.

3. Pick an entire line of your favorite poem or song and pull the first letter 
of every word.

This technique is a simple variation of the previous ones. The idea is based
on the fact that every person has his/her own favorite song and would never 
forget its lyrics.

What's your favorite song? Well, this is the first line of "Kiss Kiss" from
Holly Valance: "When you look at me, tell me what you see". Now, pulling the
first letter of every word will produce wylamtmwys. Not good enough? 
Combining it with technique 1 will result in wyl4mtmwy5. That's better. Or 
do you prefer using technique 2 and make it wulamtmwuc or even wul4mtmwuc?

4. Pick any series of characters that you like and do a keyboard mapping.

This technique is totally different than the others. The main idea is to use
the keyboard mapping for the conversion. Since you will always have to use 
a keyboard for entering the password anyway, why not using it to do
on-the-fly conversion? This way you won't need to remember those conversion 
rules.

The other idea is that on the keyboard, numbers are positioned just above 
letters. By pressing a key that are above the original key, we may get a 
number instead of a letter (typically those in the QWERTY row). Replacing
letter with number will make a good password, right?

By now you'd be able to easily pick a word or other series of characters as
the base word. We will start with replacing every character in the base word
with the character on its upperleft position on the keyboard. For example:
Q -> 1
W -> 2
A -> Q
S -> W
N -> H
M -> J

As always, you can have your own rule, such as upperright mapping. The key 
thing is easy to remember.

Let's try now. igetyourpoint becomes 8t356974098h5. imfullnow becomes
8jr7ooh92. nomoreplease becomes h9j9430o3qw3. Yes, those are great 
passwords!



Conclusion.

This tutorial is actually only meant to be a starting point for you, to have a 
habit of always choosing good passwords for any systems that you need to 
access, even if it's not a critical one. Two important things that make a good 
password are hard to guess but easy to remember. Some common practices
discussed here show us it's not that hard to make one. 
   

 
.: Applications :.
Must have downloads
Software Reviews
.: Internet Explorer :.
Tweeks and Perks

Messengers and Chat

Yahoo Messenger Help
Yahoo Messenger Security
Yahoo Needfull Things
MSN Messenger
ICQ
AIM
Yahelite
MIRC
Trillion
Knob control
Report a booter

.: Archived Columns :.
Internet Etiquette
Security Columns
Opinion Columns
How To Columns

Mac Columns

.: Search :.
 
Need To Find Something Fast?
© 2002-2003 Empireezine.tripod.com