KEMBAR78
Improving Password Based Security | PPTX
Rare Input, profile picture
Uploaded byRare Input
PPTX, PDF1,490 views

Improving Password Based Security

The document discusses the significance of passwords for user authentication and highlights the evolution and necessity of strong password security. It outlines strategies for improving password security, such as creating strong passwords, storing them securely, employing password aging, and limiting guess attempts. Additionally, it provides a list of dos and don’ts to enhance password management and protect against unauthorized access.

Downloaded 42 times
Improving Password Based Security
What is a Password? • A password is a secret word or string of characters that is used for user authentication to prove identity, or for access approval to gain access to a resource (example: an access code is a type of password). • The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword, and would only allow a person or group to pass if they knew the password. • In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. Brought To You by www.rareinput.com
What is the need of a password? There are many reasons to use passwords. Here are some common reasons to use them: to prevent unauthorized access to important information to guarantee security of personal information to prevent unauthorized access to user accounts, such as computer and email accounts to be able to use various Internet services securely Brought To You by www.rareinput.com
How does password work? Whenever we create a login on any website or any stand alone system/application, we are generally asked for two things one is the username and other is the password. The combination of these username and password is then saved into the database of the system/application. And when the user tries to log in to that particular system or application, he is asked for these two things. If the username and the password entered by the user matches with the password and the username previously stored in the database, then he/she is granted the access, else the access is prevented. Brought To You by www.rareinput.com
Challenges in password based security Password Creation Password strength Password storing Password Protection Password cracking Brought To You by www.rareinput.com
How to Improve Password based security? A very simple answer to this question is “to improve the strength of the password”. But what actually is a good strength to ensure the proper security?? Well, there are some techniques and do’s and don'ts which may ensure a better security while using password security. Some of them are discussed in the next slides. Brought To You by www.rareinput.com
I. Creating a strong Password: We all must create strong passwords which are tough to guess and break. In order to create strong passwords we shall follow following points. a) A minimum password length of 12 to 14 characters. b) Generating passwords randomly where feasible c) Avoiding passwords based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past), or biographical information (e.g., ID numbers, ancestors' names or dates). d) Including numbers, and symbols in passwords if allowed by the system e) If the system recognizes case as significant, using capital and lower-case letters f) Avoiding using the same password for multiple sites or purposes g) Avoid using something that the public or workmates know you strongly like or dislike Brought To You by www.rareinput.com
2. Storing Encrypted Password: • When we are planning to authenticate users via passwords, we must ensure the security of the password in our database. • If we store user passwords as plaintext, against which to compare user log on attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ the same password for accounts on different systems, those will be compromised as well. • More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible. • A common approach stores only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. Brought To You by www.rareinput.com
3. Random Passwords: • Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the ASCII character set), pronounceable passwords, or even words from a word list (thus forming a passphrase). • However, these are often not truly random, but pseudo random • Random password programs often have the ability to ensure that the resulting password complies with a local Password Policy. Brought To You by www.rareinput.com
4. Password longevity (ageing): • "Password aging" is a feature of some operating systems which forces users to change passwords frequently (e.g., quarterly, monthly or even more often) • There is often an increase in the people who note down the password and leave it where it can easily be found or Users may use simpler passwords or develop variation patterns on a consistent theme to keep their passwords memorable. Because of these issues, password aging is effective. • Password aging is also required because of the nature of data of the IT systems. Brought To You by www.rareinput.com
5. Limits on the number of password guesses: • An alternative to limiting the rate at which an attacker can make guesses on a password is to limit the total number of guesses that can be made. • The password can be disabled, requiring a reset, after a small number of consecutive bad guesses (say 5); and the user may be required to change the password after a larger cumulative number of bad guesses (say 30), to prevent an attacker from making an arbitrarily large number of bad guesses by interspersing them between good guesses made by the legitimate password owner. Brought To You by www.rareinput.com
6. Transmission through encrypted channels: • The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using cryptographic protection. • The most widely used is the Transport Layer Security (TLS, previously called SSL) feature built into most current Internet browsers. • Most browsers alert the user of a TLS/SSL protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. Brought To You by www.rareinput.com
Do’s and don’ts of a password Do’s of a password Don’ts of a password • DO pick a password you will remember • DON'T write your password down. • DO change your password regularly • DON'T make obvious choices like your last name, first • DO use a mix of uppercase and lowercase name, nickname, birthdate, spouse characters and special characters such as name, pet name, make/model of car, or #, $, %. favorite expression. • DO use random passwords. • DON'T choose your username as your • DO use a password that you can type quickly password. without having to look at your keyboard. This • DON'T share your password with anyone. makes it harder for someone to notice your Once it is out of your control, so is your password if they happen to be watching over security. your shoulder. • DON'T use a word contained in English or • DO use a password with 8 or more foreign language dictionaries, spelling lists or characters. More is better. commonly digitized • DO create different passwords for different • DON'T use an alphabet sequence accounts and applications. Brought To You by www.rareinput.com (lmnopqrst), a number sequence (12345678)
By using these mentioned techniques we can significantly improve our password based security and can save ourselves from the numerous threats of this cyber world. Brought To You by www.rareinput.com
References • http://www.google.com • http://www.securepasswords.net/site/Password-Dos-andDonts/page/25.html • http://en.wikipedia.org/wiki/Password_strength • http://en.wikipedia.org/wiki/Password Brought To You by www.rareinput.com
Thank You Saurabh Kumar Jha CTO and Co Founder www.rareinput.com

More Related Content

PDF
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
byEdureka!
 
PPTX
Sql Injection attacks and prevention
byhelloanand
 
PDF
CSRF Basics
byn|u - The Open Security Community
 
PPTX
SQL Server database project ideas - Top, latest and best project ideas final ...
byTeam Codingparks
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PDF
Typography in Web Design
byJasmine Vesque
 
PPTX
Cross Site Request Forgery (CSRF) Scripting Explained
byValency Networks
 
PPT
Application Security
byflorinc
 
Computer Security | Types of Computer Security | Cybersecurity Course | Edureka
byEdureka!
 
Sql Injection attacks and prevention
byhelloanand
 
CSRF Basics
byn|u - The Open Security Community
 
SQL Server database project ideas - Top, latest and best project ideas final ...
byTeam Codingparks
 
Sql injection - security testing
byNapendra Singh
 
Typography in Web Design
byJasmine Vesque
 
Cross Site Request Forgery (CSRF) Scripting Explained
byValency Networks
 
Application Security
byflorinc
 

What's hot

PPT
Internet cookies
byAbhi Bhardwaj
 
PDF
File server on using cisco packet tracer
bySabrinaUporna
 
PPTX
Graphical password authentication
byshalini singh
 
PDF
Data Retrieval over DNS in SQL Injection Attacks
byMiroslav Stampar
 
PPT
CROSS SITE SCRIPTING.ppt
byyashvirsingh48
 
PDF
Cross site scripting attacks and defenses
byMohammed A. Imran
 
PDF
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
byEdureka!
 
PPTX
Understanding Cross-site Request Forgery
byDaniel Miessler
 
PDF
Password Cracking using dictionary attacks
bylord
 
PDF
Footprinting
byDuah John
 
PPT
Online Voting System
byapolama
 
PPTX
M Suburban Train Ticket System
bykalpesh1908
 
PPTX
Network Security Nmap N Nessus
byUtkarsh Verma
 
PPTX
Malware and Anti-Malware Seminar by Benny Czarny
byOPSWAT
 
PPTX
Command injection
bypenetration Tester
 
PPTX
PHISHING DETECTION
byumme ayesha
 
DOCX
E commerce use case documentation.
byYaswanth Babu Gummadivelli
 
PPT
Port Scanning
byamiable_indian
 
PPT
Windows forensic artifacts
byn|u - The Open Security Community
 
PDF
Web App Security Presentation by Ryan Holland - 05-31-2017
byTriNimbus
 
Internet cookies
byAbhi Bhardwaj
 
File server on using cisco packet tracer
bySabrinaUporna
 
Graphical password authentication
byshalini singh
 
Data Retrieval over DNS in SQL Injection Attacks
byMiroslav Stampar
 
CROSS SITE SCRIPTING.ppt
byyashvirsingh48
 
Cross site scripting attacks and defenses
byMohammed A. Imran
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
byEdureka!
 
Understanding Cross-site Request Forgery
byDaniel Miessler
 
Password Cracking using dictionary attacks
bylord
 
Footprinting
byDuah John
 
Online Voting System
byapolama
 
M Suburban Train Ticket System
bykalpesh1908
 
Network Security Nmap N Nessus
byUtkarsh Verma
 
Malware and Anti-Malware Seminar by Benny Czarny
byOPSWAT
 
Command injection
bypenetration Tester
 
PHISHING DETECTION
byumme ayesha
 
E commerce use case documentation.
byYaswanth Babu Gummadivelli
 
Port Scanning
byamiable_indian
 
Windows forensic artifacts
byn|u - The Open Security Community
 
Web App Security Presentation by Ryan Holland - 05-31-2017
byTriNimbus
 

Similar to Improving Password Based Security

PDF
Why is password protection a fallacy a point of view
bySTO STRATEGY
 
PPTX
P@ssw0rds
byWill Alexander
 
PDF
Password Strength Policy Query
byGloria Stoilova
 
PPTX
Passwords
bySonia Rose Mary Karungi
 
PDF
W make107
byGreg in SD
 
PDF
Authetication ppt
byPranav Doshi
 
PPTX
computer security authorization Authentication.pptx
byRajendraKumarVerma10
 
PPTX
2 Laymans Course - LAMP V2.pptx
byssuser2f0fb0
 
PPTX
Securing password
bysplendorcollege
 
PDF
W make107
byGreg in SD
 
PDF
Why is password protection a fallacy a point of view
byYury Chemerkin
 
PDF
How to Design Passwords
byUniversity of Hertfordshire
 
PPTX
IAM Password
byAidy Tificate
 
PDF
User Authentication: Passwords and Beyond
byJim Fenton
 
PPTX
05-Authentication.pptx Software Security
byRahmathMohammed4
 
PPTX
When will passwords die? Research challenges and opportunities in user authen...
byShujun Li
 
PPTX
Password management
byWilmington University
 
PDF
Password Security
byCSCJournals
 
PPTX
Password Importance - lesson for grade six
bynaseem523917
 
PDF
Be Cyber Smart! (DLH 10/25/2019)
byDavid Herrington
 
Why is password protection a fallacy a point of view
bySTO STRATEGY
 
P@ssw0rds
byWill Alexander
 
Password Strength Policy Query
byGloria Stoilova
 
Passwords
bySonia Rose Mary Karungi
 
W make107
byGreg in SD
 
Authetication ppt
byPranav Doshi
 
computer security authorization Authentication.pptx
byRajendraKumarVerma10
 
2 Laymans Course - LAMP V2.pptx
byssuser2f0fb0
 
Securing password
bysplendorcollege
 
W make107
byGreg in SD
 
Why is password protection a fallacy a point of view
byYury Chemerkin
 
How to Design Passwords
byUniversity of Hertfordshire
 
IAM Password
byAidy Tificate
 
User Authentication: Passwords and Beyond
byJim Fenton
 
05-Authentication.pptx Software Security
byRahmathMohammed4
 
When will passwords die? Research challenges and opportunities in user authen...
byShujun Li
 
Password management
byWilmington University
 
Password Security
byCSCJournals
 
Password Importance - lesson for grade six
bynaseem523917
 
Be Cyber Smart! (DLH 10/25/2019)
byDavid Herrington
 

Recently uploaded

PDF
Nernst Distribution Law and factors affecting distribution constant
byMithil Fal Desai
 
PDF
Admin Slides for Oct'25 semester - PBO - MC1.pdf
byMark Kor
 
PDF
The Minority Caucus in Parliament has called on government to take immediate ...
bynservice241
 
PDF
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
PDF
Admin Slides for Oct'25 semester (Progression)
byGreat Files
 
PPTX
PECTORAL REGION.pptx Human anatomy,Bmls,
byKISMAT ALI
 
PPTX
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
PPTX
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
PPTX
Agriculture Lesson Note for Grade 11 Chapter 3 & 4.pptx
byNajibMuhidin
 
PPTX
DBP - BITA Introduction Slides Oct 202526
byGreat Files
 
DOCX
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
PPTX
Classification and Applied Aspects of Joints.pptx
byMathew Joseph
 
PPTX
Capitol Webinar October 2025 Dr. Jha.pptx
byCapitolTechU
 
PPTX
How to Create a Manifest File in Odoo 18
byCeline George
 
PPTX
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
DOCX
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
PPTX
Single entry System Vs Double entry System.pptx
bylavanyafranklin0804
 
PPTX
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
PDF
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
PDF
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 
Nernst Distribution Law and factors affecting distribution constant
byMithil Fal Desai
 
Admin Slides for Oct'25 semester - PBO - MC1.pdf
byMark Kor
 
The Minority Caucus in Parliament has called on government to take immediate ...
bynservice241
 
Phase Equilibria and Colligative Properties.pdf
byMithil Fal Desai
 
Admin Slides for Oct'25 semester (Progression)
byGreat Files
 
PECTORAL REGION.pptx Human anatomy,Bmls,
byKISMAT ALI
 
Nerve lecture 2:strength-duration curve and an introduction to action potential
bydina merzeban
 
Common problems or challenges faced by Indian adolescents
byDr. Harpal Kaur
 
Agriculture Lesson Note for Grade 11 Chapter 3 & 4.pptx
byNajibMuhidin
 
DBP - BITA Introduction Slides Oct 202526
byGreat Files
 
PRESS STATEMENT - Response to Minority_ Press Ready.docx
bynservice241
 
Classification and Applied Aspects of Joints.pptx
byMathew Joseph
 
Capitol Webinar October 2025 Dr. Jha.pptx
byCapitolTechU
 
How to Create a Manifest File in Odoo 18
byCeline George
 
Safety Needs and Prevention of environmental hazards.pptx
byAneetaSharma15
 
Extension Education: From theory to practice by Dr Subin K Mohan.docx
byDrSubinKMohan
 
Single entry System Vs Double entry System.pptx
bylavanyafranklin0804
 
Capital Budgeting - Risk Analysis Using Sensitivity Analysis
bySundar B N
 
Admin Slides for Oct'25 semester - PB1_MC5.pdf
byGreat Files
 
BD1TL - TNTEU - Teaching and Learning - Unit - 2.pdf
byDr Raja Mohammed T
 

Improving Password Based Security

  • 1.
  • 2.
    What is aPassword? • A password is a secret word or string of characters that is used for user authentication to prove identity, or for access approval to gain access to a resource (example: an access code is a type of password). • The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword, and would only allow a person or group to pass if they knew the password. • In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. Brought To You by www.rareinput.com
  • 3.
    What is theneed of a password? There are many reasons to use passwords. Here are some common reasons to use them: to prevent unauthorized access to important information to guarantee security of personal information to prevent unauthorized access to user accounts, such as computer and email accounts to be able to use various Internet services securely Brought To You by www.rareinput.com
  • 4.
    How does passwordwork? Whenever we create a login on any website or any stand alone system/application, we are generally asked for two things one is the username and other is the password. The combination of these username and password is then saved into the database of the system/application. And when the user tries to log in to that particular system or application, he is asked for these two things. If the username and the password entered by the user matches with the password and the username previously stored in the database, then he/she is granted the access, else the access is prevented. Brought To You by www.rareinput.com
  • 5.
    Challenges in passwordbased security Password Creation Password strength Password storing Password Protection Password cracking Brought To You by www.rareinput.com
  • 6.
    How to ImprovePassword based security? A very simple answer to this question is “to improve the strength of the password”. But what actually is a good strength to ensure the proper security?? Well, there are some techniques and do’s and don'ts which may ensure a better security while using password security. Some of them are discussed in the next slides. Brought To You by www.rareinput.com
  • 7.
    I. Creating astrong Password: We all must create strong passwords which are tough to guess and break. In order to create strong passwords we shall follow following points. a) A minimum password length of 12 to 14 characters. b) Generating passwords randomly where feasible c) Avoiding passwords based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past), or biographical information (e.g., ID numbers, ancestors' names or dates). d) Including numbers, and symbols in passwords if allowed by the system e) If the system recognizes case as significant, using capital and lower-case letters f) Avoiding using the same password for multiple sites or purposes g) Avoid using something that the public or workmates know you strongly like or dislike Brought To You by www.rareinput.com
  • 8.
    2. Storing EncryptedPassword: • When we are planning to authenticate users via passwords, we must ensure the security of the password in our database. • If we store user passwords as plaintext, against which to compare user log on attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ the same password for accounts on different systems, those will be compromised as well. • More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible. • A common approach stores only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. Brought To You by www.rareinput.com
  • 9.
    3. Random Passwords: •Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the ASCII character set), pronounceable passwords, or even words from a word list (thus forming a passphrase). • However, these are often not truly random, but pseudo random • Random password programs often have the ability to ensure that the resulting password complies with a local Password Policy. Brought To You by www.rareinput.com
  • 10.
    4. Password longevity(ageing): • "Password aging" is a feature of some operating systems which forces users to change passwords frequently (e.g., quarterly, monthly or even more often) • There is often an increase in the people who note down the password and leave it where it can easily be found or Users may use simpler passwords or develop variation patterns on a consistent theme to keep their passwords memorable. Because of these issues, password aging is effective. • Password aging is also required because of the nature of data of the IT systems. Brought To You by www.rareinput.com
  • 11.
    5. Limits onthe number of password guesses: • An alternative to limiting the rate at which an attacker can make guesses on a password is to limit the total number of guesses that can be made. • The password can be disabled, requiring a reset, after a small number of consecutive bad guesses (say 5); and the user may be required to change the password after a larger cumulative number of bad guesses (say 30), to prevent an attacker from making an arbitrarily large number of bad guesses by interspersing them between good guesses made by the legitimate password owner. Brought To You by www.rareinput.com
  • 12.
    6. Transmission throughencrypted channels: • The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using cryptographic protection. • The most widely used is the Transport Layer Security (TLS, previously called SSL) feature built into most current Internet browsers. • Most browsers alert the user of a TLS/SSL protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. Brought To You by www.rareinput.com
  • 13.
    Do’s and don’tsof a password Do’s of a password Don’ts of a password • DO pick a password you will remember • DON'T write your password down. • DO change your password regularly • DON'T make obvious choices like your last name, first • DO use a mix of uppercase and lowercase name, nickname, birthdate, spouse characters and special characters such as name, pet name, make/model of car, or #, $, %. favorite expression. • DO use random passwords. • DON'T choose your username as your • DO use a password that you can type quickly password. without having to look at your keyboard. This • DON'T share your password with anyone. makes it harder for someone to notice your Once it is out of your control, so is your password if they happen to be watching over security. your shoulder. • DON'T use a word contained in English or • DO use a password with 8 or more foreign language dictionaries, spelling lists or characters. More is better. commonly digitized • DO create different passwords for different • DON'T use an alphabet sequence accounts and applications. Brought To You by www.rareinput.com (lmnopqrst), a number sequence (12345678)
  • 14.
    By using thesementioned techniques we can significantly improve our password based security and can save ourselves from the numerous threats of this cyber world. Brought To You by www.rareinput.com
  • 15.
    References • http://www.google.com • http://www.securepasswords.net/site/Password-Dos-andDonts/page/25.html •http://en.wikipedia.org/wiki/Password_strength • http://en.wikipedia.org/wiki/Password Brought To You by www.rareinput.com
  • 16.
    Thank You Saurabh KumarJha CTO and Co Founder www.rareinput.com