3.1 Give examples of ways of ensuring passwords and PINs are secure.
3.2 Give examples of ways to ensure ICT systems are secure.
3.3 Demonstrate how to check that virus protection is valid.
Tips to Ensure Safe Passwords
Getting users to adhere to your security policies is one of the most difficult parts of an IT administrator's job. Passwords are an especially big issue: Users choose passwords that are easy to remember, they jot them on sticky notes attached to their monitors, and they seldom change them. To address this security risk, Large Software offers the following 5 tips for creating and maintaining safe passwords.
Keep them Guessing: Never use personal information to create a username, login, or password (i.e., names of pets, relatives, nicknames, dates of birth, birth location). In this day and age where information is often finding its way onto the web and identity theft experts have become ever-savvy at ferreting out these details, it is crucial to choose usernames and passwords that are disassociated from your personal history. Does it make it harder to remember? Yes, but you'll be thankful when you're spared the potentially hundreds of hours and thousands of dollars it often costs to fix a stolen identity.
Keep it Fresh- Diversify: Avoid using the same login and password across multiple sites and/or cards and accounts. If a thief gains access to one, it will be like a house of cards, allowing them to quickly wreak havoc across your entire financial portfolio. Are you the type that says, "I never share my PIN?" It's amazing how often those "unshared" digits are misused by a jilted lover or nosy house cleaner.
Bigger is Better! Cliché but true. Studies have consistently shown that a large fraction of all user-chosen passwords are readily guessed automatically. Shorter passwords are more susceptible to commercially available password recovery tools. Such software is capable of testing 200,000 passwords per second. To improve the cipher strength of your password, longer passwords are better. Include a minimum of 8 characters--using both upper and lower case letters and a mix of letters, numerals, and symbols. Do not use words found in the English dictionary.
Think Like a Thief--Don't Make it Easy on Them: Put yourself into a thief's shoes--don't even think about using an overly simplified password such as "12345678," "222222," "abcdefg." Avoid sequential passwords or using passwords derived from the use of adjacent letters on your keyboard; this will not make your password secure. Also, avoid using only look-alike substitutions of numbers or symbols. Criminals and other malicious users who know enough to try and crack your password will not be fooled by common look-alike replacements, such as replacing an 'i' with a '1' or an 'a' with '@' as in "L@rgeSoftw@re" or "P@ssw0rd". But these substitutions can be effective when combined with other measures, such as length, misspellings, or variations in case, to improve the strength of your password.
Consider a Password Manager: There are many decent applications on the market that will digitally safeguard your various passwords. Avoid using the free ones "built-in" to browsers as these have been widely exposed for their security flaws. Consider software that memorizes and securely stores each username and password that you enter on a website.
Improving password quality
We have referred several times to weak passwords and the threat that they may pose to network security, but what do we mean by weak passwords? Characteristically, they are anything that might occur in a dictionary, which is to say simple, proper words utilizing only letters and no other type of character. For instance, proper names are poor choices for passwords.
Another flawed password is one that relies on personal information about the user, such as birthdays, anniversaries, spouse's names etc., that will make the password easier to remember. As discomfiting as it may seem, hackers often have access to users' personal information. By using a technique known as social engineering, hackers will use a legitimate user's personal information to make educated guesses of the user's password. By incorporating this information into the password, the hacker has a much better chance of cracking the password. A good hacker will socially engineer the target account, carrying out a little research into your hobbies, interests, date of birth even family members and pets. Selecting obscure words, phrases and symbols should prevent this.
While it is important to create a password that does not consist of orthodox everyday words, but that can be reasonably easily remembered, it is also important to use different characters in the password. Users should try to incorporate letters (both upper and lower case,) numbers and symbols. They can achieve this by mingling characters from the various character sets, which include:
uppercase letters such as A, B, C;
lowercase letters such as a, b,c;
numerals such as 1, 2, 3;
special characters such as $, ?, &; and
alt characters such as µ, £, Æ.
Strong passwords replace simple letters with other characters so that they form memorable words but don't necessarily form dictionary words. For example, 'Password' may become 'Pa55w0rd'. Unfortunately, this step is already outdated; dictionaries have been already been created to combat this technique. As a result, users have been forced use combinations of 2 or more unrelated words, each of which should consist of characters from each of the five character sets.
No comments:
Post a Comment