Google search

Thursday, December 17, 2009

TIPS FOR Selecting A Secure Pass word for Ur Yahoo ID ;;)

. Thursday, December 17, 2009

Although many alternatives for user authentication are available today, most users log on to their computer and remote computers using a combination of their user name and a p***word typed at their keyboard. There are products that use more secure technologies such as biometrics, smart cards, and one-time p***words available for all popular operating systems; but the reality is that many organizations still rely on p***words and they will continue to do so for years to come. Users often have many different computer accounts at work, for their cell phone, at their bank, with insurance companies, and so on. To make it easier to remember their p***words, users often use the same or similar p***words on each system; and given a choice, most users will select a very simple and easy-to-remember p***word such as their birthday, their mother's maiden name, or the name of a relative. Short and simple p***words are relatively easy for attackers to determine. Some common methods that attackers use for discovering a victim's p***word include:

• Guessing—The attacker attempts to log on using the user's account by repeatedly guessing likely words and phrases such as their children's names, their city of birth, and local sports teams.

• Online Dictionary Attack—The attacker uses an automated program that includes a **** file of words. The program repeatedly attempts to log on to the target system using a different word from the **** file on each try.

• Offline Dictionary Attack—Similar to the online dictionary attack, the attacker gets a copy of the file where the hashed or encrypted copy of user accounts and p***words are stored and uses an automated program to determine what the p***word is for each account. This type of attack can be completed very quickly once the attacker has managed to get a copy of the p***word file.

• Offline Brute Force Attack—This is a variation of the dictionary attacks, but it is designed to determine p***words that may not be included in the **** file used in those attacks. Although a brute force attack can be attempted online, due to network bandwidth and latency they are usually undertaken offline using a copy of the target system's p***word file. In a brute force attack the attacker uses an automated program that generates hashes or encrypted values for all possible p***words and compares them to the values in the p***word file.

Using Unicode Characters in ALT Key Combinations
Most users should have no problem finding p*** phrases that they can easily remember, but for particularly sensitive accounts such as those with domain administrator privileges it is highly recommended that Unicode characters are included in the p***words using ALT key combinations. These are characters that do not appear on standard U.S. keyboards. You enter them by holding down the ALT key (or the FN and the ALT key on most laptop computers) and typing a three- or four-digit number on the numeric keypad (the numeric overlay keypad on a laptop computer).

The use of these types of characters greatly strengthens p***words in two ways: First, p***word cracking tools are often unable to test the vast majority of these types of characters. Second, the use of these characters greatly increases the range of characters that may appear in your p***word, which strengthens the potential complexity of the p***word by many orders of magnitude. When using ALT key combinations it is very important that you remember the leading zero, if present, because leaving the zero off results in a different character. For example, ALT+128 is Ç, while ALT+0128 is €. The rest of this section focuses on four digit codes, which access the entire Unicode character set, and ignore the three digit codes, which only access the extended ASCII character set.

The following table lists the numerical values that can be used as ALT key combinations. Recommended values are between 0128 and 1024. Each cell in the table below shows either a single value or a range of values. For example, the first cell shows "0128-0159." This means that you could use any value between 0128 and 0159, such as ALT+0135, which corresponds to the Unicode character "‡".

Recommended ALT Code to Use for ALT Key Combinations

Not all Unicode characters increase p***word complexity because they are automatically converted to ASCII characters, resulting in a weakened p***word instead. The following table shows character codes that should not be used in a p***word and the ASCII character to which they are converted.

P***word Age and Reuse
Users should also change their p***words frequently. Even though long and strong p***words are much more difficult to break than short and simple ones, they can still be cracked. An attacker who has enough time and computing power at his disposal can eventually break any p***word. In general, p***words should be changed within 42 days, and old p***words should never be reused.
More P***word Tips

The following information provides tips and do's and don'ts for creating and remembering p***words and p***word phrases.

Use more than one word
Instead of only using the name of someone you know, such as "Allison", choose something about that person no one else knows about, for instance, "AllisonsBear" or "AlliesBear".

Use symbols instead of characters
Many people tend to put the required symbols and numbers at the end of a word they know, for instance, "Allison1234". Unfortunately, this is relatively easy to break. The word "Allison" is in a lot of dictionaries that include common names; once the name is discovered, the attacker has only four more relatively easy characters to guess. Instead, replace one or more of the letters within the word with symbols that you'll easily recall. Many people have their own creative interpretations of what letter some symbols and numbers resemble. For example, try substituting "@" for "A", "!" for "l", a zero (0) for an "O", a "$" for an "S", and a "3" for an "E". With substitutions such as these, "@llis0nbe@r", "A!!isonB3ar", and "A//i$onBear" are all recognizable to you, but they would be extremely difficult to guess or break. Look at the symbols on your keyboard and think of the first character that comes to mind—it might not be what someone else would think of, but you will remember it. Use some of those symbols as substitutions for your p***words from now on.

Choose events or people that are on your mind
To remember a strong p***word that will have to change in several months, try selecting an upcoming personal or public event. Use this as an opportunity to remind yourself about something pleasant that is going on in your life, or a person whom you admire or love. You won't be likely to forget the p***word if it is funny or endearing. Make it unique to you. Be sure to make it a phrase of two or more words, and continue to slip in your symbols. For example: "J0hn$Gr@du@tion".

Use phonetics in the words
In general, p***word dictionaries used by attackers search for words embedded inside your p***word. As mentioned before, don't hesitate to use the words, but make sure you liberally sprinkle those words with embedded symbols. Another way to trump the attacker is to avoid spelling the words properly, or use funny phonetics that you can remember. For instance, "Run for the hills" could become "R0n4dHiLLs!" or "R0n 4 d Hills!" If your manager's name happens to be Ron, you might even get a chuckle each morning typing this in. If you are a lousy speller, you are ahead of the game already.

Don't be afraid to make the p***word long
If you remember it better as a full phrase, go ahead and type it in. Longer p***words are much harder to break. And even though it is long, if it is easy for you to remember, you will probably have a lot less trouble getting into your system, even if you aren't the best typist in the world.

Use first letters of a phrase
To create an easy-to-remember and strong p***word, begin with a properly capitalized and punctuated sentence that is easy for you to remember. For example: "My daughter Kay goes to the International School." Next, take the first letter of each word in your sentence, preserving the capitalization used in the sentence. In the example above "MdKgttIS" would be the result. Finally substitute some non-alphanumeric characters for some of the letters in the p***word. You might use an "@" to replace an "a" or use an "!" to replace an "L". After one such substitution the example p***word above would be "MdKgtt!S"—a very difficult p***word to break, yet a p***word that is easy for you to remember, as long as you can recall the sentence on which the p***word is ****d.


:)) ;)) ;;) :D ;) :p :(( :) :( :X =(( :-o :-/ :-* :| 8-} :)] ~x( :-t b-( :-L x( =))

Post a Comment

YahooNext powered by |