Random password generator

A random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.

While there are many examples of "random" password generator programs available on the Internet, generating randomness can be tricky and many programs do not generate random characters in a way that ensures strong security. A common recommendation is to use open source security tools where possible, since they allow independent checks on the quality of the methods used. Note that simply generating a password at random does not ensure the password is a strong password, because it is possible, although highly unlikely, to generate an easily guessed or cracked password.

A password generator can be part of a password manager. When a password policy enforces complex rules, it can be easier to use a password generator based on that set of rules than to manually create passwords.

I want to share here with you is my experience of sharing the Microsoft Outlook ,

Password Security , Technical Support and providing computer support assistance.

What is Password synchronization

Password synchronization is defined as any process or technology that helps users to maintain a single password that is subject to a single security policy and changes on a single schedule across multiple systems.

Password synchronization is an effective mechanism for addressing password management problems on an enterprise network:

• Users with synchronized passwords tend to remember their passwords.
• Simpler password management means that users make significantly fewer password-related calls to the help desk.
• Users with just one or two passwords are much less likely to write down their passwords.

Password synchronization considered as easier to implement than enterprise single sign-on (SSO), as there is no client software deployment, and user enrollment can be automated.

Some (in particular those who sell single signon systems) claim that password synchronization is less secure than single signon, since compromise of one password means compromise of all. The counter-argument is that, with single signon, compromise of the primary password (from which an encryption key is derived and used to protect all other, stored passwords) also compromises all, so the security of password synchronization and single signon is similar -- i.e., both systems depend strongly on the security of a single password, and that password must be well defended, regardless of such academic arguments.

Two types of password synchronization processes are commonly available in commercial software:

• Transparent password synchronization, triggered by a password change on an existing system. The new password is automatically forwarded to other user objects that belong to the same user, on other systems (of the same or different types).

• Web-based password synchronization, initiated by the user with a web browser, in place of the existing native password change process. The web-based process allows the user to set multiple passwords at once.

Password synchronization is a type of Identity management software.

I want to share here with you is my experience of sharing the Microsoft Outlook , Password Security , Technical Support and providing computer support assistance.

Early UNIX password vulnerability

Early UNIX implementations used a 12-bit salt, which allowed for 4096 possibilities, and limited passwords to 8 characters. While 12 bits was good enough for most purposes in the 1970s (although some expressed doubts even then), by 2005 disk storage had become cheap enough that an attacker can precompute encryptions of millions of common passwords, including all 4096 possible salt variations for each password, and store the precomputed values on a single portable hard drive. An attacker with a larger budget can build a disk farm with all 6 character passwords and the most common 7 and 8 character passwords stored in encrypted form, for all 4096 possible salts. And when several thousand passwords are being cracked at once, memoization still offers some benefit. Since there is little downside to using a longer (say 32-, 64- or 128-bit) salt, and they render any precomputation or memoization hopeless, modern implementations choose to do so.

What is Password manager

A password manager is software that helps a user organize passwords and PIN codes. The software typically has a local database or files that hold the encrypted password data. Many password managers also work as a form filler, thus they fill the user and password data automatically into forms. Some have password generator capabilities.

In view of the rising threat of Phishing, password managers are also used as the best defense against such threats. Unlike human beings, a password manager program, which can handle automated login script is not susceptible to visual imitations and look alike websites. With this built-in advantage, the use of a password manager is beneficial to everyone, even if he or she only has a few passwords to remember. However, one must keep in mind that not all password managers can automatically handle the more complex login procedures now imposed by banking websites.

Whilst providing a user with a convenient way of storing and retrieving one's passwords, a compromised master password would render all stored passwords vulnerable. This demonstrates a common relation between usability and security: one might enjoy better security having memorized all his passwords but with cumbersome usability. Thus, some password managers, now provide means for entering master passwords, which are key logging-proof some password managers hold passwords unencrypted in memory while access is being made to records. This poses a security risk should one obtain read privileges of the given memory segment.

Password managers come in 3 basic flavors:

• Desktop - desktop software (usually a browser extension), storing passwords on a computer hard drive.
• Portable - portable software (usually a browser extension), storing passwords and program on a portable drive (U3 and the like).
• Web based - online password manager where passwords are stored on a provider's website.

source en.wikipedia.org

Website password systems

Passwords are used on websites to authenticate users and are usually server-side, meaning the browser sends the password to the server (by HTTP POST), the server checks the password and sends back the relevant content (or an access denied message). This process eliminates the possibility of local reverse engineering as the code used to authenticate the password does not reside on the local machine.
The transmission of the password through the browser in plaintext means it can be intercepted along its journey to the server. Most web authentication systems use SSL to establish an encrypted session between the browser and the server. This is done automatically by the browser and ensures integrity of the session.
So-called website password and membership management systems often involve the use of Java or JavaScript code existing on the client side (meaning the visitor's web browser) HTML source code (for example, AuthPro). Drawbacks to such systems are the relative ease in bypassing or circumventing the protection by switching off JavaScript and Meta redirects in the browser, thereby gaining access to the protected web page. Others take advantage of server-side scripting languages such as ASP or PHP to authenticate users on the server before delivering the source code to the browser. Popular systems such as Sentry Login and Password Sentry take advantage of technology in which web pages are protected using such scripting language code snippets placed in front of the HTML code in the web page source saved in the appropriate extension on the server, such as .asp or .php.

What is Graphical Password

The most common computer authentication method is to use alphanumerical usernames and passwords. This method has been shown to have significant drawbacks. For example, users tend to pick passwords that can be easily guessed. On the other hand, if a password is hard to guess, then it is often hard to remember. Spywares such as key logging also make text-based password vulnerable. To address this problem, some researchers have developed authentication methods that use pictures as passwords. In this paper, we conduct a comprehensive survey of the existing graphical password techniques. We classify these techniques into two categories: recognition-based and recall-based approaches. We discuss the strengths and limitations of each method and also point out the future research directions in this area. We also try to answer two important questions: “Are graphical passwords as secure as text-based passwords? ”; “What are the major design and implementation issues for graphical passwords?” This survey will be useful for information security researchers and practitioners who are interested in finding an alternative to text-based authentication methods.