Number of users per password

Sometimes a single password controls access to a device, for example, for a network router, or password-protected mobile phone. However, in the case of a computer system, a password is usually stored for each user name, thus making all access traceable (save, of course, in the case of users sharing passwords). A would-be user must give a name as well as a password. If the user supplies a password matching the one stored for the supplied user name, he or she is permitted further access into the computer system. This is also the case for a cash machine, except that the user name is the account number stored on the bank customer's card, and the PIN is usually quite short (4 to 6 digits).

Allotting separate passwords to each user of a system is preferable to having a single password shared by legitimate users of the system, certainly from a security viewpoint. This is partly because users are more willing to tell another person (who may not be authorized) a shared password than one exclusively for their use. Single passwords are also much less convenient to change because many people need to be told at the same time, and they make removal of a particular user's access more difficult. Per-user passwords are also essential if users are to be held accountable for their activities, such as making financial transactions or viewing medical records. You can go to take Computer Help and Technical Support.

Password Policy

A Password Policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training. The password policy may either be advisory or mandated by technical means.

Password length and formation

Some policies suggest or impose requirements on what type of password a user can choose, such as:

• the use of both upper- and lower-case letters (case sensitivity)
• inclusion of one or more numerical digits
• inclusion of special characters
• prohibition of words found in a dictionary or the user's personal information
• prohibition of passwords that match the format of calendar dates, license plate numbers, or other common numbers

As of October 2005, employees of the UK Government are advised to use passwords of the following form: consonant, vowel, consonant, consonant, vowel, consonant, number, number (for example pinray45). This form is called an Environ password and is case-insensitive. Unfortunately, since the form of this 8-character password is known to potential attackers, the number of possibilities that need to be tested is actually fewer than a 6-character password of no form (486,202,500 vs 2,176,782,336).

Other systems create the password for the users or let the user select one of a limited number of displayed choices.

Password Cracking

Hi, I am continuing with password cracking topic. I am already discussing importance of password and what is the role of password and how it helps to protect our PC. I want to share my experience with password and Computer Help and Technical Support.

Password Cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves system administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crack able passwords.

Passwords to access computer systems are usually stored, typically not in cleartext form, in a database so the system can perform password verification when users attempt to login. To preserve confidentiality of system passwords, the password verification data is typically generated by applying a one-way function to the password, possibly in combination with other data. For simplicity in this discussion, when the one-way function (which may be either an encryption function or cryptographic hash) does not incorporate a secret key, other than the password, we will refer to the one way function employed as a hash and its output as a hashed password.

Even though functions that create hashed passwords may be cryptographically secure, possession of a hashed password provides a quick way to test guesses for the password by applying the function to each guess, and comparing the result to the verification data. The most commonly used hash functions can be computed rapidly and the attacker can test guesses repeatedly with different guesses until one succeeds, meaning the plaintext password has been recovered.

The term password cracking is typically limited to recovery of one or more plaintext passwords from hashed passwords, but there are also many other ways of obtaining passwords illicitly; without the hashed version of a password, the attacker can still attempt access to the computer system in question with guessed passwords. However well designed systems limit the number of failed access attempts and can alert administrators to trace the source of the attack if that quota is exceeded. With the hashed password, the attacker can work undetected, and if the attacker has obtained several hashed passwords, the chances for cracking at least one is quite high.

Otherwise it is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security (see password for details). However, cracking usually designates a guessing attack.

Cracking may be combined with other techniques. For example, use of a hash-based challenge-response authentication method for password verification may provide a hashed password to an eavesdropper, who can then crack the password. A number of stronger cryptographic protocols exist that do not expose hashed-passwords during verification over a network, either by protecting them in transmission using a high-grade key, or by using a zero-knowledge password proof.

Password Recovery Tools

NirSoft Web site provides free password recovery tools for variety of programs, including Internet Explorer, Outlook Express, Microsoft Outlook, Dialup entries of Windows, Yahoo Messenger, MSN Messenger, and more...

The following table describes the most popular password recovery utilities in this Web site:

MessenPass	Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
Mail PassView	Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free. Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.
IE PassView	IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0
Protected Storage PassView	Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more...
Dialupass	Password recovery tool that reveals all passwords stored in dial-up entries. (Internet and VPN connections) As opposed to many other tools, this tool works in all versions of Windows, including Windows 2000 and Windows XP.
Asterisk Logger	Recovers passwords stored behind asterisks (****) characters. You can use this tool to recover the passwords of many applications, like CuteFTP, CoffeeCup Free FTP, VNC, and more...
AsterWin IE	Reveals the passwords stored behind the asterisks in the web pages of Internet Explorer 5.0 and above. You can use it for recovering a lost web site password, if it's stored on your computer. Visual Basic source code is included.
Network Password Recovery	Recover network passwords stored by Windows XP operating system.
SniffPass Password Sniffer	capture the passwords that pass through your network adapter, and display them on the screen instantly. You can use this utility to recover lost Web/FTP/Email passwords.
PstPassword	Recovers lost password of Outlook PST file.
WirelessKeyView	WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard.
Remote Desktop PassView	Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.
PocketAsterisk RemotePocketAsterisk	Reveals the password stored behind the asterisks in Pocket PC device.

The use of passwords goes back to ancient times. Sentries guarding a location would challenge for a password. They would only allow a person in if they knew the password. In modern times, passwords are used to control access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing files, databases, networks, web sites, and even reading the morning newspaper online. I want to share my experience with Computer Help how to.