5 tips for top-notch password security

Whether it's a few PCs or hundreds on your network, there's one thing that can separate your system from being compromised: a great password.

Why? Hackers want access to anything and everything. If they can guess your user name and password, you might as well have given them your wallet and the keys to your building.

Before we talk about what makes a good password, let's begin with the first of five things to know and practice in using

Passwords.

1. Don't be complacent: Attacks can and do happen.

Hackers are a devious bunch and will stop at nothing to get into your network and files. They use three different methods to get to you: brute force, dictionary attacks and social engineering.

Brute force is the most time-consuming method. Basically, it involves a program that tries every combination of letters, numbers and keyboard characters to guess your password. It starts with trying every character, and then tries two-character combinations and so on.

I want to share about Outlook Support and Email Support with password Security.

Choosing an appropriate password policy

The level of password strength required depends, in part, on how easy it is for an attacker to submit multiple guesses. Some systems limit the number of times a user can enter an incorrect password before some delay is imposed or the account is frozen. At the other extreme, some systems make available a specially hashed version of the password so anyone can check its validity. When this is done, an attacker can try passwords very rapidly and much stronger passwords are necessary for reasonable security. (See password cracking and password length equation.) Stricter requirements are also appropriate for accounts with higher privileges, such as root or system administrator accounts.

Usability considerations

Password policies are usually a tradeoff between theoretical security and the practicalities of human behavior. For example:

• Requiring excessively complex passwords and forcing them to be changed frequently can cause users to write passwords down in places that are easy for an intruder to find, such as a Rolodex or post-it note near the computer.

• Users often have dozens of passwords to manage. It may be more realistic to recommend a single password be used for all low security applications, such as reading on-line newspapers and accessing entertainment web sites.

• Similarly, demanding that users never write down their passwords may be unrealistic and lead users to choose weak ones. An alternative is to suggest keeping written passwords in a secure place, such as a safe or an encrypted master file. The validity of this approach depends on what the most likely threat is deemed to be. While writing down a password may be problematic if potential attackers have access to the secure store, if the threat is primarily remote attackers who do not have access to the store, it can be a very secure method.

• Inclusion of special characters can be a problem if a user has to logon a computer in a different country. Some special characters may be difficult or impossible to find on keyboards designed for another language.

• Some identity management systems allow Self Service Password Reset, where users can bypass password security by supplying an answer to one or more security questions such as "where were you born?," "what's you favorite movie?," etc. Often the answers to these questions can easily be obtained by social engineering, phishing or simple research.

Other approaches are available that are generally considered to be more secure than simple passwords. These include use of a security token or one-time password system, such as S/Key.

I want to share some thing about Online e-mail Support, email error support, Outlook Support and Computer Help

Methods of verifying a password over a network

A variety of methods have been used to verify passwords in a network setting:

Simple transmission of the password

Passwords can be vulnerable to interception (i.e., "snooping") while being transmitted to the authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, it is subject to snooping by wiretapping methods. If it is carried as packetitzed data over the Internet, anyone able to watch the packets containing the logon information can snoop with a very low probability of detection.

An example of cleartext transmission of passwords is the original Wikipedia website. When you logged into your Wikipedia account, your username and password are sent from your computer's browser through the Internet as cleartext. Anyone could read them in transit and thereafter log into your account. More recently, Wikipedia has offered a secure login option, which, like many e-commerce sites, uses the SSL (TLS) cryptographic protocol to eliminate the cleartext transmission. But, because anyone can gain access to Wikipedia (without logging in at all), and then edit most articles, it can be argued that there is little need to encrypt these transmissions. Other websites (eg, banks and financial institutions) have quite different security requirements, and cleartext transmission of anything is clearly insecure in those contexts.

Another example of transmission vulnerability is email. Emailed passwords may be read by anyone with access to the transmission medium. Using client-side encryption will only protect transmission from the POP server to the client. Previous or subsequent relays of the email will not be protected and the email will be stored on multiple computers in cleartext.

Transmission through encrypted channels

The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using the Transport Layer Security (TLS, previously called SSL) feature built into many Internet browsers. Most browsers display a closed lock icon when TLS is in use. See cryptography for other ways in which the passing of information can be made more secure.

Hash-based challenge-response methods

Unfortunately, there is a conflict between stored hashed-passwords and hash-based challenge-response authentication; the latter requires a client to prove to a server that he knows what the shared secret (i.e., password) is, and to do this, the server must be able to obtain the shared secret from its stored form. On Unix-type systems doing remote authentication, the shared secret usually becomes the hashed form and has the serious limitation of exposing passwords to offline guessing attacks.

Zero-knowledge password proofs

Rather than transmitting the password, password-authenticated key agreement systems can perform a zero-knowledge password proof, which proves knowledge of the password without exposing it.

Moving a step further, augmented systems for password-authenticated key agreement (e.g. AMP, B-SPEKE, PAK-Z, SRP-6) avoid both the conflict and limitation of hash-based methods; An augmented system allows a client to prove knowledge of the password to a server, where the server knows only a (not exactly) hashed password, and where the unhashed password is required to gain access.

I want to share some thing about Online e-mail Support, email error support, Outlook Support and Computer Help