Number of users per password

Sometimes a single password controls access to a device, for example, for a network router, or password-protected mobile phone. However, in the case of a computer system, a password is usually stored for each user name, thus making all access traceable (save, of course, in the case of users sharing passwords). A would-be user must give a name as well as a password. If the user supplies a password matching the one stored for the supplied user name, he or she is permitted further access into the computer system. This is also the case for a cash machine, except that the user name is the account number stored on the bank customer's card, and the PIN is usually quite short (4 to 6 digits).

Allotting separate passwords to each user of a system is preferable to having a single password shared by legitimate users of the system, certainly from a security viewpoint. This is partly because users are more willing to tell another person (who may not be authorized) a shared password than one exclusively for their use. Single passwords are also much less convenient to change because many people need to be told at the same time, and they make removal of a particular user's access more difficult. Per-user passwords are also essential if users are to be held accountable for their activities, such as making financial transactions or viewing medical records. You can go to take Computer Help and Technical Support.

Password Policy

A Password Policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training. The password policy may either be advisory or mandated by technical means.

Password length and formation

Some policies suggest or impose requirements on what type of password a user can choose, such as:

• the use of both upper- and lower-case letters (case sensitivity)
• inclusion of one or more numerical digits
• inclusion of special characters
• prohibition of words found in a dictionary or the user's personal information
• prohibition of passwords that match the format of calendar dates, license plate numbers, or other common numbers

As of October 2005, employees of the UK Government are advised to use passwords of the following form: consonant, vowel, consonant, consonant, vowel, consonant, number, number (for example pinray45). This form is called an Environ password and is case-insensitive. Unfortunately, since the form of this 8-character password is known to potential attackers, the number of possibilities that need to be tested is actually fewer than a 6-character password of no form (486,202,500 vs 2,176,782,336).

Other systems create the password for the users or let the user select one of a limited number of displayed choices.

Password Cracking

Hi, I am continuing with password cracking topic. I am already discussing importance of password and what is the role of password and how it helps to protect our PC. I want to share my experience with password and Computer Help and Technical Support.

Password Cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. The purpose of password cracking might be to help a user recover a forgotten password (though installing an entirely new password is less of a security risk, but involves system administration privileges), to gain unauthorized access to a system, or as a preventive measure by system administrators to check for easily crack able passwords.

Passwords to access computer systems are usually stored, typically not in cleartext form, in a database so the system can perform password verification when users attempt to login. To preserve confidentiality of system passwords, the password verification data is typically generated by applying a one-way function to the password, possibly in combination with other data. For simplicity in this discussion, when the one-way function (which may be either an encryption function or cryptographic hash) does not incorporate a secret key, other than the password, we will refer to the one way function employed as a hash and its output as a hashed password.

Even though functions that create hashed passwords may be cryptographically secure, possession of a hashed password provides a quick way to test guesses for the password by applying the function to each guess, and comparing the result to the verification data. The most commonly used hash functions can be computed rapidly and the attacker can test guesses repeatedly with different guesses until one succeeds, meaning the plaintext password has been recovered.

The term password cracking is typically limited to recovery of one or more plaintext passwords from hashed passwords, but there are also many other ways of obtaining passwords illicitly; without the hashed version of a password, the attacker can still attempt access to the computer system in question with guessed passwords. However well designed systems limit the number of failed access attempts and can alert administrators to trace the source of the attack if that quota is exceeded. With the hashed password, the attacker can work undetected, and if the attacker has obtained several hashed passwords, the chances for cracking at least one is quite high.

Otherwise it is possible to try to obtain the passwords through other different methods, such as social engineering, wiretapping, keystroke logging, login spoofing, dumpster diving, phishing, shoulder surfing, timing attack, acoustic cryptanalysis, using a Trojan Horse or virus, identity management system attacks (such as abuse of Self-service password reset) and compromising host security (see password for details). However, cracking usually designates a guessing attack.

Cracking may be combined with other techniques. For example, use of a hash-based challenge-response authentication method for password verification may provide a hashed password to an eavesdropper, who can then crack the password. A number of stronger cryptographic protocols exist that do not expose hashed-passwords during verification over a network, either by protecting them in transmission using a high-grade key, or by using a zero-knowledge password proof.

Password Recovery Tools

NirSoft Web site provides free password recovery tools for variety of programs, including Internet Explorer, Outlook Express, Microsoft Outlook, Dialup entries of Windows, Yahoo Messenger, MSN Messenger, and more...

The following table describes the most popular password recovery utilities in this Web site:

MessenPass	Recovers the passwords of most popular Instant Messenger programs: MSN Messenger, Windows Messenger, Yahoo Messenger, ICQ Lite 4.x/2003, AOL Instant Messenger provided with Netscape 7, Trillian, Miranda, and GAIM.
Mail PassView	Recovers the passwords of the following email programs: Outlook Express, Microsoft Outlook 2000 (POP3 and SMTP Accounts only), Microsoft Outlook 2002/2003 (POP3, IMAP, HTTP and SMTP Accounts), IncrediMail, Eudora, Netscape Mail, Mozilla Thunderbird, Group Mail Free. Mail PassView can also recover the passwords of Web-based email accounts (HotMail, Yahoo!, Gmail), if you use the associated programs of these accounts.
IE PassView	IE PassView is a small utility that reveals the passwords stored by Internet Explorer browser. It supports the new Internet Explorer 7.0, as well as older versions of Internet explorer, v4.0 - v6.0
Protected Storage PassView	Recovers all passwords stored inside the Protected Storage, including the AutoComplete passwords of Internet Explorer, passwords of Password-protected sites, MSN Explorer Passwords, and more...
Dialupass	Password recovery tool that reveals all passwords stored in dial-up entries. (Internet and VPN connections) As opposed to many other tools, this tool works in all versions of Windows, including Windows 2000 and Windows XP.
Asterisk Logger	Recovers passwords stored behind asterisks (****) characters. You can use this tool to recover the passwords of many applications, like CuteFTP, CoffeeCup Free FTP, VNC, and more...
AsterWin IE	Reveals the passwords stored behind the asterisks in the web pages of Internet Explorer 5.0 and above. You can use it for recovering a lost web site password, if it's stored on your computer. Visual Basic source code is included.
Network Password Recovery	Recover network passwords stored by Windows XP operating system.
SniffPass Password Sniffer	capture the passwords that pass through your network adapter, and display them on the screen instantly. You can use this utility to recover lost Web/FTP/Email passwords.
PstPassword	Recovers lost password of Outlook PST file.
WirelessKeyView	WirelessKeyView recovers all wireless network keys (WEP/WPA) stored in your computer by the 'Wireless Zero Configuration' service of Windows XP and by the 'WLAN AutoConfig' service of Windows Vista. It allows you to easily save all keys to text/html/xml file, or copy a single key to the clipboard.
Remote Desktop PassView	Remote Desktop PassView is a small utility that reveals the password stored by Microsoft Remote Desktop Connection utility inside the .rdp files.
PocketAsterisk RemotePocketAsterisk	Reveals the password stored behind the asterisks in Pocket PC device.

The use of passwords goes back to ancient times. Sentries guarding a location would challenge for a password. They would only allow a person in if they knew the password. In modern times, passwords are used to control access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. A typical computer user may require passwords for many purposes: logging in to computer accounts, retrieving e-mail from servers, accessing files, databases, networks, web sites, and even reading the morning newspaper online. I want to share my experience with Computer Help how to.

Random password generator

A random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.

While there are many examples of "random" password generator programs available on the Internet, generating randomness can be tricky and many programs do not generate random characters in a way that ensures strong security. A common recommendation is to use open source security tools where possible, since they allow independent checks on the quality of the methods used. Note that simply generating a password at random does not ensure the password is a strong password, because it is possible, although highly unlikely, to generate an easily guessed or cracked password.

A password generator can be part of a password manager. When a password policy enforces complex rules, it can be easier to use a password generator based on that set of rules than to manually create passwords.

I want to share here with you is my experience of sharing the Microsoft Outlook ,

Password Security , Technical Support and providing computer support assistance.

What is Password synchronization

Password synchronization is defined as any process or technology that helps users to maintain a single password that is subject to a single security policy and changes on a single schedule across multiple systems.

Password synchronization is an effective mechanism for addressing password management problems on an enterprise network:

• Users with synchronized passwords tend to remember their passwords.
• Simpler password management means that users make significantly fewer password-related calls to the help desk.
• Users with just one or two passwords are much less likely to write down their passwords.

Password synchronization considered as easier to implement than enterprise single sign-on (SSO), as there is no client software deployment, and user enrollment can be automated.

Some (in particular those who sell single signon systems) claim that password synchronization is less secure than single signon, since compromise of one password means compromise of all. The counter-argument is that, with single signon, compromise of the primary password (from which an encryption key is derived and used to protect all other, stored passwords) also compromises all, so the security of password synchronization and single signon is similar -- i.e., both systems depend strongly on the security of a single password, and that password must be well defended, regardless of such academic arguments.

Two types of password synchronization processes are commonly available in commercial software:

• Transparent password synchronization, triggered by a password change on an existing system. The new password is automatically forwarded to other user objects that belong to the same user, on other systems (of the same or different types).

• Web-based password synchronization, initiated by the user with a web browser, in place of the existing native password change process. The web-based process allows the user to set multiple passwords at once.

Password synchronization is a type of Identity management software.

I want to share here with you is my experience of sharing the Microsoft Outlook , Password Security , Technical Support and providing computer support assistance.

Early UNIX password vulnerability

Early UNIX implementations used a 12-bit salt, which allowed for 4096 possibilities, and limited passwords to 8 characters. While 12 bits was good enough for most purposes in the 1970s (although some expressed doubts even then), by 2005 disk storage had become cheap enough that an attacker can precompute encryptions of millions of common passwords, including all 4096 possible salt variations for each password, and store the precomputed values on a single portable hard drive. An attacker with a larger budget can build a disk farm with all 6 character passwords and the most common 7 and 8 character passwords stored in encrypted form, for all 4096 possible salts. And when several thousand passwords are being cracked at once, memoization still offers some benefit. Since there is little downside to using a longer (say 32-, 64- or 128-bit) salt, and they render any precomputation or memoization hopeless, modern implementations choose to do so.