This document provides an overview of password best practices and security. It discusses the history of passwords, definitions of key terms like passwords and passcodes, techniques like two-factor authentication, best practices for password creation and management, common mistakes, what to do if a password is compromised, alternatives to passwords for authentication, and tips for proper password usage in different contexts. The document emphasizes using long, unique passwords that are changed periodically and avoiding weak passwords that are easy for hackers to guess.

1. Global Online LAMP – Tier 2
Layman’s Course

2. The Sylabus
● Historical Summary Minute 01
● Definitions of “Password”, Passcodes, CAPTCHA Minute 02
● 2FA (Two Factor Authentication) Minute 03
● Password – Best Practices Minute 05
● Review & Replace passwords Minute 06
● Common mistakes while creating a password Minute 07
● When you find that your password has been broken Minute 08
● Writing passwords on paper Minute 10
● About hackers Minute 11
● Alternative techniques for security and safety Minute 12
● Password Usage in emails, social media, online banking Minute 14
● Password Generating Programs Minute 15

3. Historical Summary
• Passwords have been in use for over 2,500 years; it is a tool to protect friends from enemies.
• Eg, in ancient Rome, to gain access to a few facilities, you had to provide a password to the guard.
• The password would have to be written down secretly or softly enunciated.
• The password would be changed frequently from time to time.
• If the password that is used included only digits or numbers, it is called a “Passcode”.
• Passwords were specifically meant for individual use – it is not meant to be shared.
• If the user forgot the password, it could lead to detention or arrest.

4. Password, Passcodes, CAPTCHA
• A password is a long and unique string of letters, numbers and special characters.
• The letters used in a password are case-sensitive – the letters are upper or lower case.
• Each password, and its sequence, is unique.
• Each password has a minimal length – the minimum is usually 8 characters.
• When a password has only numbers, it is called a “Passcode”.
• To prevent the guessing of a password through bots, there is a process called “CAPTCHA”.
• “CAPTCHA” requires an individual to read a string of distorted characters.

5. 2FA – Two-Factor Authentication
• In the field of cyber security, 2FA or TFA stands for Two-Factor Authentication.
• The main objective of TFA is to provide additional security for the user.
• There are two factors required to gain access to electronic data.
• The first factor is the use of a regular or normal case-sensitive password.
• On using the right password, the system generates, usually a “Passcode”.
• This “Passcode” or “One-Time Password” (OTP) is sent to the user’s email or smart phone.
• On entering the “Passcode”, the user gains access to the electronic data.

6. Password – Best Practices
• A good password must have a certain length (usually at least 8 characters).
• A good password must have a unique combination of letters, words and special characters.
• While using letters, care must be taken as the letters are case-sensitive.
• Any critical password should be frequently modified (say once in 45 days)
• A good password should not include names or phone numbers of the user.
• A good password should be such that it is not easy for outsiders to guess it.
• In important and critical situations, there would be multiple levels of passwords.

7. Review & Replace Passwords
• A typical user of digital devices may use about 30 to 50 passwords.
• Some of the passwords are used in non-critical situations, where a breach is not significant.
• But a few situations, like your bank account or email, are very critical.
• A few browsers, for the convenience of users, remembers the last-used password.
• Passwords for critical areas, should be frequently and substantially modified.
• The suggested frequency of modifying email passwords is about 45 days.
• Passwords can be recorded on “paper”, so long as it is safe and secure.

8. Common Mistakes While Creating a Password
Here are some common mistakes that people make with passwords:
• 12345: This password is too short and hence easy to copy.
• abcdefgh: This password is long but uses single case only - the sequence is easy to guess.
• ABCDefgh: This password has upper and lower cases, but the sequence is easy to guess.
• Abcd1234: This password has a combination of cass and numbers, but is still easy to guess.
• ILoveMary: This password includes a familiar name & with some repetition can be guessed.
• HrrY&514: This password has a difficult combination of characters and is difficult to guess.

9. When Password is Broken
When you find that your email has been breached, here is what needs to be done:
• Please inform the email service provider that your account has been breached.
• Please inform the internet service provider that your account has been breached.
• In case you are in a company, please inform the CEO and/or HRM and/or IT Head.
Having informed all of the above, please
• Change the password significantly
• Try and assess the impact of the breach. (take the help of Cyber Crime)

10. Writing Passwords on Paper
Let us consider a realistic situation of a typical netizen (one who uses the internet):
• A typical user has about thirty (30) to fifty (50) passwords.
• Let us say that 5 of those passwords are critical (Email, Bank Account etc)
• These critical passwords need to be modified frequently (say once in 45 days)
• It is prudent to maintain a physical record of these passwords in a booklet or diary.
• Th physical document needs to be in a safe and secure place.
• In the physical documents, you could use a private coding system to add security.

11. About Hackers
• A hacker is one who attempts to break into your account without your knowledge or permission.
• A hacker is the equivalent of a thief or a robber who breaks into your premises.
• What a hacker does is incorrect, immoral, illegal and unlawful in most countries.
• A hacker is able to break into your account through the use of sophisticated techniques.
• A hacker is often encouraged and abetted through the casual attitude of digitial users.
• The law in most lands are very stringent in the way they deal with hackers.
• There is a category of programmers who call themselves as “ethical hackers”.

12. Alternative Techniques
When it comes to secure access, there are alternatives to the use of passwords:
• The use of finger prints is a time-tested way to ensure identity theft does not take place.
• The use of retina scans is a novel way to ensure that the user’s access is not violated.
• iPhones, for instance, use facial recognition to ensure individual security
While using these devices, there are two disadvantages or demerits:
• There is a cost associated with the use of such devices.
• Sometimes, the devices are misplaced or do not function as they should.

13. Password Usage
Here are some tips for proper usage of passwords:
• For emails: This is super-critical; use sophisticated passwords that are modified periodically.
• For bank accounts: This is critical; use sophisticated passwords that are modified frequently.
• For access to office records: This is important; use passwords as per guidelines provided.
• For Social Networking: This is less critical; use passwords that are easy to remember.
• For non-critical areas: This is casual; use passwords that are very easy to remember.

14. Password Generating Programs
• There are “Password Generating Programs” (PGP’s) who can help you manage your passwords.
• Two examples of free-to-use PGP’s are: KeePass and LastPass.
• These programs are free to use, generously supported by good samaritans.
• Even if there is a small cost to a PGP, having a good and reliable PGP is recommended.
• A PGP can be used to store all your passwords – so its safety & security is very critical.
• One needs a sophisticated password, which is frequently modified, to access a PGP.
Common sense advice regarding “Passwords” is BRAVE: Be Rigorous, Aware & Vigilant Everytime.

15. Join
us
in
the
war
against
Cyber
Crime!
Ḷet
us
make
the
world
safe
and
secure!!

16. Here’s to a safe and secure world!!
For more information, please email to:
foundationgolamp@gmail.com