SlideShare a Scribd company logo

Improving Password Based Security

Download as PPTX, PDF
Rare Input
Rare Input

This presentation brings you how you can Improve Password Based Security. For more visit: http://www.rareinput.com/

1 of 16
Improving Password Based Security
What is a Password? • A password is a secret word or string of characters that is used for user authentication to prove identity, or for access approval to gain access to a resource (example: an access code is a type of password). • The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword, and would only allow a person or group to pass if they knew the password. • In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. Brought To You by www.rareinput.com
What is the need of a password? There are many reasons to use passwords. Here are some common reasons to use them: to prevent unauthorized access to important information to guarantee security of personal information to prevent unauthorized access to user accounts, such as computer and email accounts to be able to use various Internet services securely Brought To You by www.rareinput.com
How does password work? Whenever we create a login on any website or any stand alone system/application, we are generally asked for two things one is the username and other is the password. The combination of these username and password is then saved into the database of the system/application. And when the user tries to log in to that particular system or application, he is asked for these two things. If the username and the password entered by the user matches with the password and the username previously stored in the database, then he/she is granted the access, else the access is prevented. Brought To You by www.rareinput.com
Challenges in password based security Password Creation Password strength Password storing Password Protection Password cracking Brought To You by www.rareinput.com
How to Improve Password based security? A very simple answer to this question is “to improve the strength of the password”. But what actually is a good strength to ensure the proper security?? Well, there are some techniques and do’s and don'ts which may ensure a better security while using password security. Some of them are discussed in the next slides. Brought To You by www.rareinput.com
I. Creating a strong Password: We all must create strong passwords which are tough to guess and break. In order to create strong passwords we shall follow following points. a) A minimum password length of 12 to 14 characters. b) Generating passwords randomly where feasible c) Avoiding passwords based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past), or biographical information (e.g., ID numbers, ancestors' names or dates). d) Including numbers, and symbols in passwords if allowed by the system e) If the system recognizes case as significant, using capital and lower-case letters f) Avoiding using the same password for multiple sites or purposes g) Avoid using something that the public or workmates know you strongly like or dislike Brought To You by www.rareinput.com
2. Storing Encrypted Password: • When we are planning to authenticate users via passwords, we must ensure the security of the password in our database. • If we store user passwords as plaintext, against which to compare user log on attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ the same password for accounts on different systems, those will be compromised as well. • More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible. • A common approach stores only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. Brought To You by www.rareinput.com
3. Random Passwords: • Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the ASCII character set), pronounceable passwords, or even words from a word list (thus forming a passphrase). • However, these are often not truly random, but pseudo random • Random password programs often have the ability to ensure that the resulting password complies with a local Password Policy. Brought To You by www.rareinput.com
4. Password longevity (ageing): • "Password aging" is a feature of some operating systems which forces users to change passwords frequently (e.g., quarterly, monthly or even more often) • There is often an increase in the people who note down the password and leave it where it can easily be found or Users may use simpler passwords or develop variation patterns on a consistent theme to keep their passwords memorable. Because of these issues, password aging is effective. • Password aging is also required because of the nature of data of the IT systems. Brought To You by www.rareinput.com
5. Limits on the number of password guesses: • An alternative to limiting the rate at which an attacker can make guesses on a password is to limit the total number of guesses that can be made. • The password can be disabled, requiring a reset, after a small number of consecutive bad guesses (say 5); and the user may be required to change the password after a larger cumulative number of bad guesses (say 30), to prevent an attacker from making an arbitrarily large number of bad guesses by interspersing them between good guesses made by the legitimate password owner. Brought To You by www.rareinput.com
6. Transmission through encrypted channels: • The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using cryptographic protection. • The most widely used is the Transport Layer Security (TLS, previously called SSL) feature built into most current Internet browsers. • Most browsers alert the user of a TLS/SSL protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. Brought To You by www.rareinput.com
Do’s and don’ts of a password Do’s of a password Don’ts of a password • DO pick a password you will remember • DON'T write your password down. • DO change your password regularly • DON'T make obvious choices like your last name, first • DO use a mix of uppercase and lowercase name, nickname, birthdate, spouse characters and special characters such as name, pet name, make/model of car, or #, $, %. favorite expression. • DO use random passwords. • DON'T choose your username as your • DO use a password that you can type quickly password. without having to look at your keyboard. This • DON'T share your password with anyone. makes it harder for someone to notice your Once it is out of your control, so is your password if they happen to be watching over security. your shoulder. • DON'T use a word contained in English or • DO use a password with 8 or more foreign language dictionaries, spelling lists or characters. More is better. commonly digitized • DO create different passwords for different • DON'T use an alphabet sequence accounts and applications. Brought To You by www.rareinput.com (lmnopqrst), a number sequence (12345678)
By using these mentioned techniques we can significantly improve our password based security and can save ourselves from the numerous threats of this cyber world. Brought To You by www.rareinput.com
References • http://www.google.com • http://www.securepasswords.net/site/Password-Dos-andDonts/page/25.html • http://en.wikipedia.org/wiki/Password_strength • http://en.wikipedia.org/wiki/Password Brought To You by www.rareinput.com
Thank You Saurabh Kumar Jha CTO and Co Founder www.rareinput.com

Recommended

Cloud computing saas
Cloud computing saasCloud computing saas
Cloud computing saas
Yukti Kaura
 
Ceh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hackingCeh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hacking
sabulite
 
Wordpress
WordpressWordpress
Wordpress
Moorthy Haribabu
 
Wi fi 6 (802.11ax) presentation
Wi fi 6 (802.11ax) presentationWi fi 6 (802.11ax) presentation
Wi fi 6 (802.11ax) presentation
Bryan Slayman
 
Proxy server
Proxy serverProxy server
Proxy server
Proxies Rent
 
Server-side template injection- Slides
Server-side template injection- Slides Server-side template injection- Slides
Server-side template injection- Slides
Amit Dubey
 
WAF deployment
WAF deploymentWAF deployment
WAF deployment
Aravindan A
 
PHP and MySQL : Server Side Scripting For Web Development
PHP and MySQL : Server Side Scripting For Web DevelopmentPHP and MySQL : Server Side Scripting For Web Development
PHP and MySQL : Server Side Scripting For Web Development
Edureka!
 

Recommended

Cloud computing saas
Cloud computing saasCloud computing saas
Cloud computing saas
Yukti Kaura
 
Ceh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hackingCeh v7 module 01 introduction to ethical hacking
Ceh v7 module 01 introduction to ethical hacking
sabulite
 
Wordpress
WordpressWordpress
Wordpress
Moorthy Haribabu
 
Wi fi 6 (802.11ax) presentation
Wi fi 6 (802.11ax) presentationWi fi 6 (802.11ax) presentation
Wi fi 6 (802.11ax) presentation
Bryan Slayman
 
Proxy server
Proxy serverProxy server
Proxy server
Proxies Rent
 
Server-side template injection- Slides
Server-side template injection- Slides Server-side template injection- Slides
Server-side template injection- Slides
Amit Dubey
 
WAF deployment
WAF deploymentWAF deployment
WAF deployment
Aravindan A
 
PHP and MySQL : Server Side Scripting For Web Development
PHP and MySQL : Server Side Scripting For Web DevelopmentPHP and MySQL : Server Side Scripting For Web Development
PHP and MySQL : Server Side Scripting For Web Development
Edureka!
 
Log4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdfLog4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdf
Brandon DeVault
 
Ödül Avcılığı - Masanın Diğer Tarafı
Ödül Avcılığı - Masanın Diğer TarafıÖdül Avcılığı - Masanın Diğer Tarafı
Ödül Avcılığı - Masanın Diğer Tarafı
Çağlar Çakıcı
 
The Hacker's Guide to Kubernetes
The Hacker's Guide to KubernetesThe Hacker's Guide to Kubernetes
The Hacker's Guide to Kubernetes
Patrycja Wegrzynowicz
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Google App Engine
Google App EngineGoogle App Engine
Google App Engine
Sameer Satyam
 
Broadband technology
Broadband technologyBroadband technology
Broadband technology
Bharat Sanchar Nigam Limited
 
WiMAX Basics
WiMAX Basics WiMAX Basics
WiMAX Basics
Jarin Tasnim Khan
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
Nishant Pahad
 
Wifi technology ppt
Wifi technology pptWifi technology ppt
Wifi technology pptsahil kumar lachwani
 
Cloud Deployment
Cloud DeploymentCloud Deployment
Cloud Deployment
Tushar Choudhary
 
Content Management System(CMS) & Basic WordPress
Content Management System(CMS) & Basic WordPressContent Management System(CMS) & Basic WordPress
Content Management System(CMS) & Basic WordPress
Shahadat Hossain Manik
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShell
Salaudeen Rajack
 
Cloud service models
Cloud service modelsCloud service models
Cloud service models
Prem Sanil
 
Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)
Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)
Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)
MukeshKrActivelylook
 
WordPress
WordPressWordPress
WordPress
Purushottam Dahal
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingImane SBAI
 
How to Upload Presentations in SlideShare and Embed in your Wordpress Blog
How to Upload Presentations in SlideShare and Embed in your Wordpress Blog How to Upload Presentations in SlideShare and Embed in your Wordpress Blog
How to Upload Presentations in SlideShare and Embed in your Wordpress Blog
Aimee Emejas
 
Intro to Wordpress
Intro to WordpressIntro to Wordpress
Intro to WordpressNicole C. Engard
 
5g wireless technology
5g wireless technology 5g wireless technology
5g wireless technology
Sudhanshu Jha
 
Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniques
Vi Tính Hoàng Nam
 

More Related Content

What's hot

Log4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdfLog4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdf
Brandon DeVault
 
Ödül Avcılığı - Masanın Diğer Tarafı
Ödül Avcılığı - Masanın Diğer TarafıÖdül Avcılığı - Masanın Diğer Tarafı
Ödül Avcılığı - Masanın Diğer Tarafı
Çağlar Çakıcı
 
The Hacker's Guide to Kubernetes
The Hacker's Guide to KubernetesThe Hacker's Guide to Kubernetes
The Hacker's Guide to Kubernetes
Patrycja Wegrzynowicz
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Google App Engine
Google App EngineGoogle App Engine
Google App Engine
Sameer Satyam
 
Broadband technology
Broadband technologyBroadband technology
Broadband technology
Bharat Sanchar Nigam Limited
 
WiMAX Basics
WiMAX Basics WiMAX Basics
WiMAX Basics
Jarin Tasnim Khan
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
Nishant Pahad
 
Cloud Deployment
Cloud DeploymentCloud Deployment
Cloud Deployment
Tushar Choudhary
 
Content Management System(CMS) & Basic WordPress
Content Management System(CMS) & Basic WordPressContent Management System(CMS) & Basic WordPress
Content Management System(CMS) & Basic WordPress
Shahadat Hossain Manik
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShell
Salaudeen Rajack
 
Cloud service models
Cloud service modelsCloud service models
Cloud service models
Prem Sanil
 
Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)
Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)
Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)
MukeshKrActivelylook
 
WordPress
WordPressWordPress
WordPress
Purushottam Dahal
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingImane SBAI
 
How to Upload Presentations in SlideShare and Embed in your Wordpress Blog
How to Upload Presentations in SlideShare and Embed in your Wordpress Blog How to Upload Presentations in SlideShare and Embed in your Wordpress Blog
How to Upload Presentations in SlideShare and Embed in your Wordpress Blog
Aimee Emejas
 
5g wireless technology
5g wireless technology 5g wireless technology
5g wireless technology
Sudhanshu Jha
 

What's hot (20)

Log4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdfLog4Shell Case Study - Suricon2022.pdf
Log4Shell Case Study - Suricon2022.pdf
 
Ödül Avcılığı - Masanın Diğer Tarafı
Ödül Avcılığı - Masanın Diğer TarafıÖdül Avcılığı - Masanın Diğer Tarafı
Ödül Avcılığı - Masanın Diğer Tarafı
 
The Hacker's Guide to Kubernetes
The Hacker's Guide to KubernetesThe Hacker's Guide to Kubernetes
The Hacker's Guide to Kubernetes
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Google App Engine
Google App EngineGoogle App Engine
Google App Engine
 
Broadband technology
Broadband technologyBroadband technology
Broadband technology
 
WiMAX Basics
WiMAX Basics WiMAX Basics
WiMAX Basics
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 
Secure electronic transaction
Secure electronic transactionSecure electronic transaction
Secure electronic transaction
 
Wifi technology ppt
Wifi technology pptWifi technology ppt
Wifi technology ppt
 
Cloud Deployment
Cloud DeploymentCloud Deployment
Cloud Deployment
 
Content Management System(CMS) & Basic WordPress
Content Management System(CMS) & Basic WordPressContent Management System(CMS) & Basic WordPress
Content Management System(CMS) & Basic WordPress
 
Introduction to PowerShell
Introduction to PowerShellIntroduction to PowerShell
Introduction to PowerShell
 
Cloud service models
Cloud service modelsCloud service models
Cloud service models
 
Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)
Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)
Cloudcomputingsimpleppt 141114085742-conversion-gate01 (1)
 
WordPress
WordPressWordPress
WordPress
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
How to Upload Presentations in SlideShare and Embed in your Wordpress Blog
How to Upload Presentations in SlideShare and Embed in your Wordpress Blog How to Upload Presentations in SlideShare and Embed in your Wordpress Blog
How to Upload Presentations in SlideShare and Embed in your Wordpress Blog
 
Intro to Wordpress
Intro to WordpressIntro to Wordpress
Intro to Wordpress
 
5g wireless technology
5g wireless technology 5g wireless technology
5g wireless technology
 

Similar to Improving Password Based Security

Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
Gloria Stoilova
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniques
Vi Tính Hoàng Nam
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Hajer alriyami
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
skimil
 
World Password Management Day, 2023.pdf
World Password Management Day, 2023.pdfWorld Password Management Day, 2023.pdf
World Password Management Day, 2023.pdf
Chinatu Uzuegbu
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
Klaus Drosch
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
Yury Chemerkin
 
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication
IJMER
 
Getting authentication right
Getting authentication rightGetting authentication right
Getting authentication right
Andre N. Klingsheim
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
Sagar Verma
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
Nicholas Davis
 
8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurityricharddxd
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
SupanShah2
 
PASSWORD BEST PRACTICES
PASSWORD BEST PRACTICESPASSWORD BEST PRACTICES
PASSWORD BEST PRACTICES
Razorpoint Security
 
2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx
ssuser2f0fb0
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Fego Ogwara
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02amiinaaa
 

Similar to Improving Password Based Security (20)

Password Strength Policy Query
Password Strength Policy QueryPassword Strength Policy Query
Password Strength Policy Query
 
Ceh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniquesCeh v5 module 13 web based password cracking techniques
Ceh v5 module 13 web based password cracking techniques
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Authentication and session v4
Authentication and session v4Authentication and session v4
Authentication and session v4
 
World Password Management Day, 2023.pdf
World Password Management Day, 2023.pdfWorld Password Management Day, 2023.pdf
World Password Management Day, 2023.pdf
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication An Enhanced Security System for Web Authentication
An Enhanced Security System for Web Authentication
 
Getting authentication right
Getting authentication rightGetting authentication right
Getting authentication right
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
8 passwordsecurity
8 passwordsecurity8 passwordsecurity
8 passwordsecurity
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
Password management
Password managementPassword management
Password management
 
PASSWORD BEST PRACTICES
PASSWORD BEST PRACTICESPASSWORD BEST PRACTICES
PASSWORD BEST PRACTICES
 
2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx
 
Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...Securing Database Passwords Using a Combination of hashing and Salting Techni...
Securing Database Passwords Using a Combination of hashing and Salting Techni...
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 

Recently uploaded

CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
Balvir Singh
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
MysoreMuleSoftMeetup
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
EduSkills OECD
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Po-Chuan Chen
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Thiyagu K
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
BhavyaRajput3
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
Peter Windle
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
TechSoup
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
MIRIAMSALINAS13
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 

Recently uploaded (20)

CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
Operation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela TaraOperation Blue Star - Saka Neela Tara
Operation Blue Star - Saka Neela Tara
 
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
Mule 4.6 & Java 17 Upgrade | MuleSoft Mysore Meetup #46
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
Francesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptxFrancesca Gottschalk - How can education support child empowerment.pptx
Francesca Gottschalk - How can education support child empowerment.pptx
 
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdfAdversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
Adversarial Attention Modeling for Multi-dimensional Emotion Regression.pdf
 
Unit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdfUnit 2- Research Aptitude (UGC NET Paper I).pdf
Unit 2- Research Aptitude (UGC NET Paper I).pdf
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCECLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
CLASS 11 CBSE B.St Project AIDS TO TRADE - INSURANCE
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
A Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in EducationA Strategic Approach: GenAI in Education
A Strategic Approach: GenAI in Education
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
Introduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp NetworkIntroduction to AI for Nonprofits with Tapp Network
Introduction to AI for Nonprofits with Tapp Network
 
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXXPhrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
Phrasal Verbs.XXXXXXXXXXXXXXXXXXXXXXXXXX
 
Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 

Improving Password Based Security

  • 2. What is a Password? • A password is a secret word or string of characters that is used for user authentication to prove identity, or for access approval to gain access to a resource (example: an access code is a type of password). • The use of passwords is known to be ancient. Sentries would challenge those wishing to enter an area or approaching it to supply a password or watchword, and would only allow a person or group to pass if they knew the password. • In modern times, user names and passwords are commonly used by people during a log in process that controls access to protected computer operating systems, mobile phones, cable TV decoders, automated teller machines (ATMs), etc. Brought To You by www.rareinput.com
  • 3. What is the need of a password? There are many reasons to use passwords. Here are some common reasons to use them: to prevent unauthorized access to important information to guarantee security of personal information to prevent unauthorized access to user accounts, such as computer and email accounts to be able to use various Internet services securely Brought To You by www.rareinput.com
  • 4. How does password work? Whenever we create a login on any website or any stand alone system/application, we are generally asked for two things one is the username and other is the password. The combination of these username and password is then saved into the database of the system/application. And when the user tries to log in to that particular system or application, he is asked for these two things. If the username and the password entered by the user matches with the password and the username previously stored in the database, then he/she is granted the access, else the access is prevented. Brought To You by www.rareinput.com
  • 5. Challenges in password based security Password Creation Password strength Password storing Password Protection Password cracking Brought To You by www.rareinput.com
  • 6. How to Improve Password based security? A very simple answer to this question is “to improve the strength of the password”. But what actually is a good strength to ensure the proper security?? Well, there are some techniques and do’s and don'ts which may ensure a better security while using password security. Some of them are discussed in the next slides. Brought To You by www.rareinput.com
  • 7. I. Creating a strong Password: We all must create strong passwords which are tough to guess and break. In order to create strong passwords we shall follow following points. a) A minimum password length of 12 to 14 characters. b) Generating passwords randomly where feasible c) Avoiding passwords based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, romantic links (current or past), or biographical information (e.g., ID numbers, ancestors' names or dates). d) Including numbers, and symbols in passwords if allowed by the system e) If the system recognizes case as significant, using capital and lower-case letters f) Avoiding using the same password for multiple sites or purposes g) Avoid using something that the public or workmates know you strongly like or dislike Brought To You by www.rareinput.com
  • 8. 2. Storing Encrypted Password: • When we are planning to authenticate users via passwords, we must ensure the security of the password in our database. • If we store user passwords as plaintext, against which to compare user log on attempts. If an attacker gains access to such an internal password store, all passwords—and so all user accounts—will be compromised. If some users employ the same password for accounts on different systems, those will be compromised as well. • More secure systems store each password in a cryptographically protected form, so access to the actual password will still be difficult for a snooper who gains internal access to the system, while validation of user access attempts remains possible. • A common approach stores only a "hashed" form of the plaintext password. When a user types in a password on such a system, the password handling software runs through a cryptographic hash algorithm, and if the hash value generated from the user's entry matches the hash stored in the password database, the user is permitted access. Brought To You by www.rareinput.com
  • 9. 3. Random Passwords: • Random passwords consist of a string of symbols of specified length taken from some set of symbols using a random selection process in which each symbol is equally likely to be selected. The symbols can be individual characters from a character set (e.g., the ASCII character set), pronounceable passwords, or even words from a word list (thus forming a passphrase). • However, these are often not truly random, but pseudo random • Random password programs often have the ability to ensure that the resulting password complies with a local Password Policy. Brought To You by www.rareinput.com
  • 10. 4. Password longevity (ageing): • "Password aging" is a feature of some operating systems which forces users to change passwords frequently (e.g., quarterly, monthly or even more often) • There is often an increase in the people who note down the password and leave it where it can easily be found or Users may use simpler passwords or develop variation patterns on a consistent theme to keep their passwords memorable. Because of these issues, password aging is effective. • Password aging is also required because of the nature of data of the IT systems. Brought To You by www.rareinput.com
  • 11. 5. Limits on the number of password guesses: • An alternative to limiting the rate at which an attacker can make guesses on a password is to limit the total number of guesses that can be made. • The password can be disabled, requiring a reset, after a small number of consecutive bad guesses (say 5); and the user may be required to change the password after a larger cumulative number of bad guesses (say 30), to prevent an attacker from making an arbitrarily large number of bad guesses by interspersing them between good guesses made by the legitimate password owner. Brought To You by www.rareinput.com
  • 12. 6. Transmission through encrypted channels: • The risk of interception of passwords sent over the Internet can be reduced by, among other approaches, using cryptographic protection. • The most widely used is the Transport Layer Security (TLS, previously called SSL) feature built into most current Internet browsers. • Most browsers alert the user of a TLS/SSL protected exchange with a server by displaying a closed lock icon, or some other sign, when TLS is in use. Brought To You by www.rareinput.com
  • 13. Do’s and don’ts of a password Do’s of a password Don’ts of a password • DO pick a password you will remember • DON'T write your password down. • DO change your password regularly • DON'T make obvious choices like your last name, first • DO use a mix of uppercase and lowercase name, nickname, birthdate, spouse characters and special characters such as name, pet name, make/model of car, or #, $, %. favorite expression. • DO use random passwords. • DON'T choose your username as your • DO use a password that you can type quickly password. without having to look at your keyboard. This • DON'T share your password with anyone. makes it harder for someone to notice your Once it is out of your control, so is your password if they happen to be watching over security. your shoulder. • DON'T use a word contained in English or • DO use a password with 8 or more foreign language dictionaries, spelling lists or characters. More is better. commonly digitized • DO create different passwords for different • DON'T use an alphabet sequence accounts and applications. Brought To You by www.rareinput.com (lmnopqrst), a number sequence (12345678)
  • 14. By using these mentioned techniques we can significantly improve our password based security and can save ourselves from the numerous threats of this cyber world. Brought To You by www.rareinput.com
  • 15. References • http://www.google.com • http://www.securepasswords.net/site/Password-Dos-andDonts/page/25.html • http://en.wikipedia.org/wiki/Password_strength • http://en.wikipedia.org/wiki/Password Brought To You by www.rareinput.com
  • 16. Thank You Saurabh Kumar Jha CTO and Co Founder www.rareinput.com