Password Policy John Hally John.hally@comcast.net Why This Policy? - PowerPoint PPT Presentation

Oct 25, 2023 •124 likes •202 views

Password Policy John Hally John.hally@comcast.net Why This Policy? Very important aspect of security Can easily be the weakest link Set standards for: Creation of strong passwords Password protection Frequency of

Password Policy John Hally John.hally@comcast.net
Why This Policy? � Very important aspect of security � Can easily be the ‘ weakest link ’ � Set standards for: – Creation of strong passwords – Password protection – Frequency of change
Policy Applicability � All: – Users (local and remote) – Contractors – Vendors � Developers – Their own accounts – Their applications � Support individual user authentication. � No clear text password storage � Provide role management. � Support TACACS+ , RADIUS and/or X.509, LDAP security retrieval when possible.
Strong Password Construction Contain at least three of the five following character � classes: – Lower case characters – Upper case characters – Numbers – Punctuation – “ Special ” characters (e.g. @#$%^&*()_+|~-=\`{}[]:";'<>/ etc) Contain at least fifteen alphanumeric characters. � Are not words in any language, slang, dialect, jargon, � etc. Are not based on personal information, names of family, � etc.
What constitutes a ‘ weak ’ password? Contains less than fifteen characters � Is a word found in a dictionary (English or foreign) � Is a common usage word such as: � – Names of family, pets, friends, etc. – Computer terms and names, commands, sites, companies, hardware, software. – “ <Company Name> “ , locations or any derivation. – Personal information (birthdays, addresses phone numbers). – Word/number patterns - aaabbb, qwerty, zyxwvuts, 123321, etc. – Any of the above spelled backwards. Above preceded or followed by a digit (e.g., secret1, � 1secret)
Password Protection Different passwords for non-business accounts - personal ISP, etc. � Different passwords for various access needs when possible. � Do not share passwords with ANYONE. � Should never be written down/stored un-encrypted. � No passwords in electronic communication (email, chat). � Do not speak about a password in front of others. � No hints - "my family name “ . � Never on questionnaires or security forms. � Password demands - refer to this document and/or Information � Security Department. No ‘ Remember Password ’ feature of applications. �

Download Presentation

Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Manage password policy in OpenLDAP Clment OUDOT coudot@linagora.com First time you see me?

Manage password policy in OpenLDAP Clment OUDOT coudot@linagora.com First time you see me? Let's introduce! LDAPcoholic since many years Fake developer, real hacker Let's begin with the password policy draft (Behera draft) A draft? Is it

476 views • 26 slides

Improving Password Management Laura Raderman, Policy and Compliance Coordinator, ISO Ole

Improving Password Management Laura Raderman, Policy and Compliance Coordinator, ISO Ole Villadsen, Research Liaison, Cybersecurity, UL Password Management How many passwords do you have? Are they all different? How different?

395 views • 37 slides

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com What is Team Password Manager - Password manager for groups and projects - Uses projects to group passwords - Secure, fine grained password sharing -

712 views • 9 slides

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force Attack - tries every possible character combination as a password. To recover a single-letter password would require up to 26 combinations. A

415 views • 8 slides

UNDERSTAND PASSWORD POLICY IN OPENLDAP AND DISCOVER TOOLS TO MANAGE IT Pass the SALT 2020 $

UNDERSTAND PASSWORD POLICY IN OPENLDAP AND DISCOVER TOOLS TO MANAGE IT Pass the SALT 2020 $ ldapwhoami LemonLDAP::NG LDAP Tool Box LDAP Synchronization Connector FusionIAM WSweet Clment OUDOT KPTN Identity Solutions Manager

508 views • 24 slides

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo Krawczyk (IBM Research) Works with Stanislaw Jarecki, Jiayu Xu (UC Irvine) Aggelos Kiayas (U Edinburgh) Nitesh Saxena, Maliheh Shirvanian (UA Birmingham)

750 views • 32 slides

Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

LastPass, a Password Manager Application CS 88S Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring 2017 Agenda Review last weeks material Some Definitions Password in the Cloud

584 views • 47 slides

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your Master Key When you forget a password, they send a reset link to your email. Anyone with access to your email has the power to reset your other

549 views • 31 slides

Again Guideline of IPA Again Guideline of IPA We respect the IPAs policy so that we reported

Extended APOP Password Extended APOP Password Recovery Attack Recovery Attack Yu Sasaki, Lei Wang, Kazuo Ohta and Noboru Kunihiro (The University of Electro-Communications) 31 characters can be recovered. Remark: This research was done only

117 views • 7 slides

Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked Can detect, reject bad passwords for an appropriate definition of bad Discriminate on per-user, per-site basis Needs to do

363 views • 21 slides

Day 3 If you are still using the default password that was assigned when your account was

Day 3 If you are still using the default password that was assigned when your account was created, CHANGE IT NOW! (It can be the same as your email password.) Day 3 Steps in compiling: (Optional preprocessing) Lexical analysis

483 views • 17 slides

Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick

Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms Saranga Komanduri Patrick Gage Kelley, Michelle L. Mazurek, Richard Shay, Tim Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor,

1.88k views • 85 slides

Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password management policies. ~ Trustwave Each year, over 125 millions hours of productivity are lost due to passwords management problematics. ~

950 views • 25 slides

1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm

11/17/09 1 1 11/17/09 2 2 11/17/09 The SiteKey. This is not a graphical password system. ...and I'm pretty sure it doesn't work. 3 3 11/17/09 - basic outline -problems with password usability and security -how various graphical

1.55k views • 86 slides

PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory

PASSWORD STRENGTH ANALYSIS COPING MECHANISMS IN PASSWORD SELECTION Brian Curnett and Teri Flory Masters Students The Center for Education and Research in Information Assurance and Security CURRENT STATUS Problem Statement Stringent

286 views • 15 slides

A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks

A Large-scale Analysis of the Mnemonic Password Advice Johannes Kiesel , Benno Stein, Stefan Lucks Bauhaus-Universitt Weimar www.webis.de NDSS 2017, February 27 th 2017 Mnemonic Password Creation Password: Show password Random

684 views • 17 slides

HOW TO MECHANISE AN IT AUDIT Chris Parker chris.parker@uq.edu.au The University of Queensland

HOW TO MECHANISE AN IT AUDIT Chris Parker chris.parker@uq.edu.au The University of Queensland $1.6 Billion Organisation 40+ Sites 400+ Buildings 100+ Institutes, Schools, and Centres 50,000+ Students 100,000+ Network

798 views • 60 slides

On the Testbed NorduGrid Tutorial, LCSC 2002 1 overview of a Grid session user formulates the

NorduGrid Tutorial On the Testbed NorduGrid Tutorial, LCSC 2002 1 overview of a Grid session user formulates the job requirements by editing an xrsl file having a valid proxy submits the job with ngsub the broker from the UI selects the

342 views • 12 slides

Licensed Pipelines & the Planning System Council Briefing 2019 Critical Infrastructure

Licensed Pipelines & the Planning System Council Briefing 2019 Critical Infrastructure Licensed pipelines are licensed under the Pipelines Act 2005 Licensed pipelines can carry natural gas, petroleum, oxygen, carbon dioxide,

386 views • 19 slides

LDAP for MySQL Cluster back-ndb Howard Chu CTO, Symas Corp. hyc@symas.com Chief Architect,

LDAP for MySQL Cluster back-ndb Howard Chu CTO, Symas Corp. hyc@symas.com Chief Architect, OpenLDAP hyc@openldap.org OpenLDAP Project Open source code project Founded 1998 Three core team members A dozen or so contributors

596 views • 34 slides

Preliminary results of Preliminary results of Preliminary results of Invalda Preliminary results

Preliminary results of Preliminary results of Preliminary results of Invalda Preliminary results of Invalda Invalda Invalda AB AB AB AB group group group group for the period 6 months ending June for the period 6 months ending June 3

791 views • 29 slides

ITCC September 16,2015 ITD Room 438 Agenda 1:00 Update on EA Activity Jeff Quast 1:20 Update

ITCC September 16,2015 ITD Room 438 Agenda 1:00 Update on EA Activity Jeff Quast 1:20 Update on ITD Activity Gary Vetter 1:45 Websphere 8 Eli Cornell 2:00 Password Reset Process Art Bakke 2:15 Windows 10 test site Ron Zarr 2:30 SIRT

404 views • 13 slides

Diego Pino Garca <dpino@igalia.com> Fosdem 2012, 5 Feb What's LibrePlan? LibrePlan is a

Diego Pino Garca <dpino@igalia.com> Fosdem 2012, 5 Feb What's LibrePlan? LibrePlan is a project management tool for planning, monitoring and control any kind of project www.libreplan.com How it looks like? www.libreplan.com Main

417 views • 15 slides

ACT211 RECO T. KNOWLES LOUISIANA DEPARTMENT OF REVENUE COLLECTION DIVISION Outline

ACT211 RECO T. KNOWLES LOUISIANA DEPARTMENT OF REVENUE COLLECTION DIVISION Outline Introduction What is ACT211? What Does this Mean? What is Required? Exempted: Who is? ACT211 Process How Do I Obtain an LDR Number

511 views • 10 slides