Scribd
Upload
96 views

Password Security: How Passwords Are Cracked..

Attackers use various techniques like brute force, social engineering, and software tools to discover passwords. System administrators can improve security by helping users manage passwords through reducing password usage where unnecessary, allowing secure password storage, and providing guidance on generating strong passwords that are hard to guess.

Uploaded by

Denny Tobing
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
96 views

Password Security: How Passwords Are Cracked..

Attackers use various techniques like brute force, social engineering, and software tools to discover passwords. System administrators can improve security by helping users manage passwords through reducing password usage where unnecessary, allowing secure password storage, and providing guidance on generating strong passwords that are hard to guess.

Uploaded by

Denny Tobing
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Attackers use a variety of techniques to discover passwords, including using powerful tools

Password security freely available on the internet. The following advice makes password security easier for your
users – improving your system security as a result.

How passwords are cracked... ...and how to improve your system security
Interception Help users cope with
*****
Passwords can be ‘password overload’
intercepted as they are
transmitted over a network. • Only use passwords where they are really needed.
Brute Force
• Use technical solutions to reduce the burden on users.
Automated guessing of
billions of passwords until • Allow users to securely record and store their passwords.
the correct one is found. • Only ask users to change their passwords on indication
Average number of Average number of
of suspicion of compromise.
websites users access UK citizen’s online
using the same password passwords • Allow users to reset password easily, quickly and cheaply.

Help users generate


Searching appropriate passwords
Stealing
IT infrastructure can be
searched for electronically Passwords • Put technical defences in place so that simpler
stored password information. Insecurely stored passwords passwords can be used.
can be stolen – this includes • Steer users away from predictable passwords
handwritten passwords – and ban the most common.
hidden close to a device. Blacklist the most
common password • Encourage users to never re-use passwords
Manual Guessing choices between work and home.
Personal information, such • Train staff to help them avoid creating passwords
as name and date of birth Monitor failed login that are easy to guess.
can be used to guess Shoulder Surfing attempts… train • Be aware of the limitations of password strength meters.
common passwords. Observing someone typing users to report
their password. suspicious activity

Use account
Prioritise administrator UPDATE
lockout, throttling
Social and remote user
or monitoring to
accounts Change all default vendor
Engineering Key Logging supplied passwords before
help prevent brute
Attackers use social force attacks
An installed keylogger devices or software
engineering techniques to Don’t store passwords
intercepts passwords are deployed
trick people into revealing in plain text format.
as they are typed.
passwords.

For more information go to www.ncsc.gov.uk @ncsc

You might also like