Ashutosh Jha's Page

Password Vulnerabilities

Written by admin on 27 December 2008

WP Greet Box icon

Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.

When you balance the cost of security and the value of the protected information,

the combination of user ID and secret password is usually adequate.

However, passwords give a false sense of security. The bad guys know this

and attempt to crack passwords as a step toward breaking into computer

systems.

One big problem with relying solely on passwords for information security is

that more than one person can know them. Sometimes, this is intentional;

often, it’s not. You can’t know who has a password other than the owner.

Knowing a password doesn’t make someone an authorized user.

Here are the two general classifications of password vulnerabilities:

Organizational or end-user vulnerabilities: This includes lack of password

awareness on the part of end users and the lack of password policies

that are enforced within the organization.

Technical vulnerabilities: This includes weak encryption methods and

insecure storage of passwords on computer systems.

Before computer networks and the Internet, the user’s physical environment

was an additional layer of password security. Now that most computers have

network connectivity, that protection is gone.

Organizational password vulnerabilities

It’s human nature to want convenience. This makes passwords one of the easiest

barriers for an attacker to overcome. Almost 3 trillion (yes, trillion with a

t and 12 zeros) eight-character password combinations are possible by using

the 26 letters of the alphabet and the numerals 0 through 9. However, most

people prefer to create passwords that are easy to remember. Users like to

use such passwords as “password,” their login name, or a pet’s name.

Unless users are educated and reminded about using strong passwords, their

passwords usually are

Weak and easy to guess.
Seldom changed.
Reused for many security points. When bad guys crack a password, they try to access other systems with the same password and user name.
Written down in nonsecure places. The more complex a password is, the more difficult it is to crack. However, when users create more complex passwords, they’re more likely to write them down. Hackers can find these passwords and use them against you.

Related Posts:

Tags: crack, hacker, password, security, vulnerability, weak
Posted in Password Hacking | No Comments »

Previous Topic
Network components and computers

Next Topic
Cracking Passwords

Leave a Reply

Improve the web with Nofollow Reciprocity.

Log in

Copyright © 2010 Ashutosh Jha's Page All rights reserved Designed by - Mind Bird Solutions

Disclaimer: The views and opinions expressed on this website are strictly those of the author.These may be right or wrong.They have been provided to benefit the public in general.The author has made considerable efforts to present accurate and reliable information on this web site. However, the author does not take any legal responsibility for the accuracy, completeness, or usefulness of the information herein.