Wednesday, November 11, 2009

Various Techniques Used by Hackers to Retrieve Passwords Basic to In-depth Home Computer Security Guide Page 23

Various Techniques Used by Hackers to Retrieve Passwords

·One way of stealing the password is standing behind an individual and over looks their password while they are typing it or search for the papers where they have written the password.

·Another way of stealing the password is through guesses. Hackers try all the possible combinations with the help of personal information of an individual.

·When there are large number of combinations of passwords, the hackers uses fast processors and some software tools to crack the password. This method of cracking password is known as “Brute force attack”.

·Hackers also try all the possible words in an dictionary to crack the password with the help of some software tools. This is called a “dictionary attack”.

Sample password:

IJ!5iS@g0odP4s5wD ---->This is a good password

administrator123 --->bad password

Password Policy

It’s a general practice of users to keep the same password for life long; rather users should change their passwords regularly.

Password should be complex and change regularly. Password policy setting controls the complexity of the password. To edit the password policy setting, go to Start menu\Settings\Control Panel\Administrative Tools\Local Security Setting\Account Policy\Password Policy\ set each and every option

• Enforce Password History

• Maximum Password Age

• Minimum Password Age

• Minimum Password Length

• Password Must Meet Complexity Requirement

Whenever the user is required to use a password, he should use a strong password that conforms to the following Countermeasures:

• At least seven characters in length (the longer the better)

• Includes upper and lower case letters, numerals, symbols

• Has at least one symbol character in the second through sixth position

• Has at least four different characters in given password (no repeats)

• Looks like a sequence of random letters and numbers

• Don’t use any part of logon name for the password

• Don’t use any actual word or name in ANY language

• Don’t use numbers in place of similar letters

• Don’t reuse any portion of old password

• Don’t use consecutive letters or numbers like "abcdefg" or "234567"

• Don’t use adjacent keys on the keyboard like "qwerty"

A good way to create a strong password is by using the first letters of a phase that user can easily remember.

Login settings

Windows NT, 2000 and XP come with many built in users and groups. These include the Administrator, Backup Operator, Guest, Power User and many more. The purpose of these groups is to enhance the abilities of a user without having to make that user an Administrator. However, due to the powers granted to these groups any user that is a member of one can become an Administrator. All unnecessary users must be disabled.

To disable unwanted accounts follow the steps as follows. Go to Start menu\Settings\Control Panel\Administrative Tools\Computers Management\Local Users and Groups\Users. Double click the account user want to disable and Check the box see Figure-15.

Figure-16: Account is disabled



You Have Successfully Posted the Message.