Password
system attacks and Countermeasures
Attacks |
Countermeasures |
Off
line dictionary Password
eavesdropping Intruders
accessed password file |
Access
Control |
Specific
account Password
guessing |
Lockout
mechanism after 5 tries |
Popular
passwords Try
on many users |
Policy
rules on passwords! Check
before accepted |
Password
guessing on user data Tracking
user info: name, birthday, policies |
User
policy, information Password
policy on strength Length
& contents forms the strength Different
passwords |
Hijacking
a pc workstation Real
life thefts or bypassing |
Time
out after 2 minutes |
Mistakes Password
is written down |
User
training Don’t
enforce too complicated passwords |
Multiple
systems Facebook Windows
systems then attack NemId |
Different
passwords |
|
|
|
|