Attacks

Countermeasures

Off line dictionary

Password eavesdropping

Intruders accessed password file

Access Control
Good passwords
Tokens lifetime 15min – 8 hours

Specific account

Password guessing

Lockout mechanism after 5 tries
Security questions

Popular passwords

Try on many users

Policy rules on passwords!
Rules, restriction, upper/lower case numbers special signs, length 10 char

Check before accepted

Password guessing on user data

Tracking user info: name, birthday, policies
Social engineering

User policy, information

Password policy on strength

Length & contents forms the strength

Different passwords

Hijacking a pc workstation

Real life thefts or bypassing
Poisontap raspberry pi mirror?

Time out after 2 minutes
Theft: Locks, GPS,
Lock on USB-port

Mistakes

Password is written down

User training

Don’t enforce too complicated passwords

Multiple systems

Facebook

Windows systems then attack NemId

Different passwords