12 About passwords

About Passwords

Password is a key or a Secret word or a string of characters which is used to protect your assets or information from others in the cyber world. It is used for authentication, to prove our identity or to gain access to our own resources. It should be kept secret to prevent access by unauthorized users.

In social networking sites like Facebook, Orkut, and LinkedIn each of which is studded with answers to commonly used security questions such as favourite place, school, college, etc..

Importance of Passwords

  • Password represents the identity of an individual for a system.
  • A password helps individuals in protecting personal information from being viewed by unauthorized users. Hence it is important to secure passwords.
  • Password  acts   like   a   barrier  between   the   users  and   his  personal information

Possible Vulnerabilities with Passwords are

  • Passwords could be shared with other persons and might be misused
  • Passwords can be forgotten
  • Stolen password can be used by an unauthorized user who may collect your personal information
  • Easy Passwords such as with name, date of birth, mobile numbers could be guessed by anybody and misuse them
  • If you use same password for all accounts, It would be 90% of easy chances to the hackers to crack all account passwords
Tips :        You are responsible for safeguarding your ID and password.
                         Never write your passwords on paper (or) anywhere else for referring

Various Techniques used by hackers/crackers to retrieve your passwords

Shoulder Surfing :

One way of stealing the password is standing behind an individual and look over their shoulder to read their password while they are typing it. Shoulder Surfing is a direct observation technique, such as looking over someone's shoulder to get passwords, PINs, other sensitive personal information and even overhearing your conversation when you give your credit-card number over the phone.

Shoulder surfing is easily done in crowded places. It’s comparatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM, or use a calling card at a public pay phone. It can also be done long distance with the help of binoculars or other vision-enhancing devices.

Your confidential information will be at risk if your passwords are observed by Shoulder Surfers. They can use your password information for logging into your account and they may do harm to your information.

Tip: Explain to your children to be aware of Shoulder Surfers at public places like Internet Centers or schools while they are entering their passwords into the login accounts. Ask them to not to reveal their passwords in front of others or not to type their usernames and passwords before  unauthorized persons. Ask them to cover the keyboard with paper or hand or something else to prevent then from being viewed by unauthorized users.

Brute force attacks

Another   way   of   stealing   the   password   is   through guesses. Hackers try all the possible combinations with the help of personal information of an individual. They will try with the person’s name, pet name (nickname), numbers (date of birth, phone numbers), school name… etc.. When there are large numbers of combinations of passwords the hackers use fast processors and some software tools to crack the password. This method of cracking password is known as "Brute force attack".

Tip:  Explain  to  your  children  not  to  use  a  password  that  represents  their personal information like nicknames, phone numbers, date of birth, etc..

Dictionary attacks

Hackers also try with all possible dictionary words to crack your password with the help of some software tools. This is called a "Dictionary attack".

Tip: Teach your children not to use dictionary words (like animal, plants, birds or meanings) while creating the passwords for login accounts .

Sending your password information through network.

The Hackers/Crackers  even get the password information by sniffing the network traffic which is travelling on the network or even can get the password information by listening to your phone call conversation with others.

Tip:  Teach  your  children  not  to  give  their  passwords to  their  friends  or  to anyone through online chatting, e-mails or even through phone conversations.

Sharing your passwords with strangers

Sharing the passwords with unknown persons (strangers) may also lead to loss of your personal information. They can use your login information and can get access to your information. The operating system does not know who is logging into the system, it will just allow any person who enters the credential information   into   the   login   page.   Strangers,   after   getting   access   to   your information, can do anything with it. They can copy, modify or delete it.

Tip:  Explain  to  your  children  not  to  share  their  passwords  with  unknown persons (strangers).

Using weak Passwords or blank passwords

Weak and blank passwords are one of the easiest ways for attackers to crack your system.

Tip:  Explain  to  your  children  that  their information can be easily stolen or accessed by strangers if they use weak passwords. Ask them to “Use Strong Passwords”.

Strong and easiest to remember Password

A strong Password should have combinations of Alphabets, Numbers and Characters such as c.!@*^&;;)(~@. Remembering these passwords are very difficult.

Things to be remembered while creating Strong Passwords

  • Use at least 8 characters or more to create a password. The more number of characters we use, the more secure is our password.
  • Use various combinations of characters while creating a password. For example,  create a  password consisting of a  combination  of lowercase, uppercase, numbers and special characters etc..
  • Avoid using the words from dictionary. They can be cracked easily.
  • Create a password such that it can be remembered. This avoids the need to write passwords somewhere, which is not advisable.
  • A password must be difficult to guess.
  • Change the password frequently at least 2 weeks once

Guidelines for maintaining a good password

  • Change the password once in two weeks or when you suspect someone knows the password
  • Do not use a password that was used earlier
  • Be careful while entering a password when someone is sitting beside you.
  • Store the passwords on computer with the help of an encryption utility.
  • Do not use the name of things located around you as passwords for your account.

Address

Centre for Development of Advanced Computing, (C-DAC)
Plot No. 6 & 7, Hardware Park, Sy No. 1/1, Srisailam Highway, Pahadi Shareef Via Keshavagiri (Post) Hyderabad - 500005

Phone

Phone: 040-23737124/25
Mobile: 040-23737124/25

TollFree

1800 425 6235

Email Address

isea[at]cdac[dot]in