Network Security Illustrated buy the book at Amazon now!


search site
Table of Contents

Book
Introduction

Managing
Security

Outsourcing
Options

Reserving
Rights

Determining
Identity

Preserving
Privacy

Connecting
Networks

Hardening
Networks

Storing
Information

Hiding
Information

Accessing
Information

Ensuring
Availability

Detecting
Intrusions

Page Tools
print this pagePrint this Page
Passwords
Chapter List
Passwords
Digital Certificates
Portable Identifiers
Biometrics
Single Sign-On (web bonus)
More Information
Resources (links)
Discussions
FAQs
Errata
Sample Pages
Buy The Book
at amazon.com
A password is a word, phrase, or pattern that grants access to a system.

Passwords are based on the concept of keeping secrets, which can be a great security device. Under most circumstances, you’re in complete control of the information
you keep in your head.

Everyone knows that keeping a secret is hard. Tell a single person and the secret is out. A secret can become public knowledge within a matter of hours if it’s juicy enough.

Two basic types of passwords exist: good and bad. Bad passwords are those that are easily guessed, those that can be compromised through research, or those too hard to remember. Good passwords are impossible for someone else to figure out. Good and bad password systems also exist. Bad systems encourage, or neglect to protect against, the use of bad passwords. Unfortunately, it’s not always easy to come
up with good passwords, and only a few good password systems are available.

The majority of computer security systems use passwords that are some combination of letters and/or numbers. These passwords tend to fall into one of four categories:

  • Numeric: These would be things like your ATM pin number, voicemail pass codes, or alarm system codes (12345 or 1052).
  • Word/phrase: These consist of “open sesame” challenge-response systems used in spy movies (“The weather is warm for January, is it not?” “Yes, but the flight of the eagle in May is more majestic.”).
  • Mnemonic alphanumeric: These passwords are a combination of letters and numbers meaningful to the user: “fine4you,” or “nice2n0u.” One technique is to use the first letter of each word from a memorized phrase or song lyric, such as “Mhallwfwwas” (think baaaahhhh).
  • Random alphanumeric: Smash the keyboard a few times, or get a pet monkey to do it (*2aq!zm3L or s-gjq32#gm1). If the monkey’s poundings start to read like Hamlet, it’s broken and you need a new monkey.

More Information

The above information is the start of a chapter in "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.

Below, you'll find links to online resources that supplement this portion of the book.


Resources

(websites, books, etc.)

Discussions

FAQs

Errata

Sample Pages