PASSWORDS;Guised Indispensable's or Liabilties? by Kelvin Karanja - HTML preview

PLEASE NOTE: This is an HTML preview only and some elements such as links or page numbers may be incorrect.
Download the book in PDF, ePub, Kindle for a complete version.

 

          CONTENTS

         

 Chapter 1:   The Password.......................................... ....................... 5

                        Introduction......................................................................... 5

                        Why Use a Password?......................................................................6

                        The Password Security Mechanisms...................................8

                        Password Policy............................................................................... 9

                        Aspects of Password Policy…………………………… …………… ..10

                        Storage of Passwords……………………………………………...................13

                        Authentication of Passwords………………………… …………… ..18

                        Application of PAKE……………………………………………… …………….. 20

                        Emails and Passwords…………………………………… …………... 20

                        Areas Where Emails can be Compromised…………… ………………… 21

                        One Time Passwords (OTPs)...............................................22

                        Approaches to OTP Generation……………………………… …………… ...2 3

                        Methods of OTP Delivery……………………………… …………… ..25

                        Shortcomings of OTPs…………………………………………… ……………… 26

                        Challenges Facing Two-Factor Authentication… …………….. 27

                        Usernames and Email Addresses…………………………… ……………… .3 0

Chapter 2:   Common Selection Criteria............................................32

                        Human Generated Passwords..............................................33

                        Weaknesses of Human Generated Passwords……………………….....34

                        Keyboard   Usability Considerations....................................36

                        Names..............................................................................................38

                        Short Passwords…………………………………………………………..40

                        Any Significance of Using Spaces in a password?...........................42

                        Security Questions………………………………………………………..43

                        Random Things................................................................................45

                        Mnemonics.............................................................................47

                        Numbers and Symbols......................................................................49

                      Reusing Passwords..................................................................5 0

                      Sharing of Passwords…………………………………………………………… ..5 2

                      Mangling/Mirroring it around……………………………………… ... 5 3

                      Usernames and Email Addresses........................................................5 4

Chapter 3: Cracking Passwords........................................................5 4

                       Cracking Passwords.................................................................5 4

                       Dictionary Attack………………………………………………………………… .5 7

                       Rainbow Table………………………………………………………………. 59

                       Brute Force……………………………………………………………………………..6 1

                       GPU………………………………………………………………………………6 2

                       Hybrid Attack………………………………………………………………………….6 3

                       Encryption and Cryptography………………………………………….6 7

                Emails, End-to-End Encryption vs. Client Side Encryption in relation to              Passwords…………………………………………………………………………………………………70

                      Hashing Algorithms…………………………………………………………7 2

                      Salts………………………………………………………………………………………..7 3

                      Password Cracking Tools………………………………………………….7 5

                      Online ‘Hacker’ Forums…………………………………………………………….7 7

                      Openwall.com………………………………………………………………….80

                      Anatomies of Password Cracking… …………………………………………….8 2

 Chapter 4:   Secure Techniques.........................................................8 6

                          Password Length and Strength………………………………… …..86

                        Reference to Password Blacklists.................................................... 89

                        Careful Capitalization...........................................................9 0

                        Random Password Generators........................................................91

                        Password Strength Checkers................................................92

                        Password Managers.........................................................................9 4

                          Types of Password Managers………………………………………..9 6

                        Password Safe...................................................................................9 8

                        Best Password Managers……………………………………………... 99

                        Password Longevity/Duration.........................................................10 0

                        Personal Password Policy……………………………………………..10 1

   Chapter 5: Networks and their Security Flaws................................10 2

                          WEP.....................................................................................10 3

                         WPA/WPA2.....................................................................................10 5

                         VPNs.....................................................................................10 6

                         VPN Authentication…………………………………………………………… .10 8

                         Routers………………………………………………………………………109

                         Unencrypted Tunnels……………………………………………………………..11 0

                         VPNs in Private Networks…………………………………………….11 0

                         Limitations of VPNs…………………………………………………………........11 1

                         Proxy Servers……………………………………………………………… 1 1 2

                         Configuring Proxy Servers…………………………………………………… .11 3

                         Setting up Firewalls…………………………………………………… .. 11 5

           

  Chapter 6:   Problems with the Web and Securing it…………………… …… .11 7

                          Storage of Passwords on the Web…………………………………… .11 7

                          Poor Encryption, Hashing and Salting Techniques………………..........11 8

                          Website Hacks……………………………………………………………… …. 12 0

                          Injection Attacks……………………………………………………………………….12 0

                          Poor Password Policies…………………………………………………… ... 13 1

                          Solutions……………………………………………………………………… ………… ..133

                          Data Breaches…..........................................................................13 3

                          The Heartbleed bug……………………………………………………… ………… ...13 4

                          MitB…………………………………………………………………………… ….. 13 6

                          Protection against MitB……………………………………………………………..13 8

                          Phishing…………………………………………………………………………..14 0

                          Solutions…...........................................................................................145

                          Clickjacking……………………………………………………………………...14 6

                          Backdoors………………………………………………………………………………...148

                          Direct Access Attacks………………………………………………………... 149

                          Eavesdropping…………………………………………………………………..........15 1

                          General Solutions……………………………………………………………...15 2

                          Install and Update Antivirus Software………………………………………...153

                          Methods of Protection from Viruses………………………………… .15 3

                          Install & Update AntiSpyware and AntiMalware…………………………. ..1 55

                          Update your Operating Systems……………………………………… ..15 6

                          Remember Wannacry?.........................................................................15 6

                          Be Careful what you Download…................................................158

                          Turn Off your Computer……………………………………………………...........15 8

 Chapter 7:   The Future Of Passwords...................................................15 8

                          The Password is Dead........................................................... .... 160

                         Replacing the Password?......................................................................161

                         Most Popular Alternatives to Passwords…………………………...162

                         Project Abacus……………………………………………………………………… ….. 165

                         Final Thoughts..........................................................................16 7

                         About the Author...................................................................................16 8

                     

DISCLAIMER          

Every  attempt  has    been  made  to  verify  the  information  provided  in  this  ebook.Every  effort  has    been  made  to  ensure  the  content  of  the  ebook  is  as  complete and    accurate    as    possible.The  author shall  not  be  responsible  for  any  errors,inaccuracies  or  omissions.

 

                                            Kelvin Karanja © 2017

                                             All Rights Reserved

         

                                Follow Tech Bytes at   Tech Bytes

                              for more  tech news and information.

                                           

                                               

 

                      1] The Password  

Introduction

The password is a phenomenal that has being in existence since the dawn of the web, in fact passphrases were used by ancient societies  as a security measure,and this just goes to show the innovative nature of mankind throughout the ages.The  password is a mechanism that provides a secure gateway  or a loophole  to CyberSecurity ;whichever way you look at it as there are two sides to a coin( others say 3 ).With the passing of time,it has become easier to compromise passwords and therefore there is no guarantee of security by having a password,it has to be a secure one and the online service you sign up for should also offer an environment that maintains that level of security and  even  improves the level of security rather than diluting it and making the user's vulnerable. Many of us have been culpable of numerous password flaws which compromises our Cyber Security.The statement ' Do anything and everything and even hire a Cyber Security team but if your password is weak,none of it will matter ' says a great deal about the many underlying  issues  relating to Passwords other than say password length  and to an extension the whole Cyber Security Challenges.The aim of this eBook is to try shed  some light,understand and resolve most of these issues ,because in the words of Calvin Coolidge ( 30 th  US President )....' We cannot do everything at once,but we can do something at once '.I believe that we'll definitely have made an important step forward.

You may also like...