|
|
passwords, is either stealing them outright or by "cracking" them (trying all combinations until they work). The document RFC1244: has a number of guidelines: - DON'T use your login name in any form (as-is, reversed, capitalized, doubled, etc.).
It's the first thing hackers guess - DON'T use your first, middle, or last name in any form.
- DON'T use your spouse's or child's name.
It's the second thing hackers guess - DON'T use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, etc..
- DON'T use a password of all digits, or all the same letter.
- DON'T use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words.
- DON'T use a password shorter than six characters.
Short passwords can easily be cracked - DO use a password with mixed-case alphabetics.
- DO use a password with non-alphabetic characters (digits or punctuation).
- DO use a password that is easy to remember, so you don't have to write it down.
Post-It® Notes on under keyboards or on screens are a leading cause of compromises - DO use a password that you can type quickly, without having to look at the keyboard.
Another leading cause of stolen passwords is shoulder surfing
- crack@
run crack to find users with weak passwords
- grind@
run scanners to remotely find machines with default and easy-to-guess passwords
| |
|
