IST_110_Lab_Strong_Passwords_rev6
docx
keyboard_arrow_up
School
Greenville Technical College *
*We aren’t endorsed by this school
Course
110
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
8
Uploaded by ChefPencilLion35
GTC IST-110 Lab: Strong Passwords
Objectives
Understand the concepts behind a strong password.
Background / Scenario
Passwords are widely used to enforce access to resources. Attackers will use many techniques to learn users’ passwords and gain unauthorized access to a resource or data.
To better protect yourself, it is important to understand what makes a strong password and how to store it securely
Required Resources
PC or mobile device with Internet access
Part 1:
Creating a Strong Password
Strong passwords have four main requirements listed in order of importance:
1.
The user can easily remember the password.
2.
It is not trivial for any other person to guess a password.
3.
It is not trivial for a program to guess or discover a password.
4.
Must be complex, containing numbers, symbols and a mix of upper case and lower-case letters.
Many organizations require passwords to contain a combination of numbers, symbols, and lower- and upper-case letters. Passwords that conform to that policy are fine as long as they
are easy for the user to remember. Below is a sample password policy set for a typical organization:
The password must be at least 8 characters long
The password must contain upper- and lower-case letters
The password must contain a number
The password must contain a non-alphanumeric character
A good way to create strong passwords is to choose four or more random words and string them together. The password televisionfrogbootschurch is stronger than J0n@than#81. Notice that while the second password is in compliance with the policies described above, password cracker programs are very efficient at guessing that type of password. While many password policy sets will not accept the first password, televisionfrogbootschurch, it is much stronger than the second. It is easier for the user to remember (especially is associated with an image), it is very long, and its random factor makes it hard for password crackers to guess it.
GTC - CPT Dept
Page 1
of 8 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Using an online password creation tool, create passwords based on the common company password policy set described above.
1.
Open a web browser and go to http://passwordsgenerator.net
2.
Select the options (below) to conform to password policy set
3.
Generate the password.
4.
List Your “New” Password (below)
uQL7m}wg[MpV&-k3
5.
Is the password generated easy to remember? (Yes/No)
No
6.
What is the “Remember your password phrase?
There isn’t one there? I don’t understand the question
7.
Does this phrase help make the password easy to remember? (Who or Why not?)
GTC - CPT Dept
Page 2
of 8 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Part 2:
Creating a Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage but is generally
longer for added security. Basic information on creating your own can be found here: https://www.welivesecurity.com/2016/05/05/forget-about-passwords-you-need-a-passphrase/
Passphrase Site #1:
Using an online password creation tool, create passwords (or passphrases) based on random words. Notice that because the words are appended together, they are not seen
as dictionary words.
1.
Open a web browser and go to http://preshing.com/20110811/xkcd-password-generator/
2.
Generate a random word password by clicking Generate Another!
at the top portion of the webpage.
3.
List your passphrase (below)
body welcome meat park
4.
Is this phrase easy to remember? (Who or Why not?)
Not really. Its just 4 random words
Passphrase Site #2:
5.
Open a web browser and go to https://www.useapassphrase.com/
6.
Generate a random passphrase using the “ Four-word passphrase with spaces” option
7.
List your password (below)
refueling anything litter unmade
8.
What is the Approximate Crack Time? (listed right below the phrase generated)
2,990,035 centuries
Cracking Passphrases:
GTC - CPT Dept
Page 3
of 8 IST 110 Lab
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
GTC IST-110 Lab: Strong Passwords
9.
Open a NEW BROWESER TAB
and go to visit https://www.my1login.com/resources/password-strength-test/
10.
Check the “show password” checkbox above the “Type a password”
input box
11.
Paste your Passphrase Site #1
phrase (from above) into the tester (where it says “Type a password”). What is the approximate crack time?
58 centuries
12.
Staying on the same site, highlight and remove the first word
. What is the approximate crack time?
2 months
13.
Highlight and remove the first word (again)
so you are left with only two words. What is the approximate crack time?
11.98 mins
14.
Clear the password text remaining.
15.
Paste your Passphrase Site #2
phrase (from above) into the tester (where it says “Type a password”). What is the approximate crack time?
299 million years
16.
Staying on the same site, highlight and remove the first word
. What is the approximate crack time?
189 years
17.
Highlight and remove the first word (again)
so you are left with only two words. What is the approximate crack time?
9 days
GTC - CPT Dept
Page 4
of 8 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Using Passphrases:
18.
Why would you use a passphrase instead of a password? Give at least three reasons.
1: Harder to crack
2: More secure
3: Easier to remember
19.
Given the two sites method or generating passphrases and crack times presented, what do you feel is appropriate for length and complexity? Around 3 words
20.
Why? (2-3 sentences minimally)
Its not so long as its harder to remember but also not so short as it is easy to crack
Part 3:
Storing Passwords
If the user chooses to use a password manager, the first strong password characteristic can be dropped because the user always has access to the password manager. Notice that some users only trust their passwords to their own memory. Password managers, either local or remote, must have a password store, and it can be compromised. The password manager password store must be strongly encrypted and access to it must be tightly controlled. With mobile phone apps and web interfaces, cloud-based password managers provide anytime, uninterrupted access to its users.
Know the Privacy Policies of Password Manager sites and apps prior to joining, however.
A popular password manager is Last Pass.
Step 1:
Review the creation of trial Lastpass account:
1.
Open a web browser and go to https://lastpass.com/
2.
Click GETLASTPASSFREE
to create start the process of getting a free trial account.
3.
Do not fill out any fields (we are not going to create an account)
4.
Click on the “Privacy Policy” link under the “Sign up” button
GTC - CPT Dept
Page 5
of 8 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Step 2:
Review the Privacy Policy of Lastpass 5.
What company owns lasspass.com ?
GoTo / LogMeIn
Step 3:
Click on the link for LogMeIn U.S. Privacy Policy
Step 4:
Data Categories and Collection Purposes
6.
Using a new tab in your browser, open the menu link: “Data Categories and Collection Purposes” and review what information is collected
7.
What collected content do you find most intrusive and beyond the scope of the service provided? (2-3 sentences minimally)
I really don’t care how my data is collected and used
Step 5:
How We Use Your Data
8.
Using a new tab in your browser, open the menu link: “How We Use Your Data” and review how it this information used?
9.
What usage do you find most intrusive and beyond the scope of the service provided? (2-3 sentences minimally)
I really don’t care how my data is collected and used
Step 6:
Analytics, Cookies and Other Web Site Technologies
10.
Using a new tab in your browser, open the menu link: “Analytics, Cookies and Other Web Site
Technologies” and review how it this technology used?
11.
What technology do you find most intrusive and beyond the scope of the service provided? (2-3 sentences minimally)
I really don’t care how my data is collected and used
GTC - CPT Dept
Page 6
of 8 IST 110 Lab
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
GTC IST-110 Lab: Strong Passwords
Step 7:
Data Sharing
12.
Using a new tab in your browser, open and review the menu link: “Data Sharing”
13.
Is there any specific disclosure of shared data that you found odd or beyond standard practice? (2-3 sentences minimally)
I really don’t care how my data is collected and used
Step 8:
Privacy Frameworks
14.
Using a new tab in your browser, open and review the menu link: “Privacy Frameworks” 15.
What are your feelings in regards information transfers (as stated)? (2-3 sentences minimally)
They state they comply with everything so it shouldn’t matter
Step 9:
Access Requests
16.
Using a new tab in your browser, open and review the menu link: “Access Requests” 17.
Is there anything stated via request for information that you found counter intuitive? If so, what are they?
If you ask to delete your information won’t they just start collecting it after deleting it again.
Step 10:
Review
18.
While having all your passwords stored on the same place can be convenient, there are potential drawbacks. Can you think of any? (2-3 sentences minimally)
If someone gets in they have access to all of your passwords
19.
Do you use a Password Manager? a.
If so which do you use and why? b.
If not WOULD
you use? Why or why not?
(3-4 sentences minimally)
No if I would use one it would only be for non important things that don’t have access to sensitive data I care about getting out.
GTC - CPT Dept
Page 7
of 8 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Part 4:
Reflection
Using on the strong password characteristics given at the beginning of this lab, choose a password that is easy to remember but hard to be guessed. Complex passwords are OK as long as it does not impact more important requirements such as the ability to easily remember it.
Below is a quick summary:
Choose a password you can remember.
Choose a password that someone else cannot associate with you.
Choose different passwords and never use the same password for different services.
Complex passwords are OK as long as it does not become harder to remember.
GTC - CPT Dept
Page 8
of 8 IST 110 Lab