MendozaGuerrero_L_IST_110_Lab_Strong_Passwords_rev6
docx
keyboard_arrow_up
School
Greenville Technical College *
*We aren’t endorsed by this school
Course
110
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
9
Uploaded by HighnessFlowerBadger33
GTC IST-110 Lab: Strong Passwords
Objectives
Understand the concepts behind a strong password.
Background / Scenario
Passwords are widely used to enforce access to resources. Attackers will use many techniques to learn users’ passwords and gain unauthorized access to a resource or data.
To better protect yourself, it is important to understand what makes a strong password and how to store it securely
Required Resources
PC or mobile device with Internet access
Part 1:
Creating a Strong Password
Strong passwords have four main requirements listed in order of importance:
1.
The user can easily remember the password.
2.
It is not trivial for any other person to guess a password.
3.
It is not trivial for a program to guess or discover a password.
4.
Must be complex, containing numbers, symbols and a mix of upper case and lower-case letters.
Many organizations require passwords to contain a combination of numbers, symbols, and lower- and upper-case letters. Passwords that conform to that policy are fine as long as they
are easy for the user to remember. Below is a sample password policy set for a typical organization:
The password must be at least 8 characters long
The password must contain upper- and lower-case letters
The password must contain a number
The password must contain a non-alphanumeric character
A good way to create strong passwords is to choose four or more random words and string them together. The password televisionfrogbootschurch is stronger than J0n@than#81. Notice that while the second password is in compliance with the policies described above, password cracker programs are very efficient at guessing that type of password. While many password policy sets will not accept the first password, televisionfrogbootschurch, it is much stronger than the second. It is easier for the user to remember (especially is associated with an image), it is very long, and its random factor makes it hard for password crackers to guess it.
GTC - CPT Dept
Page 1
of 9 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Using an online password creation tool, create passwords based on the common company password policy set described above.
1.
Open a web browser and go to http://passwordsgenerator.net
2.
Select the options (below) to conform to password policy set
3.
Generate the password.
4.
List Your “New” Password (below)
r$tQ=3?A=hG-qahs
5.
Is the password generated easy to remember? (Yes/No)
No
6.
What is the “Remember your password phrase?
rope $ tokyo QUEEN = 3 ? APPLE = hulu GOLF
- queen apple hulu skype
7.
Does this phrase help make the password easy to remember? (Who or Why not?)
Yes, it does. It provides a hint of what the password contains, making it easier to remember.
GTC - CPT Dept
Page 2
of 9 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Part 2:
Creating a Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage but is generally
longer for added security. Basic information on creating your own can be found here: https://www.welivesecurity.com/2016/05/05/forget-about-passwords-you-need-a-passphrase/
Passphrase Site #1:
Using an online password creation tool, create passwords (or passphrases) based on random words. Notice that because the words are appended together, they are not seen
as dictionary words.
1.
Open a web browser and go to http://preshing.com/20110811/xkcd-password-generator/
2.
Generate a random word password by clicking Generate Another!
at the top portion of the webpage.
3.
List your passphrase (below)
drove myself then failed
4.
Is this phrase easy to remember? (Who or Why not?)
Yes, the passphrase is easy to remember because it’s like a short sentence with simple words. Passphrase Site #2:
5.
Open a web browser and go to https://www.useapassphrase.com/
6.
Generate a random passphrase using the “ Four-word passphrase with spaces” option
7.
List your password (below)
gizzard shelf daydream emperor
8.
What is the Approximate Crack Time? (listed right below the phrase generated)
18,535,741 centuries Cracking Passphrases:
GTC - CPT Dept
Page 3
of 9 IST 110 Lab
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
GTC IST-110 Lab: Strong Passwords
9.
Open a NEW BROWESER TAB
and go to visit https://www.my1login.com/resources/password-strength-test/
10.
Check the “show password” checkbox above the “Type a password”
input box
11.
Paste your Passphrase Site #1
phrase (from above) into the tester (where it says “Type a password”). What is the approximate crack time?
3 thousand years
12.
Staying on the same site, highlight and remove the first word
. What is the approximate crack time?
3 months
13.
Highlight and remove the first word (again)
so you are left with only two words. What is the approximate crack time?
8 hours
14.
Clear the password text remaining.
15.
Paste your Passphrase Site #2
phrase (from above) into the tester (where it says “Type a password”). What is the approximate crack time?
2 billion years
16.
Staying on the same site, highlight and remove the first word
. What is the approximate crack time?
9 thousand years
17.
Highlight and remove the first word (again)
so you are left with only two words. What is the approximate crack time?
4 months GTC - CPT Dept
Page 4
of 9 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Using Passphrases:
18.
Why would you use a passphrase instead of a password? Give at least three reasons.
1: The fact that passphrases are long and complicated makes them much safer because enemies can't easily guess or break
them.
2: Passphrases, which are made up of common words or important phrases, are easier to remember than complicated passwords. This means that people are less likely to write them down or use ones that are easy to figure out.
3: Dictionary attacks can't break passphrases with more than one word as easily as they can break single-word passwords because they have unique combinations of words that stop these attacks.
19.
Given the two sites method or generating passphrases and crack times presented, what do you feel is appropriate for length and complexity? The length and difficulty of a passphrase depend on the site's rules, but they are usually 12 characters or longer and can include numbers, capital and lowercase letters, special characters, random words, or sentences that you can remember.
20.
Why? (2-3 sentences minimally)
If the site's security policy lets it, you might want to use a longer passphrase with more complicated characters, like 16 to 20 characters with a mix of character types, to protect yourself from possible threats. But make sure that security and
usefulness are both considered. Passphrases that are too hard to remember can make things less secure.
GTC - CPT Dept
Page 5
of 9 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Part 3:
Storing Passwords
If the user chooses to use a password manager, the first strong password characteristic can be dropped because the user always has access to the password manager. Notice that some users only trust their passwords to their own memory. Password managers, either local or remote, must have a password store, and it can be compromised. The password manager password store must be strongly encrypted and access to it must be tightly controlled. With mobile phone apps and web interfaces, cloud-based password managers provide anytime, uninterrupted access to its users.
Know the Privacy Policies of Password Manager sites and apps prior to joining, however.
A popular password manager is Last Pass.
Step 1:
Review the creation of trial Lastpass account:
1.
Open a web browser and go to https://lastpass.com/
2.
Click GETLASTPASSFREE
to create start the process of getting a free trial account.
3.
Do not fill out any fields (we are not going to create an account)
4.
Click on the “Privacy Policy” link under the “Sign up” button
Step 2:
Review the Privacy Policy of Lastpass 5.
What company owns lasspass.com ?
GoTo (formerly LogMeln Inc) Step 3:
Click on the link for LogMeIn U.S. Privacy Policy
Step 4:
Data Categories and Collection Purposes
6.
Using a new tab in your browser, open the menu link: “Data Categories and Collection Purposes” and review what information is collected
7.
What collected content do you find most intrusive and beyond the scope of the service provided? (2-3 sentences minimally)
GTC - CPT Dept
Page 6
of 9 IST 110 Lab
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
GTC IST-110 Lab: Strong Passwords
Location data collection, such as IP addresses and unique device identifiers, can be annoying and go beyond what the service is supposed to do, making users worry about their privacy. Some data is needed to stop scams and keep an eye on security, but collecting too much of it without a good reason
puts users' privacy and safety at even greater risk.
Step 5:
How We Use Your Data
8.
Using a new tab in your browser, open the menu link: “How We Use Your Data” and review how it this information used?
9.
What usage do you find most intrusive and beyond the scope of the service provided? (2-3 sentences minimally)
The Grasshopper integration has led to a lot of invasive use, like accessing and changing Gmail data, which may make users more worried about their privacy. With this much power over users' accounts, you need to think carefully about getting their permission and what that means for their privacy.
Step 6:
Analytics, Cookies and Other Web Site Technologies
10.
Using a new tab in your browser, open the menu link: “Analytics, Cookies and Other Web Site
Technologies” and review how it this technology used?
11.
What technology do you find most intrusive and beyond the scope of the service provided? (2-3 sentences minimally)
The "share" buttons on Facebook, Google, and Twitter can collect users' IP addresses, keep track of which pages they view, and set cookies without giving users a clear choice or asking for permission. Concerns about privacy arise because the process of authenticating on these sites may also let people share personal information with the website.
Step 7:
Data Sharing
12.
Using a new tab in your browser, open and review the menu link: “Data Sharing”
GTC - CPT Dept
Page 7
of 9 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
13.
Is there any specific disclosure of shared data that you found odd or beyond standard practice? (2-3 sentences minimally)
GoTo, Inc. shares personal information with related businesses, but it's not clear what those businesses are or how much power GoTo, Inc. has over them. Users might gain from having more information about who can access what and why. When companies merge, buy each other, or sell assets.
Step 8:
Privacy Frameworks
14.
Using a new tab in your browser, open and review the menu link: “Privacy Frameworks” 15.
What are your feelings in regards information transfers (as stated)? (2-3 sentences minimally)
GoTo's website says that the company is dedicated to protecting users' privacy by following privacy standards such as TRUSTe and the APEC Cross-Border Privacy Rules System. This gives users peace of mind that their data is safe when it travels across countries. Step 9:
Access Requests
16.
Using a new tab in your browser, open and review the menu link: “Access Requests” 17.
Is there anything stated via request for information that you found counter intuitive? If so, what are they?
People who want to access their personal data may have to go
through different entities. This could be hard for people who aren't familiar with how data is processed and for people who are trying to get a privacy answer quickly.
Step 10:
Review
18.
While having all your passwords stored on the same place can be convenient, there are potential drawbacks. Can you think of any? (2-3 sentences minimally)
There is no doubt that keeping all your passwords in one place
creates a single point of failure. If the storage system is broken
into or the master password is stolen, all accounts are at risk. GTC - CPT Dept
Page 8
of 9 IST 110 Lab
GTC IST-110 Lab: Strong Passwords
Also, using just one password manager can make you dependent on it, and if the service goes down or has technical problems, users might not be able to get into their accounts.
19.
Do you use a Password Manager? a.
If so which do you use and why? b.
If not WOULD
you use? Why or why not?
(3-4 sentences minimally)
As of right now, I don't use a password manager because I didn't know they existed. I can see the benefits, though, like better security and making it easier to keep track of various passwords. I might use one in the future, especially if I have trouble remembering or keeping track of a lot of passwords for different accounts.
Part 4:
Reflection
Using on the strong password characteristics given at the beginning of this lab, choose a password that is easy to remember but hard to be guessed. Complex passwords are OK as long as it does not impact more important requirements such as the ability to easily remember it.
Below is a quick summary:
Choose a password you can remember.
Choose a password that someone else cannot associate with you.
Choose different passwords and never use the same password for different services.
Complex passwords are OK as long as it does not become harder to remember.
GTC - CPT Dept
Page 9
of 9 IST 110 Lab
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help