Types of Passwords

Several types of passwords are used to provide access to systems. The characters that form a password can fall into any of these categories:
  • Only letters
  • Only numbers
  • Only special characters
  • Letters and numbers
  • Only letters and special characters
  • Only numbers and special characters
  • Letters, numbers, and special characters
A strong password is less susceptible to attack by a hacker. The following rules, proposed by the EC-Council, should be applied when you're creating a password, to protect it against attacks:
  • Must not contain any part of the user's account name
  • Must have a minimum of eight characters
  • Must contain characters from at least three of the following categories:
    • Nonalphanumeric symbols ($,:”%@!#)
    • Numbers
    • Uppercase letters
    • Lowercase letters
A hacker may use different types of attacks in order to identify a password and gain further access to a system. The types of password attacks are as follows:
  • Passive Online Eavesdropping on network password exchanges. Passive online attacks include sniffing, man-in-the-middle, and replay attacks.
  • Active Online Guessing the Administrator password. Active online attacks include automated password guessing.
  • Offline Dictionary, hybrid, and brute-force attacks.
  • Nonelectronic Shoulder surfing, keyboard sniffing, and social engineering.

No comments:

Post a Comment

Popular Posts