CONTENTS
Chapter 1: The Password.......................................... ....................... 5
Introduction......................................................................... 5
Why Use a Password?......................................................................6
The Password Security Mechanisms...................................8
Password Policy............................................................................... 9
Aspects of Password Policy…………………………… …………… ..10
Storage of Passwords……………………………………………...................13
Authentication of Passwords………………………… …………… ..18
Application of PAKE……………………………………………… …………….. 20
Emails and Passwords…………………………………… …………... 20
Areas Where Emails can be Compromised…………… ………………… 21
One Time Passwords (OTPs)...............................................22
Approaches to OTP Generation……………………………… …………… ...2 3
Methods of OTP Delivery……………………………… …………… ..25
Shortcomings of OTPs…………………………………………… ……………… 26
Challenges Facing Two-Factor Authentication… …………….. 27
Usernames and Email Addresses…………………………… ……………… .3 0
Chapter 2: Common Selection Criteria............................................32
Human Generated Passwords..............................................33
Weaknesses of Human Generated Passwords……………………….....34
Keyboard Usability Considerations....................................36
Names..............................................................................................38
Short Passwords…………………………………………………………..40
Any Significance of Using Spaces in a password?...........................42
Security Questions………………………………………………………..43
Random Things................................................................................45
Mnemonics.............................................................................47
Numbers and Symbols......................................................................49
Reusing Passwords..................................................................5 0
Sharing of Passwords…………………………………………………………… … ..5 2
Mangling/Mirroring it around……………………………………… ... 5 3
Usernames and Email Addresses........................................................5 4
Chapter 3: Cracking Passwords........................................................5 4
Cracking Passwords.................................................................5 4
Dictionary Attack………………………………………………………………… … .5 7
Rainbow Table………………………………………………………………. 59
Brute Force……………………………………………………………………………..6 1
GPU………………………………………………………………………………6 2
Hybrid Attack………………………………………………………………………….6 3
Encryption and Cryptography………………………………………….6 7
Emails, End-to-End Encryption vs. Client Side Encryption in relation to Passwords…………………………………………………………………………………………………70
Hashing Algorithms…………………………………………………………7 2
Salts………………………………………………………………………………………..7 3
Password Cracking Tools………………………………………………….7 5
Online ‘Hacker’ Forums…………………………………………………………….7 7
Openwall.com………………………………………………………………….80
Anatomies of Password Cracking… …………………………………………….8 2
Chapter 4: Secure Techniques.........................................................8 6
Password Length and Strength………………………………… …..86
Reference to Password Blacklists.................................................... 89
Careful Capitalization...........................................................9 0
Random Password Generators........................................................91
Password Strength Checkers................................................92
Password Managers.........................................................................9 4
Types of Password Managers………………………………………..9 6
Password Safe...................................................................................9 8
Best Password Managers……………………………………………... 99
Password Longevity/Duration.........................................................10 0
Personal Password Policy……………………………………………..10 1
Chapter 5: Networks and their Security Flaws................................10 2
WEP.....................................................................................10 3
WPA/WPA2.....................................................................................10 5
VPNs.....................................................................................10 6
VPN Authentication…………………………………………………………… … .10 8
Routers………………………………………………………………………109
Unencrypted Tunnels……………………………………………………………..11 0
VPNs in Private Networks…………………………………………….11 0
Limitations of VPNs…………………………………………………………........11 1
Proxy Servers……………………………………………………………… 1 1 2
Configuring Proxy Servers…………………………………………………… … .11 3
Setting up Firewalls…………………………………………………… .. 11 5
Chapter 6: Problems with the Web and Securing it…………………… …… .11 7
Storage of Passwords on the Web…………………………………… … .11 7
Poor Encryption, Hashing and Salting Techniques………………..........11 8
Website Hacks……………………………………………………………… …. 12 0
Injection Attacks……………………………………………………………………….12 0
Poor Password Policies…………………………………………………… ... 13 1
Solutions……………………………………………………………………… ………… ..133
Data Breaches…..........................................................................13 3
The Heartbleed bug……………………………………………………… ………… ...13 4
MitB…………………………………………………………………………… ….. 13 6
Protection against MitB……………………………………………………………..13 8
Phishing…………………………………………………………………………..14 0
Solutions…...........................................................................................145
Clickjacking……………………………………………………………………...14 6
Backdoors………………………………………………………………………………...148
Direct Access Attacks………………………………………………………... 149
Eavesdropping…………………………………………………………………..........15 1
General Solutions……………………………………………………………...15 2
Install and Update Antivirus Software………………………………………...153
Methods of Protection from Viruses………………………………… … .15 3
Install & Update AntiSpyware and AntiMalware…………………………. ..1 55
Update your Operating Systems……………………………………… … ..15 6
Remember Wannacry?.........................................................................15 6
Be Careful what you Download…................................................158
Turn Off your Computer……………………………………………………...........15 8
Chapter 7: The Future Of Passwords...................................................15 8
The Password is Dead........................................................... .... 160
Replacing the Password?......................................................................161
Most Popular Alternatives to Passwords…………………………...162
Project Abacus……………………………………………………………………… ….. 165
Final Thoughts..........................................................................16 7
About the Author...................................................................................16 8
DISCLAIMER
Every attempt has been made to verify the information provided in this ebook.Every effort has been made to ensure the content of the ebook is as complete and accurate as possible.The author shall not be responsible for any errors,inaccuracies or omissions.
Kelvin Karanja © 2017
All Rights Reserved
Follow Tech Bytes at Tech Bytes
for more tech news and information.
1] The Password
Introduction
The password is a phenomenal that has being in existence since the dawn of the web, in fact passphrases were used by ancient societies as a security measure,and this just goes to show the innovative nature of mankind throughout the ages.The password is a mechanism that provides a secure gateway or a loophole to CyberSecurity ;whichever way you look at it as there are two sides to a coin( others say 3 ).With the passing of time,it has become easier to compromise passwords and therefore there is no guarantee of security by having a password,it has to be a secure one and the online service you sign up for should also offer an environment that maintains that level of security and even improves the level of security rather than diluting it and making the user's vulnerable. Many of us have been culpable of numerous password flaws which compromises our Cyber Security.The statement ' Do anything and everything and even hire a Cyber Security team but if your password is weak,none of it will matter ' says a great deal about the many underlying issues relating to Passwords other than say password length and to an extension the whole Cyber Security Challenges.The aim of this eBook is to try shed some light,understand and resolve most of these issues ,because in the words of Calvin Coolidge ( 30 th US President )....' We cannot do everything at once,but we can do something at once '.I believe that we'll definitely have made an important step forward.