Information security : an investigation into password habits
Richardson, Darren (2015)
Turun ammattikorkeakoulu
2015
Creative Commons Attribution 1.0 Finland
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201505158232
https://urn.fi/URN:NBN:fi:amk-201505158232
Tiivistelmä
This thesis considers password security guidelines used in current environments and stipulates that password requirements force users to create and use passwords which are easy for computers to guess but hard for humans to remember.
The thesis begins by exploring a number of the most prevalent methods of illicitly obtaining passwords in an attempt to design an experimental method to test the notion of weak password distribution. Password cracking techniques are discussed, as well as less technical methods.
Then the topic shifts into password security research, attempting to learn information about password security guidelines, entropy and length in relation to a password's level of security and, finally, the dangers of password reuse in a society where mass information systems are linked. Before the experiment begins, the author examines a number of passwords obtained from a social networking site to show how many flawed passwords are allowed by even today's advanced systems.
An experiment was then planned, in which a number of password cracking methods were used against a server in order to determine how large a threat password cracking is to a typical user. Monitoring software was used to watch network traffic in order to discover whether such traffic is
obvious.
The results of the experiment show that password cracking techniques and technology have evolved far faster than password security guidelines and that entropy in the form of length is the strongest method of securing passwords. The thesis gives a number of updated password guidelines in order to prevent access via illicit means.
The thesis begins by exploring a number of the most prevalent methods of illicitly obtaining passwords in an attempt to design an experimental method to test the notion of weak password distribution. Password cracking techniques are discussed, as well as less technical methods.
Then the topic shifts into password security research, attempting to learn information about password security guidelines, entropy and length in relation to a password's level of security and, finally, the dangers of password reuse in a society where mass information systems are linked. Before the experiment begins, the author examines a number of passwords obtained from a social networking site to show how many flawed passwords are allowed by even today's advanced systems.
An experiment was then planned, in which a number of password cracking methods were used against a server in order to determine how large a threat password cracking is to a typical user. Monitoring software was used to watch network traffic in order to discover whether such traffic is
obvious.
The results of the experiment show that password cracking techniques and technology have evolved far faster than password security guidelines and that entropy in the form of length is the strongest method of securing passwords. The thesis gives a number of updated password guidelines in order to prevent access via illicit means.