1
00:00:01,360 --> 00:00:05,230
Well Number five weak passwords trumps strong security

2
00:00:08,120 --> 00:00:12,140
if the password is the basic mechanism of user authorization in a system.

3
00:00:12,350 --> 00:00:16,070
A person who knows the password is able to assume the user's identity.

4
00:00:17,990 --> 00:00:22,340
In such a case the operating system won't distinguish real users from attackers.

5
00:00:24,200 --> 00:00:30,480
Even the most sophisticated security solutions won't work if an unauthorized person obtains the password.

6
00:00:33,420 --> 00:00:38,430
If the user has e-mail access rights the attacker who knows his or her password will be able to access

7
00:00:38,430 --> 00:00:39,630
the e-mail account to

8
00:00:43,970 --> 00:00:47,190
the password is very often the weakest link in computer security.

9
00:00:50,590 --> 00:00:55,190
For the password to be safe it must be known to no one but its owner.

10
00:00:56,920 --> 00:00:59,770
How can you protect yourself against password cracking.

11
00:01:03,590 --> 00:01:06,890
Password cracking is done by repeatedly guessing the password.

12
00:01:07,910 --> 00:01:09,310
In order to find the correct one

13
00:01:12,390 --> 00:01:17,960
if the guest is a random such an attack is rarely effective even though it may be automated.

14
00:01:18,870 --> 00:01:24,900
But using personal information about the victim such as the first name or nickname mother's maiden name

15
00:01:24,910 --> 00:01:28,130
dog's name children's birth dates.

16
00:01:28,290 --> 00:01:31,750
It may be much easier to get the password.

17
00:01:31,760 --> 00:01:38,070
Many people choose passwords that are easy to guess unless you learn how to choose a safe password.

18
00:01:38,100 --> 00:01:40,350
The technological solutions will be useless

19
00:01:49,850 --> 00:01:51,430
or the password to be strong.

20
00:01:51,540 --> 00:01:55,310
It mustn't in any way refer to any aspect of the user's personal life

21
00:01:57,950 --> 00:02:04,180
attackers may use personal information gathered by means of social engineering Internet search engines

22
00:02:04,510 --> 00:02:08,200
social networking sites or special software such as Montijo

23
00:02:11,600 --> 00:02:17,870
an actual word of any language must be used as a password either.

24
00:02:17,880 --> 00:02:26,010
Moreover it must be long the length of 12 to 15 characters seems to be a reasonable minimum.

25
00:02:26,010 --> 00:02:29,310
The problem is how to create a password that meets all these requirements.

26
00:02:29,580 --> 00:02:37,570
And in addition contains a digit and a special character the password doesn't have to be a word.

27
00:02:37,650 --> 00:02:43,360
It may be a phrase you have to get users to think of passwords not as words.

28
00:02:43,480 --> 00:02:50,910
For example start one two three but as phrases such as I leave home at 7 AM administrators must force

29
00:02:50,910 --> 00:02:53,030
users to use safe passwords.

30
00:02:54,980 --> 00:02:59,600
The fits law stating that weak passwords make all of their security solutions less effective.

31
00:03:00,820 --> 00:03:06,650
Will still be valid until methods of authentication such as biometrics or smart cards are in wide use

32
00:03:10,020 --> 00:03:17,450
a password is like chewing gum strongest when fresh should be used by an individual not a group.

33
00:03:17,520 --> 00:03:19,830
If lying around will create a sticky mess.