1
00:00:00,740 --> 00:00:06,130
With regard to the passwords you use I'd like to show you a Web site.

2
00:00:06,150 --> 00:00:08,320
Let's take a look at how secure is my password.

3
00:00:08,310 --> 00:00:09,140
Dot net.

4
00:00:10,620 --> 00:00:13,760
You can submit your password there and see if it's really secure.

5
00:00:15,170 --> 00:00:20,660
If some of you actually provide your password to the form please review the earlier modules on modern

6
00:00:20,660 --> 00:00:27,350
cyber threats and social engineering tricks by submitting a password to this site.

7
00:00:27,360 --> 00:00:34,650
You give up your password and IP address to the computer that probably uses it to complete strangers.

8
00:00:34,670 --> 00:00:39,480
Apart from this tiny detail note that some passwords guarantee no security at all.

9
00:00:41,040 --> 00:00:44,840
Is non-secure passwords are the most popular combinations of characters.

10
00:00:46,790 --> 00:00:54,990
That's why we use dictionaries to break into Wi-Fi networks and the previous modules.

11
00:00:55,090 --> 00:00:57,590
Let's try to enter a different password.

12
00:00:57,610 --> 00:01:00,400
It takes a second for a standard PC to crack the string.

13
00:01:00,400 --> 00:01:01,120
Thomas

14
00:01:04,370 --> 00:01:10,740
adding one to the end is an improvement by also adding an exclamation point.

15
00:01:10,740 --> 00:01:12,520
You can get a pretty good result.

16
00:01:13,630 --> 00:01:15,570
This is about password entropy.

17
00:01:15,760 --> 00:01:22,930
About the randomness of a password the more entropy your password has the better it is.

18
00:01:24,470 --> 00:01:31,780
Entropy is measured in bits a good strength is about 80 bits.

19
00:01:31,830 --> 00:01:34,950
Let's try to think of a password that doesn't form any known string.

20
00:01:34,950 --> 00:01:47,270
For example Q A's z x s w as you can see we've been beat to this idea this password represents a keyboard

21
00:01:47,270 --> 00:01:47,970
layout.

22
00:01:50,210 --> 00:01:52,100
The site is well worth visiting.

23
00:01:52,100 --> 00:01:57,010
Not to check your actual password but to check some ideas for passwords that you can use.

24
00:01:59,210 --> 00:02:06,980
Let's verify first if a strong password is enough to provide adequate security before we had a smartcard

25
00:02:07,000 --> 00:02:08,460
authentication factor.

26
00:02:08,470 --> 00:02:14,720
Passwords are the only security used for identifying users in a system.

27
00:02:14,770 --> 00:02:21,470
If someone obtains our password they will be indistinguishable from us in the system they will be able

28
00:02:21,470 --> 00:02:29,550
to send out emails or post messages on the Internet in our name and browse through our data we can make

29
00:02:29,550 --> 00:02:32,040
a password relatively secure.

30
00:02:32,100 --> 00:02:38,940
The above slide shows a standard windows log in screen not all people know though that the password

31
00:02:38,940 --> 00:02:43,740
length is not restricted to any length in the form.

32
00:02:43,980 --> 00:02:47,850
The form will accommodate longer passwords.

33
00:02:47,910 --> 00:02:51,970
You don't have to limit password length to fit in.

34
00:02:52,020 --> 00:02:57,810
It's difficult to think of a word that contains 16 to 18 letters but you can provide passwords that

35
00:02:57,810 --> 00:03:08,660
are phrase based passphrases they'll be easier to remember and more secure.

36
00:03:08,670 --> 00:03:14,360
Let's now review protocols and services used for authentication.

37
00:03:14,450 --> 00:03:19,430
The mechanisms allow window systems to verify if a password or a passphrase is accurate.

38
00:03:23,050 --> 00:03:28,090
The first aspect that is worth remembering is that Windows doesn't save user passwords in any way.

39
00:03:28,780 --> 00:03:32,330
The system doesn't know your password it doesn't need to know it.

40
00:03:34,260 --> 00:03:37,160
Authentication isn't about the system knowing a password.

41
00:03:38,080 --> 00:03:41,540
It's about being able to check if the submitted password is correct.

42
00:03:43,100 --> 00:03:45,660
These are two completely different things.

43
00:03:47,650 --> 00:03:52,330
To verify if a correct string has been entered It's enough to compare the signature of the provided

44
00:03:52,330 --> 00:03:56,940
string against the signature of the last updated string.

45
00:03:57,050 --> 00:04:03,350
When those stores password signatures not passwords What are these signatures.

46
00:04:05,120 --> 00:04:09,950
Older Windows systems including Windows XP store and protocol passwords

47
00:04:12,770 --> 00:04:16,710
the passwords are referred to as Landman hashes.

48
00:04:16,840 --> 00:04:19,640
We'll explain why it's not quite the same thing soon.

49
00:04:21,950 --> 00:04:24,860
All new or relatively new Windows systems.

50
00:04:25,190 --> 00:04:31,490
When those nine exes are excluded even if updated systems can also support this feature store passwords

51
00:04:31,490 --> 00:04:38,850
in an anti LAN Manager hash format these hashes are commonly known as Unicode hashes.

52
00:04:42,350 --> 00:04:46,430
The third type of credentials stored by operating systems is cached credentials.

53
00:04:48,250 --> 00:04:53,530
You've probably noticed that if you connect to a network share or a server you will not have to provide

54
00:04:53,530 --> 00:04:56,020
a password with subsequent connections.

55
00:04:57,300 --> 00:05:00,060
The credential has been cached in some way.

56
00:05:00,360 --> 00:05:02,320
We'll return to this later as well.