1 00:00:00,240 --> 00:00:03,780 In the last picture, we saw the same password management techniques. 2 00:00:04,350 --> 00:00:11,220 Now we'll have a look at the guidelines for managing the passwords now why security audits are important. 3 00:00:11,250 --> 00:00:17,730 I will discuss this after some time, but lawyers for timing will focus on the password management. 4 00:00:18,120 --> 00:00:20,590 Now, using characters is very important. 5 00:00:21,300 --> 00:00:27,300 Generally, we know that passwords are a combination of numbers, letters and special characters. 6 00:00:27,300 --> 00:00:33,150 And by special characters, I mean the symbols that you can see on the screen right now. 7 00:00:34,320 --> 00:00:40,230 Now, whenever you are using or whenever you are setting a new password, make sure that you use all 8 00:00:40,230 --> 00:00:41,780 the combinations possible. 9 00:00:42,120 --> 00:00:51,000 Don't just create a password of numbers or just simply letters include special characters because it 10 00:00:51,000 --> 00:00:56,490 becomes really hard for the bad people, bad guys to actually get into the system. 11 00:00:57,240 --> 00:01:00,060 For example, a vesicular is the password. 12 00:01:00,210 --> 00:01:04,170 So resecured is an easy combination to guess. 13 00:01:04,170 --> 00:01:12,270 But if you read the secure exclamation mark one eight zero five, then that becomes a very difficult 14 00:01:12,810 --> 00:01:20,220 because whenever there is password cracking involved, that is mostly what we call a random attack, 15 00:01:20,220 --> 00:01:26,820 brute force attack in which different combinations are tried and using different letters and special 16 00:01:26,820 --> 00:01:27,440 characters. 17 00:01:27,780 --> 00:01:34,330 So more the complex password, it becomes more difficult for the system to generate random numbers and 18 00:01:34,330 --> 00:01:36,750 then start a brute forcing the password. 19 00:01:38,340 --> 00:01:44,760 Now, the next thing, as I said earlier, W.S. one zero five Aderet and this and hash. 20 00:01:44,770 --> 00:01:51,450 Now there are two special symbols which I have included now on many websites do allow all the special 21 00:01:51,450 --> 00:01:58,200 symbols, but a few websites will have restrictions on using those symbols, but they will specify that 22 00:01:58,200 --> 00:02:01,100 symbols are allowed while you are creating a new password. 23 00:02:01,470 --> 00:02:07,980 So make sure you set a strong password with a combination of different numbers, letters and special 24 00:02:07,980 --> 00:02:08,590 characters. 25 00:02:09,090 --> 00:02:15,270 Also, you can include uppercase and lowercase characters as you can as you have experience with many 26 00:02:15,270 --> 00:02:16,470 websites nowadays. 27 00:02:16,470 --> 00:02:23,940 They make it compulsory to have one uppercase alphabet and lowercase alphabet along with one number, 28 00:02:24,210 --> 00:02:27,810 and the password line should be at least seven to eight characters. 29 00:02:29,400 --> 00:02:35,160 Now, there are various other tools for password cracking, which may check for a certain possibility 30 00:02:35,160 --> 00:02:36,170 of password cracking. 31 00:02:36,230 --> 00:02:42,600 This is if the system is taking too long, which means the password policy is good to go and the passwords 32 00:02:42,600 --> 00:02:44,160 are really bad. 33 00:02:44,170 --> 00:02:50,350 So you can use all the tools, like there are many tools available which have a password cracking feature. 34 00:02:51,030 --> 00:02:55,410 So most auditors do use those tools while they are checking for passwords. 35 00:02:56,070 --> 00:03:00,590 Now, the next important thing is locking out after a few unsuccessful attempts. 36 00:03:01,050 --> 00:03:08,970 Many banking websites do employ this kind of policy that if a user tries to unlock a user, tries to 37 00:03:08,970 --> 00:03:13,650 unlock the account, then if the fail after three to four attempts, the account gets automatically 38 00:03:13,650 --> 00:03:16,890 disabled for a specific period of time. 39 00:03:16,920 --> 00:03:17,400 Now, why? 40 00:03:17,400 --> 00:03:22,150 This is a good thing because many bad guys have the option of brute force. 41 00:03:22,710 --> 00:03:31,050 So if you brute force a password and if it fails, obviously it will fail for a few more random permutations 42 00:03:31,050 --> 00:03:33,140 and combinations at that time. 43 00:03:33,150 --> 00:03:39,540 If the system or the server detects that more number of unsuccessful attempts have been happened, the 44 00:03:39,540 --> 00:03:44,010 account can be disable and hence this increases the security measure. 45 00:03:44,010 --> 00:03:48,870 When it comes to password management, the next is disabling account. 46 00:03:48,900 --> 00:03:50,970 Now, again, as I said earlier. 47 00:03:52,740 --> 00:04:00,330 Disabling account is more beneficial than deleting or keeping the account as it is, so whenever someone 48 00:04:00,330 --> 00:04:06,810 tries to have a successful account, unsuccessful attempts either lock out the entire account or just 49 00:04:06,810 --> 00:04:11,820 disable the account for a specific period of time so that no one can really access the account. 50 00:04:12,450 --> 00:04:14,370 Now, manually unlocking the account. 51 00:04:14,400 --> 00:04:21,880 Yes, in some cases with extra security or server security, if the upper management or the person tries 52 00:04:22,700 --> 00:04:28,230 his or her account gets logged, then he has or he or she has to manually contact the administrator 53 00:04:28,770 --> 00:04:29,910 to unlock the account. 54 00:04:30,300 --> 00:04:34,720 Now, this happens only in case where the accounts need to be very secure. 55 00:04:34,740 --> 00:04:42,780 For example, let's say the upper management of the of those people have are very they have very secure 56 00:04:42,780 --> 00:04:45,600 accounts and their information is very valuable to the firm. 57 00:04:45,600 --> 00:04:52,670 And that is why they generally have to contact the IT department to in order to get such things done. 58 00:04:53,880 --> 00:04:57,270 Now, in in many cases, it may happen. 59 00:04:57,270 --> 00:05:02,370 In some cases it may happen that the administrator himself or herself forgets the password. 60 00:05:02,850 --> 00:05:09,570 But, yeah, if you are an administrator, make sure that you carve the username and password in your 61 00:05:09,570 --> 00:05:13,540 mind, because if you forget the password, then there's no going back. 62 00:05:13,560 --> 00:05:20,610 However, when it comes to Windows of Windows and provides a different or another administrator account 63 00:05:20,790 --> 00:05:26,700 apart from the original one, so that even if you're the second administrator account gets locked up, 64 00:05:26,700 --> 00:05:29,850 the auditing administrator account is still available. 65 00:05:29,850 --> 00:05:33,410 But you should always remember your password. 66 00:05:33,750 --> 00:05:36,490 That is one way of getting your memory work for you. 67 00:05:36,510 --> 00:05:42,360 So instead of writing down your passwords or noting down them on sticky notes and posting it on your 68 00:05:42,360 --> 00:05:46,980 desk, eat almonds every day, it helps you to remember more. 69 00:05:47,800 --> 00:05:51,210 And please remember your passwords because they are very crucial. 70 00:05:51,210 --> 00:05:56,810 They are the first point of access for information, password history. 71 00:05:57,180 --> 00:06:01,490 This is also very important when it comes to password management. 72 00:06:01,800 --> 00:06:05,840 Now set passwords to expire after a fixed duration. 73 00:06:06,270 --> 00:06:06,840 That is. 74 00:06:06,840 --> 00:06:07,440 That is right. 75 00:06:07,470 --> 00:06:09,260 OK, let me just get back here. 76 00:06:09,690 --> 00:06:19,680 So what happens is most of the time we are so we are we we get so used to one password because we said 77 00:06:19,680 --> 00:06:22,040 that password at every website. 78 00:06:22,500 --> 00:06:29,130 So it is a good practice to expire to remove those passwords and generate a new password after a fixed 79 00:06:29,190 --> 00:06:29,790 duration. 80 00:06:30,120 --> 00:06:34,140 For most of the company, the duration is around 30 to 45 days. 81 00:06:34,380 --> 00:06:40,350 But now, since the bad guys are one step ahead of the normal people, many organizations have started 82 00:06:40,860 --> 00:06:42,540 using a different timeline. 83 00:06:42,540 --> 00:06:48,450 For example, your password will expire after 26 days or your password will expire after 42 days. 84 00:06:48,810 --> 00:06:53,810 And after that, the employees or the people have to again set a new password. 85 00:06:54,240 --> 00:07:00,810 Now, setting a new password is a very good practice because the more the number of passwords are changed 86 00:07:00,810 --> 00:07:06,930 frequently, the less hackers can hack the system and try to access your files and records. 87 00:07:08,840 --> 00:07:15,620 As I said earlier, bad guys are one step ahead of the normal people or the employees, you have to, 88 00:07:15,800 --> 00:07:17,650 you know, think like a bad guy. 89 00:07:18,050 --> 00:07:22,700 Now, the bad guys know that the password is going to change after 30 or 45 days. 90 00:07:22,700 --> 00:07:28,680 They may send a malicious link to the user on the 30th day saying that please change your password. 91 00:07:28,970 --> 00:07:36,350 So in that case, you know, we have to set a different timeline for the individual company's employee 92 00:07:36,350 --> 00:07:37,280 password history. 93 00:07:37,580 --> 00:07:44,960 So password history is a great use because if if you try to let's say Google has a password history, 94 00:07:44,960 --> 00:07:50,660 which doesn't allow you to keep the same password if it's already in the password history, for example, 95 00:07:50,900 --> 00:07:59,690 generally password history stores up to 20 last at least use at least passwords, which means the last 96 00:07:59,690 --> 00:08:05,420 20 passwords are already stored on the the machine or the server, and you're not allowed to use or 97 00:08:05,420 --> 00:08:07,670 keep a password from one of them. 98 00:08:07,700 --> 00:08:15,050 For example, I can give a password like resecure at three one eight zero five or W.S. it one zero five. 99 00:08:15,060 --> 00:08:16,850 Then these two are different passwords. 100 00:08:16,850 --> 00:08:22,440 But after, let's say, five to six items, I again try to reset my password resecure. 101 00:08:22,440 --> 00:08:24,060 I didn't want to do it. 102 00:08:24,170 --> 00:08:28,370 Will not allow me because this password has already been in the password history. 103 00:08:28,700 --> 00:08:33,050 So make sure that you keep a new password and try to remember that password. 104 00:08:33,710 --> 00:08:36,830 Now make it mandatory for users to change passwords. 105 00:08:37,310 --> 00:08:41,390 Most of us are of the tendency that, you know what we have said one password. 106 00:08:41,390 --> 00:08:42,120 Just keep it. 107 00:08:42,140 --> 00:08:46,400 Just remember it and forget we'll set that password for every other account. 108 00:08:46,430 --> 00:08:50,240 But it is a good practice to change the passwords. 109 00:08:50,690 --> 00:08:56,600 Changing frequency is important, as I also said earlier, that bad guys can hack your systems. 110 00:08:56,600 --> 00:09:04,040 But if your password changing frequency is very good, then it becomes very difficult for them to crack 111 00:09:04,040 --> 00:09:04,910 the passwords. 112 00:09:06,590 --> 00:09:12,020 Well, that is it for this lecture again, guys, if you are really enjoying this, cause if you have 113 00:09:12,020 --> 00:09:17,600 learned something valuable, please read our course because we are lacking support from your side. 114 00:09:17,960 --> 00:09:24,660 All you need to do to support us is to just give a rating and share your feedback through the reviews. 115 00:09:24,680 --> 00:09:28,980 It will really help us and motivate us to draft more courses. 116 00:09:29,360 --> 00:09:31,190 I will see you in the next lecture.