Creating Secure Passwords

Questions and Answers

What is one of the most effective defenses against cyberattacks?

• Sharing passwords with trusted friends
• Understanding what makes a good password (correct)
• Ignoring email security alerts
• Using common words in passwords

What is a characteristic of a secure password?

• Using common words or phrases
• Combining uppercase and lowercase letters (correct)
• Using personal information like your birthday
• Keeping the password length under eight characters

What is the maximum recommended length for a password?

• 8 characters
• 32 characters
• 64 characters
• 16 characters (correct)

Why does complexity make for a strong password?

It is harder to guess or break into (D)

Which of the following is considered a weak password type?

Simple passwords (D)

Using a common word from the dictionary as a password is an example of what?

An easy-to-guess password (C)

Using the same password for multiple websites is an example of what?

A universal password (D)

Which of the following is a category of strong passwords?

Random characters (D)

Which of the following is a characteristic of an alphanumeric password?

Using a combination of letters and numbers (D)

What should you do if you find it hard to remember a strong password?

Use a password manager (A)

What is a common method used by hackers to crack passwords?

Dictionary attacks (D)

What does a dictionary attack involve?

Using a list of common words to guess passwords (D)

What is a brute force attack?

Attempting various combinations of words and characters (D)

What is the purpose of rainbow table attacks?

To match passwords to corresponding decryption keys (A)

What does phishing typically involve?

Sending malicious communications to trick users (A)

What is social engineering?

Manipulating individuals to reveal confidential information (D)

What is the purpose of spidering in the context of password security?

Stealing passwords through direct contact. (C)

What is the purpose of using password generators?

To create secure, random passwords (C)

What does a password manager do?

Stores multiple passwords securely (A)

What is a key benefit of two-factor authentication?

It provides an additional layer of security (D)

Besides a password, what might two-factor authentication ask for?

A code sent to your phone (C)

What does it mean to practice strong password hygiene?

Using unique, complex passwords for each account (D)

What is the benefit of using antivirus software for online security?

It protects against malware and other online threats (B)

What should you do if you receive a suspicious communication asking for personal information?

Ensure the sender's authenticity before responding (C)

What are the benefits of updating your web browser regularly?

Updates offer new functionalities or improvements to existing features, including security (A)

Using a limited user account for web browsing helps to:

Limit the damage malware can do (B)

What is the purpose of blocking pop-up windows in web browsers?

Preventing accidental access to malicious sites (D)

What is the purpose of the 'HTTPS Everywhere' plugin?

To encrypt your web browsing traffic (C)

What is a VPN (Virtual Private Network) used for?

To encrypt your browser's communications (B)

What action can you take if custom web applications require you to use a web browser with weaker security settings?

Using two web browsers (C)

What does a web browser do?

It retrieves information from the web and displays it (A)

Which statement about web browsers is correct?

Web browsers are a popular target for attackers (A)

What security feature does Google Chrome use to protect users?

Sandboxing (A)

What feature does Mozilla Firefox offer for increased privacy?

Enhanced Tracking Protection (C)

What feature does Opera provide for syncing user data?

Opera sync (A)

What is the purpose of a security zone in Internet Explorer?

Determine what kind of content can be blocked for that site (C)

Which of the following is a best practice for password management?

Never use the same password for multiple sites (C)

Which statement best describes traffic interception?

Involves the threat actors eavesdropping on network traffic to monitor and capture data (D)

Which of the following does Phishing involves?

Cybercriminals use different phishing and social engineering tactics (D)

Credential stuffing is based on what assumption?

instead of guessing passwords, they use stolen credentials (A)

Which of the following best describes a Dictionary attack?

a list of commonly used words and phrases, as well as often-used passwords (C)

What does a Keylogger do?

records a user's activity by logging keyboard strokes (D)

Flashcards

What is a password?

A secret sequence of characters used to verify a user's identity and protect against unauthorized access.

What are weak passwords?

Passwords consisting of common words or easily guessable information.

What are strong passwords?

Passwords that combine letters, numbers, and symbols to increase complexity and security.

What is a universal password?

Using a single password for multiple websites or accounts, increasing risk if one account is compromised.

What are alphanumeric passwords?

Passwords that contain letters and numbers and can include symbols.

What are random passwords?

Passwords consisting of random characters that don't form a word, phrase, or sentence.

What are pattern-based passwords?

Passwords created by using keyboard patterns, making them easier to remember than random character passwords.

What is a dictionary attack?

A method of password cracking where software tries listing words from a dictionary and testing them as passwords.

What is a brute force attack?

A password attack that relies on attempting various combinations of words and characters to guess a password.

Rainbow table attacks and network analysis

A cyber attack that uses precomputed tables (rainbow tables) or network analysis tools to uncover passwords.

What are phishing and social engineering?

A deceptive practice where attackers send communication containing a malicious link to steal login credentials.

What is spidering?

A method where online criminals gather information to guess passwords through a hands-on approach.

How to reinforce your passwords

Crucial principles to follow for password management, including avoiding common passwords and using password generators.

What are password managers and generators?

Applications that store passwords securely, auto-fill credentials, and suggest potential updates.

What is two-factor authentication?

A security measure that combines two factors during log in for additional confirmation.

What is multi-factor authentication

A combination of factors during logon. As the name implies, uses multiple factors.

What is Password hygiene?

A set of security practices designed to protect online accounts by using unique and complex passwords.

What leads to data breaches?

Stolen, weak, and reused passwords.

What is a brute-force attack?

A type of password attack where hackers make numerous attempts to gain access.

What is a keylogger?

Spyware that records a user's activity by logging keyboard strokes.

What is a dictionary attack?

A type of brute force attack, a dictionary attack is based on a list of commonly used words and phrases, as well as often-used passwords.

What is credential stuffing?

Attackers use trial-and-error to gain access.

What is a man-in-the-middle attack?

Impersonating party through phishing email..

What is Traffic Interception?

Eavesdropping on network traffic

What is Phishing?

versatile approach. attackers use different tactics..

What is Password spraying?

password spraying involves trying large amounts..

Password attack prevention.

Adopt best practices for password. Easy to hack are appealing to criminals..

how to boost security.

requiring complex and different website passwords

Web browser security:

The web browser is one of the most heavily used programs on a computer or mobile device today.

Attackers will?

Hijack or snoop on the web traffic.

Harden web browser..

Keep it updated to last version..

What does Anti-maleware do?

blocks suspect files after been download..

Ditch any unused.

Disable or uninstall any plugins that aren't regularly used

NoScript or ScriptSafe.

a Web browser helps users with security.

What is web browser?

A web browser is an application for accessing websites and the internet.

What is Security zone.

Internet explorer has default security level.

What does chrome has.

Chrome is secure by default. Protects from dangers sites.

What does Opera do?

Synes browser

Study Notes

• Starting with a weak password can lead to security breaches.
• A strong password is a key defense against cyberattacks.

Creating Secure Passwords

• Do not reuse common words, names, phrases, or dates
• Secure passwords should be non-dictionary words or unusually spelled words
• Use letter substitutions with numbers or symbols (e.g., 11k3 th1$)
• Passwords are case-sensitive, so mix uppercase and lowercase letters (e.g., m0R3 L1k3 tH1$)
• Utilize a minimum of eight characters or less than 16 characters, with a maximum of 64 characters
• Complex passwords offer enhanced protection compared to simple ones

Password Types

• Weak passwords are simple, easily guessed, dates, or universal
• Strong passwords are alphanumeric, random, or pattern-based

Weak Passwords

• Simple passwords involve common dictionary words
• Adding numbers to words does not significantly improve security (journalist = journalist1)
• Easily guessable passwords include names or terms linked to you
• Passwords based on dates are easily cracked
• Using a single password across multiple sites is a "universal password" which poses a significant risk if one site is breached

Strong Passwords

• Alphanumeric passwords use letters and numbers, with special characters increasing effectiveness
• Random passwords consist of non-word characters that are hard to crack
• Pattern-based passwords use keyboard patterns for unique combinations

Alphanumeric Strong Passwords

• Start with a simple word and make substitutions to increase complexity (Kelly becomes K3l!Y437)

Random Character Strong Passwords

• Use software tools like password managers (Dashlane, Keeper) or browser features (Mozilla Firefox) to generate and store unique passwords
• Pattern strong passwords use drawing shapes on the keyboard and taking every other letter

How Hackers Crack Passwords

• Dictionary attacks use software to test dictionary words as passwords which can be cracked within 5 minutes
• Brute force attacks use software with machine learning and AI to try various combinations until the password is found in days to billions of years
• Rainbow table attacks and network analysis are techniques used to match passwords to decryption keys or intercept network data
• Phishing involves receiving a malicious link via email to download malware
• Social engineering involves emails from reputable sources that lead to scam websites for login credentials
• Spidering involves contacting individuals or organizations impersonating client for data theft

Reinforcing Passwords

• Avoid common passwords and never use the same password for multiple sites
• Keep passwords private and use password generators for secure, memorable passwords
• Change passwords regularly, especially on business and social media accounts
• Use password managers to track passwords instead of sticker notes
• Enable two-factor authentication, multi-factor authentication, or one-time passwords

Password Managers and Generators

• Password managers store passwords and auto-fill credentials using a master password
• They encrypt passwords, and check password strength and suggest updates for two-factor authentication is supported

Multi-Factor Authentication

• Multi-factor authentication combines two factors in a log in like, fingerprint or retinal scan as well
• Answer correctly

Secure Passwords

• Securing passwords can help to create to protect online accounts
• Unique password, and complex password is recommended
• Two-factor authentication should be enabled when available
• Buying the best antivirus is key security
• Phishing attempts should be avoided

Password protection

• Robust passwords should integrate a mix of upper and lowercase
• Passwords should avoid repetition and should be changed periodically
• Do not share passwords

Password Types

• Weak Passwords like Simple, Easy to guess, Dates and universal passwords should be avoided
• Strong passwords like alphanumeric, random and pattern-based should be used

Password Meanings

• BIOS password prevent unauthorized users from making changes to system hardware and software settings
• System password prevents unauthorized user from using the computer
• Administrator password helps you fully operate window
• User password means the unique codes, words or identification

Password Attacks

• Brute-force attack
• Keylogger attack
• Dictionary attack
• Credential stuffing
• Man-in-the-middle
• Traffic interception
• Phishing
• Password spraying

Brute-force attack

• Use software involving automated methods

Keylogger attack

• Records a user's activity by logging keyboard strokes

Dictionary attack

• Based on a list of commonly used words as well as often-used passwords

Credential stuffing

• Attackers use trial and error to gain access

Man-in-the-middle

• Scenario involves 3 parties
• The user, the attacker, and the third party

Phishing

• Cybercriminals use different phishing and social engineering tactics
• Phishing attacks typically create urgency for the use

Password spraying

• Involves trying a large number of common passwords on a small number of user accounts

Prevent Password attacks

• Best practices for password hygiene and management
• Passwords should be long, complex and Unique
• Multi factor authentication should be implemented when possible
• Password managers simplifies and secures storage

Securing Web Browsers

• Browsers can be exploited

Targeting the browser

• Browser handle many different types of media and functions

Targeted Aspects

Connections to online resources (eg, DNS servers, websites)

• Plug ins installed on the browser -Vulnerabilities in the browser itself

Hardening the browser

• Update to the latest version along with regular releases

Updates Include

• Anti-phishing, anti-malware, plugin security, and sandbox

Use limited user account

• Restricts account from malware and allows less freedom

Security Settings

• Customize these settings to the highest possible
• Enable block reported attack/ fake websites
• Completely disable cookies unless trusted
• Block pop up windows unless trusted
• Block Java Script unless trusted
• Block running of cameras/ microphone unless trusted
• Block plugins and add-ons unless trusted

Additional Steps

• Use reputable antivirus solution and virtual private network
• Use security focused search engine

Workarounds

• Update or modify browsers
• Not using a newer version
• Not using weaker security settings
• Specific version web browser is required

To Improve security use

• To browsers, the first with required setup for business operations
• Isolate the web browser for operating system using a sand box

Web Browser

• Browsers retrieve information

Security

• Secure by default such as Site isolation, sandboxing, and predictive phishing protections
• Chrome, Mozilla Firefox, Opera have security features