Password Security Best Practices

Questions and Answers

What should you avoid using in your passwords?

• Random characters
• Symbols
• A mix of upper and lower case letters
• Words in any language (correct)

What is the recommended minimum length for a secure password?

• 8 characters
• 20 characters
• 16 characters (correct)
• 12 characters

Why might a blank Windows password be more secure than an easy-to-guess password in some situations?

• It speeds up the login process.
• It is easier to remember.
• It automatically encrypts your data.
• It prevents remote authentication. (correct)

What is a risky practice when dealing with passwords?

Writing passwords down on paper (C)

What kind of software might be running on public computers in places like hotel lobbies?

Keystroke-logging software (C)

What is a more secure alternative to writing down passwords?

Storing passwords in a password manager app (A)

What do Local Group Policy and Local Security Policy tools primarily help enforce?

Security best practices (C)

How many tools are mentioned for controlling what users and computers can do on a system or network?

Three (A)

In what is Group Policy implemented?

Active Directory on a Windows domain (C)

What type of policies does Local Group Policy contain?

A subset of policies in Group Policy (A)

To what does the subset of policies in Local Group Policy apply?

Only to the local computer or local user (C)

What does Local Security Policy apply to?

Only the local computer's Windows security settings (D)

What is Local Security Policy considered as in Control Panel?

An Administrative Tools snap-in (B)

Which editions of Windows are the Local Group Policy and Local Security Policy editors available with?

Business and professional editions (D)

What are the two major categories of policies in the Local Group Policy editor?

Computer and User Configuration (D)

What should you avoid doing on computers in hotel lobbies or internet cafes?

Signing into your email account (C)

Which of the following is a reason to change your passwords regularly?

To increase security (A)

What should passwords consist of to prevent programs from easily guessing them?

A combination of letters, numbers, and symbols (B)

What does gpedit.msc refer to?

Local Group Policy (A)

What does secpol.msc control?

Windows security settings (C)

Flashcards

Password best practice

Avoid common words; easy for programs to guess.

Password rule

Do not reuse across multiple systems.

Strong password criteria

16+ characters, using letters, numbers, and symbols.

Alternative to writing passwords

A password manager app.

Local Policy Editors

A tool to control what users and computers can do on a system or network.

Group Policy

Works in Active Directory on a Windows domain to control the privileges of computers and users on the domain.

Local Group Policy (gpedit.msc)

Contains a subset of policies in Group Policy; applies only to the local computer or local user.

Local Security Policy (secpol.msc)

Subset of policies in Local Group Policy, which apply only to the local computer's Windows security settings.

Study Notes

• Do not use words in any language for passwords
• Do not use numbers or symbols for letters in passwords, as programs can easily guess these
• Do not use the same password for more than one system
• The most secure passwords are 16 characters or more and use letters, numbers, and symbols
• A blank Windows password might be more secure than an easy-to-guess password such as "1234," because you cannot authenticate to a Windows computer from a remote computer unless the user account has a password
• A criminal might be able to guess an easy password and authenticate remotely
• If a computer is always in a protected room such as a home office and the user doesn't intend to access it remotely, she might choose not to use a password
• If the user travels with a laptop, always create a strong password
• It's not recommended writing passwords down, but if you do, keep them in a safe place as you would the data you are protecting
• Do not send passwords over email or chat
• Change passwords regularly, and don't type them on a public computer
• Computers in hotel lobbies or Internet cafés should only be used for web browsing, not for signing in to your email account or online banking account, because these computers might be running keystroke-logging software
• Rather than writing down passwords, consider storing passwords with a password manager app such as Dashlane, Sticky Password, or LastPass
• These apps can keep your passwords in the cloud or on your own device, and the passwords they create are longer and stronger than those you would be able to memorize

Local Group Policy and Local Security Policy Editors

• Three tools control what users and computers can do with a system or network
• Group Policy works in Active Directory on a Windows domain to control the privileges of computers and users on the domain
• Local Group Policy (gpedit.msc) contains a subset of policies in Group Policy; this subset applies only to the local computer or local user
• Local Security Policy (secpol.msc) contains a subset of policies in Local Group Policy, which apply only to the local computer's Windows security settings
• Local Security Policy is an Administrative Tools snap-in in Control Panel
• The Local Group Policy and Local Security Policy editors are available with business and professional editions of Windows
• The Local Group Policy editor contains two major categories of policies: Computer Configuration and User Configuration
• When you are working with the computer configuration in the Windows security settings group of the Local Group Policy editor, you are working with the same group of policies you can edit when using the Local Security Policy editor