Password Security Overview

Questions and Answers

What is a password?

A password is a string of symbols that is used to limit access to a computer or system to only those who know it.

Passwords can be made up of only letters.

False (B)

What is the purpose of a password?

• To provide a username for a computer system
• To allow several users to access the same system
• To make it more convenient to log into systems
• To limit access to a computer or system (correct)

It is safe to use common passwords.

False (B)

Match the following password rules with their descriptions:

Password Length = Longer passwords are typically more secure. Password Complexity = Using a mixture of characters like uppercase and lowercase letters, numbers, and symbols makes your password more difficult to guess.

The "8 4 Rule" is the most up to date rule for password security.

False (B)

What is a password manager?

A password manager is a software application that helps you store and manage your passwords securely.

It is a good practice to use the same password for multiple accounts.

False (B)

It is safe to leave your password written down next to your computer.

False (B)

What are some examples of weak passwords?

All of the above. (E)

How frequently should you change your passwords?

You should change your passwords every 3-6 months.

It is okay to type your password on a shared computer.

False (B)

If you are asked to change your password through an email or text message, it is always safe to do so.

False (B)

What is a good alternative to typing your password on a computer that you don't trust?

You can use a passphrase or generate a strong random password instead of typing your usual password.

It is appropriate to share your passwords with friends and family.

False (B)

It is acceptable to use the same password on different sites, especially if your credit card is tied to your account.

False (B)

Is it a good practice to use common passwords?

False (B)

What are two essential rules for creating strong passwords?

The two essential rules for creating strong passwords are length and complexity.

What is the recommended minimum length for a strong password?

The recommended minimum length for a strong password is 15 symbols.

What are the four symbol groups used in making strong passwords?

The four symbol groups are lowercase alphabets, uppercase alphabets, numbers, and punctuation characters.

The 8 4 Rule is still a good practice for creating strong passwords.

False (B)

Strong passwords can be very difficult to remember.

True (A)

What is a common example of a phrase used for a passphrase?

7 Pies voting 2 see Eagles concert! (B)

Which of these is an example of a weak password?

123456789 (A), sunshine123 (D)

It is safe to use the same password for all of your online accounts.

False (B)

It is safe to write down your password and keep it next to your computer.

False (B)

It is safe to share your password with a trusted friend or significant other.

False (B)

It is safe to use your birthday as a password.

False (B)

It is safe to use a password that is very easy to remember.

False (B)

It is safe to leave your password field blank.

False (B)

How often should you change your passwords?

It is recommended to change your passwords every 3 to 6 months.

It is safe to type your password on a public computer.

False (B)

Which of these are considered weak passwords (Select all that apply)?

123456 (A), qwerty123 (C), password (E)

A passphrase is a phrase that should be easy to remember and difficult to guess.

True (A)

What is a symbol in relation to a password?

A symbol can be any key on the keyboard or keypad. It could be a letter, a digit, or punctuation mark.

List a few examples of good password manager software.

Password Dragon, Dashlane Pro, LastPass

The 8-4 rule is a good guideline for creating strong passwords.

False (B)

It is best to use the same password across all your online accounts.

False (B)

What are some best practices for passwords?

Change your passwords frequently (every 3-6 months). Never store them on a notepad or share them with others. It is also recommended to verify the source if asked to change your password via email or text message. Using a password manager to generate and keep these separate for every account is strongly encouraged.

Flashcards

Password

A string of symbols used to restrict access to a computer or system.

Password Purpose

To control who can use a computer or system.

Password Symbol

Any key on a keyboard, including letters, numbers, and symbols.

Common Passwords

Easily guessed passwords like 'password', '123456', etc.

Strong Password Length

At least 15 symbols; ideally 60 or more.

Strong Password Complexity

Using lowercase letters, uppercase letters, numbers, and punctuation characters.

Password 8-4 Rule

An outdated rule suggesting minimum 8 characters with 4 different types.

Password Manager

Software that securely stores and manages your passwords.

Password Dilemma

Difficulty remembering complex passwords

Passphrase

A sentence used as a password, making it easier to remember.

What is a password?

A sequence of symbols that restricts access to a computer system. It's like a secret code to unlock the door to your digital space.

What's the purpose of a password?

To ensure only authorized individuals can access a computer or system. Prevents unwanted access and protects sensitive information.

Symbol in password

Any key on the keyboard, including letters, numbers, and punctuation marks.

Why avoid common passwords?

Common passwords, like 'password' or '123456', are easily guessed by hackers. These are like using a key with a universal lock.

Strong password rule 1

Create passwords with at least 15 symbols. The longer, the harder it is to guess.

Strong password rule 2

Combine symbols like lowercase letters, uppercase letters, numbers, and punctuation.

Password Complexity

Strong passwords use a variety of symbols from different groups.

What is the 8 4 rule for passwords?

An outdated rule suggesting a minimum length of 8 characters with at least one lower case, uppercase, number, and special character.

Why are strong passwords hard to remember?

Combining many, diverse symbols makes it tough to recall passwords, especially for longer ones.

What are password managers?

Software that securely stores and manages your passwords. They act like a safe for your digital keys.

What is a passphrase?

A memorable sentence used as a password, making it easier to recall.

Why are passphrases good for passwords?

They provide a longer, more memorable password compared to a simple string of symbols.

Binary addition in computers

In computers, adding binary numbers is limited by the available bits. This means that the result might not fit within the allocated space, leading to overflow.

Unsigned numbers

Unsigned numbers represent only positive values and zero. They don't have a sign bit to represent negative values.

Overflow in unsigned numbers

When adding unsigned numbers, if the result exceeds the maximum value representable by the available bits, an overflow occurs, losing the carry bit.

Signed numbers

Signed numbers can represent both positive and negative values. They use a sign bit to indicate the sign.

Overflow in signed numbers

When adding signed numbers, if the result exceeds the maximum value, an overflow occurs. This can happen even without a carry.

Integer overflow

The condition when the result of a calculation exceeds the maximum value (or falls below the minimum value) representable by the data type.

Integer underflow

The result of a calculation is too small to be represented by the data type.

Why is overflow a concern?

Overflow errors can cause program crashes, security vulnerabilities, and even physical damage in safety-critical systems.

Ariane 5 rocket failure

The first flight of Ariane 5 rocket failed due to integer overflow, leading to the rocket exploding after launch.

Patriot missile failure

A Patriot missile system miscalculated its target due to an integer overflow, resulting in a friendly-fire incident and casualties.

Preventing overflow

Use larger data types, check values before calculations, or use specific programming language features to detect overflow.

How can you detect overflow?

Check if the result of a calculation is outside the expected range.

Overflow detection methods

Use larger data types, check for inconsistencies in the result (e.g., positive sum yielding a negative result), or use specific language features designed for overflow detection.

Data type

A classification of data in programming languages, defining the type and range of values that can be stored.

Bit

The smallest unit of information in a computer, representing either a 0 or a 1.

Carry bit

A bit used in binary addition to indicate if a value has overflowed to the next digit.

Two's complement

A method used to represent signed integers in computers, allowing both positive and negative values to be represented.

Range of a data type

The minimum and maximum values that a data type can represent in a computer.

Computer limitations

Computers have limitations in terms of memory and processing power, impacting how they handle data and computations.

Safety-critical systems

Systems where errors could have disastrous consequences for human life or the environment, such as medical devices or aircraft.

Security concerns

Potential risks to the confidentiality, integrity, or availability of data or systems, such as unauthorized access or data breaches.

Financial loss

The loss of monetary value due to errors or failures.

Loss of life

Tragic consequences resulting from errors or failures, leading to death.

Ariane 5 rocket cost

The Ariane 5 rocket failure resulted in an estimated financial loss of over $370 million.

Patriot missile casualty count

The Patriot missile failure resulted in 28 soldiers killed and 100 injured.

Software reuse

The practice of reusing existing software components in new projects, potentially leading to unforeseen consequences.

Course correction

An adjustment made to a vehicle or device to ensure it stays on track.

Self-destruct

A mechanism that automatically destroys a device or vehicle to prevent its capture or damage.

Musculation

A deviation from the intended trajectory, resulting in a miss.

Friendly fire

The accidental targeting of friendly forces by their own troops, often due to misidentification.

Scud missile

A type of ballistic missile used by Iraq during the Gulf War.

Study Notes

Passwords Overview

• A password is a string of symbols.
• A symbol can be any key on the keyboard (letter, digit, or punctuation).
• The purpose of passwords is to limit computer/system access to only authorized users knowing the sequence of symbols.
• Knowledge of the sequence limits access to a few people, and is used for user authentication.

Top 10 Most Common Passwords

• Avoid these common passwords: 123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678, 111111, 1234567890.

Rules for Creating Strong Passwords

• Rule 1: Password Length

  • Use passwords with at least 15 symbols. Longer is better; ideally, 60 or more symbols.

• Rule 2: Password Complexity

  • Include symbols from lower-case, upper-case alphabets, numbers, and punctuation.

Strong Password 8 4 Rule (Outdated)

• An outdated rule suggesting 8 characters minimum, with 1 each of: lower-case, upper-case, number and special character.

Problems with Strong Passwords

• Strong passwords are frequently difficult to remember.
  • Password managers (e.g., LastPass, Password Dragon, Dashlane Pro) can help store and manage them.

What is a Passphrase?

• An alternative to a password manager: Use a phrase familiar to you.
• Examples include: "I love to play badminton" or "ILuv2PlyB@d<tin". Ideally, use longer, more descriptive phrases.

Good Passphrase Example

• Better passphrase examples consist of 4-5 common words to improve memorability. An example is "7 Pies voting 2 see Eagles concert!".

Guidelines for Avoiding Weak Passwords

• Avoid using username parts, pet/family names, personal information (e.g., phone numbers, dates of birth), or common sequences (e.g., 123456)
• Refrain using dictionary words/sequences
• Don't substitute letters for numbers (e.g., password).
• Don't leave password fields blank.

Best Practices for Passwords

• Change passwords every 3-6 months.
• Never write passwords down where they can be seen.
• Never share passwords with anyone.
• Don't use the same password for multiple sites, particularly those linked to credit cards.
• Don't type a password when someone else is watching.
• Immediately change any compromised password.
• Don't use password-remembering features on unknown computers.
• Verify the authenticity of any password requests (e-mail, text messages). A legitimate request will never ask for a full password in one piece.
• When given a choice to send part of the password, do so, but do not reveal all parts in one piece through only one channel (Voice/phone or text or e-mail).

Helpful Password Web Links

• Self-Service Password Reset (Algonquin College ITS link)
• How Secure is My Password? (Security.org link)
• Have I Been Pwned? (haveibeenpwned.com).