Password Security Overview

Questions and Answers

What is a password?

A password is a string of symbols that is used to limit access to a computer or system to only those who know it.

Passwords can be made up of only letters.

False

What is the purpose of a password?

To provide a username for a computer system

To allow several users to access the same system

To make it more convenient to log into systems

To limit access to a computer or system (correct)

It is safe to use common passwords.

False

Match the following password rules with their descriptions:

Password Length = Longer passwords are typically more secure. Password Complexity = Using a mixture of characters like uppercase and lowercase letters, numbers, and symbols makes your password more difficult to guess.

The "8 4 Rule" is the most up to date rule for password security.

False

What is a password manager?

A password manager is a software application that helps you store and manage your passwords securely.

It is a good practice to use the same password for multiple accounts.

False

It is safe to leave your password written down next to your computer.

False

What are some examples of weak passwords?

All of the above.

How frequently should you change your passwords?

You should change your passwords every 3-6 months.

It is okay to type your password on a shared computer.

False

If you are asked to change your password through an email or text message, it is always safe to do so.

False

What is a good alternative to typing your password on a computer that you don't trust?

You can use a passphrase or generate a strong random password instead of typing your usual password.

It is appropriate to share your passwords with friends and family.

False

It is acceptable to use the same password on different sites, especially if your credit card is tied to your account.

False

Is it a good practice to use common passwords?

False

What are two essential rules for creating strong passwords?

The two essential rules for creating strong passwords are length and complexity.

What is the recommended minimum length for a strong password?

The recommended minimum length for a strong password is 15 symbols.

What are the four symbol groups used in making strong passwords?

The four symbol groups are lowercase alphabets, uppercase alphabets, numbers, and punctuation characters.

The 8 4 Rule is still a good practice for creating strong passwords.

False

Strong passwords can be very difficult to remember.

True

What is a common example of a phrase used for a passphrase?

7 Pies voting 2 see Eagles concert!

Which of these is an example of a weak password?

123456789

It is safe to use the same password for all of your online accounts.

False

It is safe to write down your password and keep it next to your computer.

False

It is safe to share your password with a trusted friend or significant other.

False

It is safe to use your birthday as a password.

False

It is safe to use a password that is very easy to remember.

False

It is safe to leave your password field blank.

False

How often should you change your passwords?

It is recommended to change your passwords every 3 to 6 months.

It is safe to type your password on a public computer.

False

Which of these are considered weak passwords (Select all that apply)?

123456

A passphrase is a phrase that should be easy to remember and difficult to guess.

True

What is a symbol in relation to a password?

A symbol can be any key on the keyboard or keypad. It could be a letter, a digit, or punctuation mark.

List a few examples of good password manager software.

Password Dragon, Dashlane Pro, LastPass

The 8-4 rule is a good guideline for creating strong passwords.

False

It is best to use the same password across all your online accounts.

False

What are some best practices for passwords?

Change your passwords frequently (every 3-6 months). Never store them on a notepad or share them with others. It is also recommended to verify the source if asked to change your password via email or text message. Using a password manager to generate and keep these separate for every account is strongly encouraged.

Study Notes

Passwords Overview

• A password is a string of symbols.
• A symbol can be any key on the keyboard (letter, digit, or punctuation).
• The purpose of passwords is to limit computer/system access to only authorized users knowing the sequence of symbols.
• Knowledge of the sequence limits access to a few people, and is used for user authentication.

Top 10 Most Common Passwords

• Avoid these common passwords: 123456, 123456789, qwerty, password, 12345, qwerty123, 1q2w3e, 12345678, 111111, 1234567890.

Rules for Creating Strong Passwords

• Rule 1: Password Length

  • Use passwords with at least 15 symbols. Longer is better; ideally, 60 or more symbols.

• Rule 2: Password Complexity

  • Include symbols from lower-case, upper-case alphabets, numbers, and punctuation.

Strong Password 8 4 Rule (Outdated)

• An outdated rule suggesting 8 characters minimum, with 1 each of: lower-case, upper-case, number and special character.

Problems with Strong Passwords

• Strong passwords are frequently difficult to remember.
  • Password managers (e.g., LastPass, Password Dragon, Dashlane Pro) can help store and manage them.

What is a Passphrase?

• An alternative to a password manager: Use a phrase familiar to you.
• Examples include: "I love to play badminton" or "ILuv2PlyB@d<tin". Ideally, use longer, more descriptive phrases.

Good Passphrase Example

• Better passphrase examples consist of 4-5 common words to improve memorability. An example is "7 Pies voting 2 see Eagles concert!".

Guidelines for Avoiding Weak Passwords

• Avoid using username parts, pet/family names, personal information (e.g., phone numbers, dates of birth), or common sequences (e.g., 123456)
• Refrain using dictionary words/sequences
• Don't substitute letters for numbers (e.g., password).
• Don't leave password fields blank.

Best Practices for Passwords

• Change passwords every 3-6 months.
• Never write passwords down where they can be seen.
• Never share passwords with anyone.
• Don't use the same password for multiple sites, particularly those linked to credit cards.
• Don't type a password when someone else is watching.
• Immediately change any compromised password.
• Don't use password-remembering features on unknown computers.
• Verify the authenticity of any password requests (e-mail, text messages). A legitimate request will never ask for a full password in one piece.
• When given a choice to send part of the password, do so, but do not reveal all parts in one piece through only one channel (Voice/phone or text or e-mail).

Helpful Password Web Links

• Self-Service Password Reset (Algonquin College ITS link)
• How Secure is My Password? (Security.org link)
• Have I Been Pwned? (haveibeenpwned.com).

Description

This quiz covers the fundamentals of password security, including the definition, common weak passwords, and guidelines for creating strong passwords. Learn about the importance of password length and complexity to enhance user authentication and system security.