Perfect Passwords: Selection, Protection, Authentication
By Mark Burnett
HIGHLIGHT
User passwords are the keys to the network kingdom, yet most users choose overly simplistic passwords (like password) that anyone could guess, while system administrators demand impossible to remember passwords littered with obscure characters and random numerals. Author Mark Burnett has accumulated and analyzed over 1,000,000 user passwords, and in this highly entertaining and informative book filled with dozens of illustrations reveals his findings and balances the rigid needs of security professionals against the ease of use desired by users. |
Build Password Policies That Won’t Be Ignored
Date: Nov 2005
Pages: 200 (est.)
User level: All |
DESCRIPTION
This book examines the password problem from the perspective of the administrator trying to secure their network, the user trying to not forget their password, and the hackers trying to crack these passwords to gain unauthorized access to everything from corporate networks, to private bank accounts, to pornographic Web sites. Author Mark Burnett has accumulated and analyzed over 1,000,000 user passwords and through his research has discovered what works, what doesn’t work, and how many people probably have dogs named Spot. The book begins by discussing the types of password policies that most companies implement and the fact that their complexity means they are more often than not ignored by employees. Next, we see passwords through the eyes of hacker and crackers to see just how easy it is to compromise most relatively simple passwords. The next section of the book bridges the gap to teach users “20 pointers for perfect passwords” that are personal enough for them to remember AND complex enough to satisfy their system administrator’s policies. Throughout the book, Burnett sprinkles interesting and humorous password ranging from the Top 20 dog names to the number of references to the King James Bible in passwords.
KEY
SELLING POINTS
- Every computer user must face the problems of password security. According to a recent British study, passwords are usually obvious: around 50 percent of computer users select passwords based on names of a family member, spouse, partner, or a pet.
- Many users face the problem of selecting strong passwords that meet corporate security requirements. Too often, systems reject user-selected passwords because they are not long enough or otherwise do not meet complexity requirements. This book teaches users how to select passwords that always meet complexity requirements.
- A typical computer user must remember dozens of passwords and they are told to make them all unique and never write them down. For most users, the solution is easy passwords that follow simple patterns. This book teaches users how to select strong passwords they can easily remember.
MARKET
INFORMATION
Almost everyone using a computer for personal or business reasons must enter at least one password into their computer every time they log on. Every system administrator provides their users with some type of policy or guidelines for password creation and management. Every computer user or manager of users is a potential customer for this book.
ABOUT
THE AUTHOR
Mark Burnett is an independent researcher, consultant, and writer specializing in Windows security. Mark is author of Hacking the Code: ASP.NET Web Application Security (Syngress Publishing, ISBN: 1-932266-65-8), co-author of Microsoft Log Parser Toolkit (Syngress Publishing ISBN: 1-932266-52-6), Maximum Windows 2000 Security (SAMS Publishing, ISBN: 0-672319-65-9), co-author of Stealing The Network: How to Own the Box (Syngress Publishing, ISBN: 1-931836-87-6), and is a contributor to Dr. Tom Shinder's ISA Server and Beyond: Real World Security Solutions for Microsoft Enterprise Networks (Syngress Publishing, ISBN: 1-931836-66-3). He is a contributor and technical editor for Syngress Publishing's Special Ops: Host and Network Security for Microsoft, UNIX, and Oracle (ISBN: 1-931836-69-8). Mark speaks at various security conferences and has published articles in Windows IT Pro Magazine (formerly Windows & .NET Magazine), Redmond Magazine, Information Security, Windows Web Solutions, Security Administrator, SecurityFocus.com, and various other print and online publications. Mark is a Microsoft Windows Server Most Valued Professional (MVP) for Internet Information Services (IIS).
TECHNOLOGY
BACKGROUND
With the ever-increasing power of computers, our traditional password strategies aren’t keeping up. This book explains in simple terms the theories of entropy, character keyspace, password hashing, and predictability. By understanding the science and mathematics behind passwords, users will better understand how to select strong passwords. For administrators, there will be a realistic approach to theories of security policy and will show which policies work and which policies don’t.
|
