LAB EXERCISE & DISCUSSION QUESTIONS
Complete the following lab graded exercise as directed by your instructor:
- Using the checklist above, complete a checklist for each (password, password hint) pair below. Also, discuss any weakness found in the password if any.
|a.||Ihtk:JaJ||I have two kids: Jack and Jill|
|b.||2BontBtitq!||To be or not to be, that is the question|
2. Create three passwords that are different from those previously discussed using the pneumonic method discussed above. For each password, also provide the corresponding sentence or phrase from which it was derived.
3. Evaluate each of the following passwords manually using the security checklist introduced in Table 1 to determine which password rules are met:
- Complete the following tasks: a. the following four user accounts, hclinton, dtrump, bsanders and bcarson b. Generate passwords for each of the account. The passwords should vary in length. Specifically, the lengths should be 12, 14, 16 and 20 respectively, and consist of numbers, upper-case and lower-case letters, and special characters.
- Password Checker: Use Password Checker to verify whether your passwords are strong enough. Password Checker is a Microsoft tool and is available at: https://www.microsoft.com/en-us/security/default.aspx
- Password Managers: Remembering passwords could be sometimes challenging, especially as the number of different passwords increase. Password managers provide a means of managing multiple passwords. There are several password managers that are currently available. PasswordSafe, authored by famed security specialist Bruce Schneier, is freely available at https://pwsafe.org/. Here is a Quickstart guide on how to use it.
- Cracking Passwords. View the video, Password Cracking – Computerphile: https://www.youtube.com/watch?v=7U-RbOKanYs
- If a longer password is more secure, why not just use the entire sentence instead of picking the first letter of each word?
- How can strong passwords contribute to national security efforts?
Eitzen, D. Stanley, Maxine Bacca Zinn and Kelly Eitzen Smith. Social Problems. Boston: Pearson, 2014.
Kendall, Diana. Sociology in Our Times: The Essentials, 10th Edition. Boston: Cengage Learning, 2016.
NISTIR 7991 (2014). United States Federal Employees’ Password Management Behaviors – a Department of Commerce Case Study.
Schneier, B. (2009). Schneier on Security. March9. 2009. https://www.schneier.com/blog/archives/2009/03/choosing_a_bad.html
The Comprehensive National Security Initiative. Retrieved from: https://www.whitehouse.gov/issues/foreign-policy/cybersecurity/national-initiative
Zetter, Kim. Weak Passwords Brings ‘Happiness’ to Twitter Hacker.Security, 2009
Zhang-Kennedy, Leah. “Revisiting Password Rules:Facilitating Human Management of Passwords,” 2016 APWG Symposium on Electronic Crime Research, June 2016, pg. 1-10
Yan, J., Blackwell, A., Anderson, R., Grant, A., The Memorability and Security of Passwords–Some Empirical Results, University of Cambridge, 2000