Cryptoshop Help! Cryptoshop Contact! Cryptoshop Memo! Cryptoshop Shopping Cart! Place your order! Change to german site!
+ Products
· · · · · · · · · · · · · · · · · · · · · · ·
+ Solution
· · · · · · · · · · · · · · · · · · · · · · ·
+ Knowledge Base
  Security Targets  
  Security Governance  
  Cryptography  
  Technology  
  Smart Card applications  
  Authentication  
  Passwords vs. OTP vs. PKI  
  Knowing - Passwords  
  Having - Token  
  Being - Biometrics  
  Single Sign On Systems  
  PKI  
  How to  
· · · · · · · · · · · · · · · · · · · · · · ·
+ Service
· · · · · · · · · · · · · · · · · · · · · · ·
     
Management
· · · · · · · · · · · · · · · · · · · · · · ·
Security Officer
· · · · · · · · · · · · · · · · · · · · · · ·
System Engineer
· · · · · · · · · · · · · · · · · · · · · · ·
Purchasing
· · · · · · · · · · · · · · · · · · · · · · ·
Maintenance
· · · · · · · · · · · · · · · · · · · · · · ·
 
 

Passwort Challenge Response

Please note, that the Knowledge Base isn't translated to english completely at the moment. You will still find some german texts - we are translating permanently the outstanding parts! Thank you for understanding!

Password protection and quality
 
INFO & KNOWLEGDE
 
Passwords are shared secrets and therefore primary target of attacks, nowadays social engineering attacks getting passwords are called phising (password phishing).

Password generation
If the passwords are choosen by users themselves, you can expect, that there is choosen a password easy to remember. Mostly it will be something taken from the social environment and easy for entering, no special characters, which is resulting in weak passwords.

Good passcodes generated by a computersystem work well against brute force attacks, but they have bad mnemonic qualities, so this approach results in written mnemonic devices.

Reducing successful attacks (guessing with knowledge about social context, "dictionary-attack", "brute-force-attack") can be done with self-generated passwords by educated users (generating and using passwords) and a password policy, which enforce special characters, prevent reiterating old passwords, and block or delays retry, when there are failures.

Good passwords with mnemonic qualities can be reached with few techniques.

Memorable passwords
Acronym-method: The user is choosing a whole sentence and uses certain characters of each word (initial or other position) as password. Additional there should be numbers and special characters like exclamation or question marks.
Collage-method: Starting from an initial word, some characters can be replaced by numbers or special characters - maybe even parts can be translated into another language, also a combination with acronym method is possible.


Social Engineering
Social Engineering is deceiving people by palming oneself off as an authority (administrator, bank clerk, policemen) for getting confidential information.

Spying out by "Dumpster Diving", or digging into personal belongings results in many hints for passwords or getting confidential information.

Technical protection
Where passwords are processed, technical protection is vital. On authentication Server or local database, input terminal and data lines - protection against manipulation of hard- and software, or eavesdropping the transmission has to be in place.

Linktipps
innovative Passwort entry on PDAs



Passwort Challenge Response


One-Time-Pass - Systems


Passwords vs. OTP vs. PKI


Costs of a password system


Back to previous page!Top of page!To the startpage of Cryptoshop.com!
  Passwort Challenge Response  
  One-Time-Pass - Systems  
  Passwords vs. OTP vs. PKI  
  Costs of a password system  
 
  CobiT-system security with PKI  
  Risk Management  
  Security Economics  
  Smart Card  
  File Encryption  
  Meaning of authentication  
  Definition: Identity vs. Authenticity  
 
Legal notice Terms and Condtitions Consumer notice Privacy Newsletter Copyright © 2004 CRYPTAS. All rights reserved