How to Secure Passwords?

GreenGrass's Avatar author of How to Secure Passwords?
This is an article on How to Secure Passwords? in Windows.
Rated 5.00 By 3 users
What is the Weakness to Password and Username?

How can we prevent unauthorized poeple to get access to your account. How can we secure it? Well Password and Username is an old verify identity of an user account. Only the person so are the owner of the account have the password but is it really safe? There i all the time weakness in all kinda systems. There are many threats so can be used to attack this kinda account system to gain access. If the password isn't encrypted this is a very big risk since people can gain unauthorized access with just sniffing around in the network. So you should have all the password encrypted on the system.

Another risk with password and username is that when they if the passwords is weak its can be very easy to crack it. How can i avoid that? Well make a strong password. Strong Password is from 8 - 16 characters long. As everyone know a Brute Force Attack wont stop before it have the right password. So how can we get protected against this kinda attack? Well lets say you have 5 tryes to log into the account. If you have gone over that limte the account will be locked down or you must wait like 1 hour befor you can try again. This is the best protection against Cracking attacks.


When you are ect going to secure a School Network there is alot of things you should think about. Ect you should make it like a rule that after 3 weeks everyone must choose a new password. Since its may be a lot of password so other poeple may get access to so they can log into other accounts. Also you should lock down important Functions on the system so Normal users shouldn't have access to like "Command Prompt", and other stuffs so can be used to do things they shouldn't do. You should set up limited account to every student so they haven't access to the whole computer.

You should also limited to use of the Internet. Lets say they only have access to specific internet pages they may go to. Also block sites like Games and stuff. Also its very important to monitor where they are going on the Internet and what they are doing. So may be it will be smart to install Keylogger on every computer. If people are doing something wrong on the computer you should lock them away from the computer for a while. Just so they know that you are the boss lol.

What is Encryption?

This is an Techniques so is used to secure Sensitive Informations so you don't want to go in the wrong hands. Important information is etc. "Password" and "Usernames" If they are encrypted no one can read them without access to read them. Lets say you must in Administrator account to read the Encrypted files. This is very good way to prevent Sniffing attacks.
XXxxImmortalxxXX's Avatar
Invasive contributor
nice article but



Quote:

When you are ect going to secure a School Network there is alot of things you should think about. Ect you should make it like a rule that after 3 weeks everyone must choose a new password. Since its may be a lot of password so other poeple may get access to so they can log into other accounts. Also you should lock down important Functions on the system so Normal users shouldn't have access to like "Command Prompt", and other stuffs so can be used to do things they shouldn't do. You should set up limited account to every student so they haven't access to the whole computer.

you can still bypass command promp once u get access u can then get full access to the pc



Quote:
You should also limited to use of the Internet. Lets say they only have access to specific internet pages they may go to. Also block sites like Games and stuff. Also its very important to monitor where they are going on the Internet and what they are doing. So may be it will be smart to install Keylogger on every computer. If people are doing something wrong on the computer you should lock them away from the computer for a while. Just so they know that you are the boss lol.
you can always use a proxy and if they bann certain ones just make ur own proxy


as for the passwords you can decrypt them using certain passwords for instance NT/XP pc passwords are stored under SAM ("security accounts manager") and any hacker can gain access to it and use cain and able to decrypt it or any other program that does it



Other than that i like this article
GreenGrass's Avatar, Join Date: Jul 2008
Ambitious contributor
Thanks for a good reply XXxxImmortalxxXX
XXxxImmortalxxXX's Avatar
Invasive contributor
no problem mate
faizulhaque's Avatar, Join Date: May 2008
Skilled contributor
good Work
Aqeel's Avatar, Join Date: Aug 2008
Newbie Member
you can use hash function on password to secure your password. you can also apply key to encrypt your secret information like password, so that you can secure your secret information from hack or crack.
rider's Avatar
Go4Expert Member
nice one GreenGrass but if ... lets just say that i have entered in your server and i got Administrator/root access and i install a rootkit .. after that you can change the password once in a day .. i`m still inside. The best way to avoid hack/crack is :
In Windows - avoid porn sites , "free stuff" sites , warez sites and all the sites from that category.
- keep the computer updated, firewall ON, and a good up to date antivirus
-websites made with a vulnerable php script
In Linux : - with linux is 90% probably to get cracked with some simple ssh/ftp brute-forcers
- old openssl versions are vulnerable for few exploits
- samba vulnerabilityes
- php sites made with vulnerable php scripts (hosting servers)
- other vulnerabilityes
In Linux the best way to avoid this kind of hack/crack is to change the operating system to freeBSD or SunOS
ban1414's Avatar, Join Date: Oct 2008
Newbie Member
Another risk with password and username is that when they if the passwords is weak its can be very easy to crack it. How can i avoid that? Well make a strong password. Strong Password is from 8 - 16 characters long. As everyone know a Brute Force Attack wont stop before it have the right password. So how can we get protected against this kinda attack? Well lets say you have 5 tryes to log into the account. If you have gone over that limte the account will be locked down or you must wait like 1 hour befor you can try again. This is the best protection against Cracking attacks.


When you are ect going to secure a School Network there is alot of things you should think about. Ect you should make it like a rule that after 3 weeks everyone must choose a new password. Since its may be a lot of password so other poeple may get access to so they can log into other accounts. Also you should lock down important Functions on the system so Normal users shouldn't have access to like "Command Prompt", and other stuffs so can be used to do things they shouldn't do. You should set up limited account to every student so they haven't access to the whole computer.
happyz's Avatar, Join Date: Nov 2008
Go4Expert Member
nice one
Dak914's Avatar, Join Date: May 2008
Go4Expert Member
Kudos.