Hacking For Dummies: Chapter 7 -- Passwords

This excerpt is from Chapter 7 Passwords in Hacking For Dummies written by Kevin Beaver and published by Wiley Publishing. Download this sample chapter on passwords here for free.

Password hacking is one of the easiest and most common ways hackers obtain unauthorized computer or network access. Although strong passwords that are difficult to crack (or guess) are easy to create and maintain, users often neglect this. Therefore, passwords are one of the weakest links in the information-security chain. Passwords rely on secrecy. After a password is compromised, its original owner isn't the only person who can access the system with it. That's when bad things start happening.

Hackers have many ways to obtain passwords. They can glean passwords simply by asking for them or by looking over the shoulders of users as they type them in. Hackers can also obtain passwords from local c...

BROWSE BY TAG Password Management and Policy,   Enterprise Identity and Access Management,   Identity Management Technology and Strategy,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Password Management and Policy Torrent phishing scheme trips up Twitter users Microsoft, security firms warn of password meltdown How to find and remove keyloggers and prevent spyware installation How to encrypt passwords using network security certificates Two-factor authentication, vigilance foil password theft Group to shed light on secure identity management threats How to determine password strength for a website Prevent password cracking with password management strategies Brute force attacks target Yahoo email accounts Best Identity and Access Management Products

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary graphical password  (SearchSecurity.com) identity access management (IAM) system  (SearchSecurity.com) identity chaos  (SearchSecurity.com) masquerade  (SearchSecurity.com) onboarding and offboarding  (SearchSecurity.com) OpenID  (WhatIs.com) salt  (SearchSecurity.com) session replay  (SearchSecurity.com) single-factor authentication (SFA)  (SearchSecurity.com) war dialer  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

omputers by using password-cracking software. To obtain passwords from across a network, hackers can use remote-cracking utilities or network analyzers.

This chapter demonstrates just how easily hackers can gather password information from your network. I outline common password vulnerabilities that exist in computer networks and describe countermeasures to help prevent these vulnerabilities from being exploited on your systems.

If you perform the tests and implement the countermeasures outlined in this chapter, you're well on your way to securing your systems' passwords.

Password Vulnerabilities
When you balance the cost of security and the value of the protected information, the combination of user ID and secret password is usually adequate. However, passwords give a false sense of security. The bad guys know this and attempt to crack passwords as a step toward breaking into computer systems.

One big problem with relying solely on passwords for information security is that more than one person can know them. Sometimes, this is intentional; often, it's not. You can't know who has a password other than the owner.

Knowing a password doesn't make someone an authorized user.

Here are the two general classifications of password vulnerabilities:

Ask the Expert: Pose your security policy and management questions to Kevin