This excerpt is from Chapter 7 Passwords in Hacking For Dummies written by Kevin Beaver and published by Wiley Publishing. Download this sample chapter on passwords here for free.
Hackers have many ways to obtain passwords. They can glean passwords simply by asking for them or by looking over the shoulders of users as they type them in. Hackers can also obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, hackers can use remote-cracking utilities or network analyzers.
This chapter demonstrates just how easily hackers can gather password information from your network. I outline common password vulnerabilities that exist in computer networks and describe countermeasures to help prevent these vulnerabilities from being exploited on your systems.
If you perform the tests and implement the countermeasures outlined in this chapter, you're well on your way to securing your systems' passwords.
When you balance the cost of security and the value of the protected information, the combination of user ID and secret password is usually adequate. However, passwords give a false sense of security. The bad guys know this and attempt to crack passwords as a step toward breaking into computer systems.
One big problem with relying solely on passwords for information security is that more than one person can know them. Sometimes, this is intentional; often, it's not. You can't know who has a password other than the owner.
Knowing a password doesn't make someone an authorized user.
Here are the two general classifications of password vulnerabilities:
Before computer networks and the Internet, the user's physical environment was an additional layer of password security. Now that most computers have network connectivity, that protection is gone.
For more related info on this topic, visit these SearchSecurity.com resources:
This was first published in May 2004