MUST HAVE PASSWORD POLICIES - Hack-X-Crypt A Straight Forward Guide Towards Ethical Hacking And Cyber Security (2015)

Hack-X-Crypt A Straight Forward Guide Towards Ethical Hacking And Cyber Security (2015)

MUST HAVE PASSWORD POLICIES

PASSWORD CREATING POLICIES

As an ethical hacker, you should show users the importance of securing their passwords. Here are some tips on how to do that:

· Demonstrate how to create secure passwords:-generally people use to create their passwords using only words, which can be less secure.

Show what can happen when weak passwords are used or passwords are shared.
· Diligently build user awareness of social engineering attacks:Encourage the use of a strong password-creation policy that includes the following criteria:
· Use punctuation characters to separate words.

· Use upperand lowercase letters, special characters, and numbers.
· Never use only numbers. Such passwords can be cracked quickly.

·Change passwords every 15 to 30 days or immediately if they’re suspected of being compromised.

· Use different passwords for each system. This is especially important for network infrastructure hosts, such as servers, firewalls, and routers.
It’s okay to use similar passwords — just make them slightly different for each type of system, such as wweraw777-Win7 for Windows systems and wweraw453 for Linux systems.

· Use variable-length passwords. This trick can throw off attackers because they won’t know the required minimum or maximum length of Passwords and must try all password length combinations.

·Don’t use common slang words or words that are in a dictionary.

· Don’t rely completely on similar-looking characters, such as 3 instead of E, 5 instead of S, or ! Instead of 1. Password-cracking programs can for this.

· Use password-protected screen savers. Unlocked screens are a great way for systems to be compromised even if their hard drives are encrypted.

·Don’t reuse the same password within at least four to five password changes.
·Don’t share passwords. To each his or her own!

· Avoid storing user passwords in an unsecured central location, such as an unprotected spreadsheet on a hard drive. This is an invitation for disaster. Use Password Safe or a similar program to store user passwords.