Monthly Password Reset
Dictionary Attacks: dictionary attacks are getting more complicated, and they can guess based on probability. Historically admins fought back against dictionary attacks for enforcing password complication.
Shoulder Surfing: somebody can spy over you as you type in your password
Guessing: somebody can guess the password based what they know about you
Loss: when somebody forgets their password and has to reset it
Snooping: either intercepting via email or the user making a mistake during a presentation
Exposure: accident or unintended behavior results in release of the password
Inference: the user or organization has a set pattern that the attacker can ‘infer’
Disclosure: the user active telling other people their password, such as manager’s telling their admins their passwords.
- Run a password cracking program against your own users passwords.
- Increase computational overhead for cracking passwords, like salting.
- User awareness training!
Future password possibilities?
Graphical/Image Based Passwords – Alternative to Text Based passwords.