Question

QUESTION 6 – CASE STUDY II [5+5+5+5+5 = 25 Marks] Reusable Passwords Case study adapted from: [Brooks hear. ICT Services Management (Custom Edition EBook), Pearson Education Australia, 2015. ProQuest Ebook Central, http://ebookcentral.proquest.com] Reusable Passwords The most common authentication credential is the reusable password, which is a string of characters that a user types to gain access to the resources associated with a certain username (account) on a computer. These are called reusable passwords because the user types the password each time he or she needs access to the resource. Unfortunately, the reusable password is the weakest form of authentication, and it is appropriate only for the least sensitive assets. Ease of Use and Low Cost: The popularity of password authentication is hardly surprising. For users, passwords are familiar and relatively easy to use. For corporate IT departments, passwords add no cost because operating systems and many applications have built-in password authentication. Dictionary Attacks The main problem with passwords is that most users pick very weak passwords. To break into a host by guessing and trying passwords, hackers often use password dictionaries. These are lists of passwords likely to succeed. Running through a password dictionary to see if a password is accepted for a username is called a dictionary attack. Password dictionaries typically have three types of entries: a list of common password, the words in standard dictionaries, and hybrid versions of words such as capitalizing the first letter and adding a digit at the end. If a password is in one of these dictionaries, the attacker may have to try a few thousand passwords, but this will only take seconds. No password that is in a cracker dictionary is adequately strong, no matter how long it is. Fortunately, good passwords cannot be broken by dictionary attacks. Good passwords have two characteristics. First, they are complex. It is essential to have a mix of upper and lower case letters that does not have a regular pattern such as alternating uppercase letters lowercase letters. It is also good— and some would say necessary— to include non-letter keyboard characters such as the digits (0 through 9) and other special characters (&, #./,?, etc.). If a password is complex, it can only be cracked by a brute-force attack, in which the cracker first tries all combinations of one character passwords, all combinations of two-character passwords, and so forth, until the attacker finds one that works. Complexity is not enough, however. Complex passwords must also be long. For short complex passwords, brute force attacks will still succeed. Beyond about 10 or 12 characters, however, there are too many combinations to try in a reasonable period of time. Overall, while long complex passwords can defeat determined attacks, most users select passwords that can be cracked with dictionary attacks. Reusable passwords are no longer appropriate in an era when password cracking programs can reveal most passwords in seconds or minutes. Passwords are only useful for non-sensitive assets. BN206 - System Administration and Management - Final Assessment Trimester 2, 2020 Page 8 of 10 Answer the following questions:

1. Discuss and explain the types of passwords are susceptible to dictionary attacks? [5 marks]

2. Can a password that can be broken by a dictionary attack be adequately strong if it is very long? Justify your answer. [5 marks]

3. Explain the types of passwords can be broken only by brute-force attacks. [5 marks]

4. What are the characteristics of passwords that are safe from even brute-force attacks? [5 marks]

5. Discuss why is it undesirable to use reusable passwords for anything but the least sensitive assets. [5 marks]

Answer 1

Anwser of 1 Question

Words which can be easily present in the Dictionary are susceptible to dictionary attacks.A dictionary attack is based on trying all the strings in a pre-arranged listing. Such attacks originally used words one would find in a dictionary thats why it is called dictionary attack however, now there are much larger lists available on the open Internet that contain hundreds of millions of passwords recovered from past data breaches.

Anwser of 2 Question

If a Password is broken by a dictionary Attack wheather it is long or short it is not a Strong Password .To make a Password Strong password must contain a mix of uppercase and lowercase letter with a number from range(0-9) and other signs like @#$%.

Anwser Of 3 Question

Brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.In this Attack passwords are crack which are related to organization and which also may contain numbers and other symbol in the password and Guessing is done to find the correct password.  .

Answer of 4 Question

Use different character sets: As a user, you should use a long password with a combination of uppercase and lowercase alphabets, numbers, and special symbols.

Answer of 5 Question

It is undesirable to use reusable passwords for anything because user made passwords are generally weak they can be cracked by the hacker using different methods like dictionary attack or bruteforce method.User make passwords which are easy to remember which does not contain that much upper case or lowercase letter and the length of the password is also small hence it can be easily cracked by hacker.