Passwords, Vulnerabilities, and Exploits

This chapter discuses what makes a good password, and how to crack bad ones. Passwords, pass phrases, and PINs are common methods of authenticating a user to confirm his or her identity, before the user is given access to systems. A secure client operating system such as Windows XP or Windows Vista requires an interactive logon with a valid account name and password to access the operating system. These systems allow users to “lock” the workstation when they are going to be away from it, so someone else cannot just step up and start using the computer. Other systems, such as Web servers, applications, and other software, also use passwords to control access to systems. To enhance security, passwords can be used with other authentication factors. Even if a password was compromised, authentication devices such as smart card readers, fingerprint scanners, retinal and iris scanners, and voice analysis devices will prevent unauthorized access. These require the user to prove his or her identity in other ways, such as through possession of a card or through characteristics and features unique to that person. Even in the most secure settings, weak links in a chain will exist. This can be the people who work there, and are vulnerable to social engineering techniques, or vulnerabilities in the software that is used and can be exploited by hackers and malicious programs.