Password
 

[B][SIZE="4"]WHAT ARE PASSWORDS?[/SIZE][/B]

[B]Passwords are strings of characters used to authenticate computer system users.


Computer users are normally asked to enter their username (or login name) and their password (or pass phrase) before they are give access to a system.

If the person knows the username and the password, the computer systems trusts that they are the account owner and grants them access to their data.[/B]
[B][SIZE="4"]Selecting a good password[/SIZE][/B]

[B]Choosing a good password is critical for personal security, requiring password crackers to take additional time and resources to get access to your personal information and computer credentials. A poor password creates a false sense of security, and may endanger your personal information, access to computer resources, or even allow another individual to spawn attacks and viruses using your personal credentials[/B]

[B][SIZE="4"][COLOR="DarkOrchid"]Password Construction[/COLOR][/SIZE][/B]

[B]Password crackers have many tools at their disposal to cut down the amount of time it takes to crack your password. Selecting a secure password will help to ensure that the password cracker must take as much time as possible to guess or otherwise identify your password. No password is ultimately secure, but if it takes the password cracker longer to crack the password than it takes for the password to become useless, you will have succeeded in thwarting the cracker's attack.

[U][SIZE="4"]Insecure methods[/SIZE][/U]

Passwords should not be created using personal information about yourself or your family. A password cracker with incentive to break your personal password will use this information first, making these passwords the least secure passwords. Examples of bad passwords of this type are: your name, birthplace, nickname, family name, names of pets, street address, parents names, names of siblings and the like.


Passwords should not be formed of words out of any dictionary or book. Longer words do not generally add much protection. Using known words in any language allows the password cracker to take shortcuts in his password cracking schemes, allowing him to guess your password in a very small fraction of the time it would take otherwise. Examples of bad passwords of this type are: dragon, secret, cheese, god, love, sex, life and similar words.


Passwords should not be composed of proper nouns of places, ideas, or people. These words are commonly found in password cracker databases. Examples are: Jehovah, Tylenol, edutainment, Coolio, beesknees, transformers.


Passwords should not be simple variations of words. Although these passwords don't appear in a book or dictionary, it is a simple matter to generate a replacement word list automatically. These passwords are more secure than the above two examples, but not significantly more secure. Examples of passwords of this type are drowssap, l0ve, s3cr3t, dr@gon, and similar word-like terms.
Passwords should not be a concatenation of two words commonly following each other in a sentence. These passwords are more secure than the above password concepts, but still fall far short for password security. Examples of these kinds of passwords are: whatfor, divineright, bigpig, ilove, farfetched, catspajamas.


Do not reuse recently employed passwords again. If you find it difficult to pick a new password, you should wait until you changed you password at least 5 times before reusing an old password, or 12 months if password changes are common.

[SIZE="4"]Secure methods[/SIZE]

Always change your password immediately if you feel that your password has been compromised. Always do this directly. Never follow links sent to you in email, through an instant messenger client, or from a phone call you received. Ask for administrative assistance if you have trouble changing your password.


Do not write your password down where others may find it. If you must write it down, ensure it is in a locked location that is only accessible to you. Hiding your password in places you feel it is unlikely to be found is not helpful. Password crackers have a criminal mind, and generally know where to look.


It is important that you change your password on a regular schedule, at least every six months. This assists you by throwing off any cracking efforts that might be in progress, but have not yet been completed. It also helps you if somehow you have compromised your password in some other way without knowing it.


Select passwords that use a mixture of capital letters, numbers, and special characters. Take heed however, some systems do not allow you to use some or any special characters. Make sure you check the password criteria for the system you are using ahead of time, if possible.


Use substitution of numbers for letters and letters for numbers in your passwords. Although this is not a primary method of securing your password, it will add another layer of security on top of a good password, and will prevent the accidental guess of your password due to circumstances.


Where it is not possible to use many characters in your password (less than 14), it is advisable to create a password by creating a passphrase, and selecting letters in a specific position in each word. An example of this is "jJjshnImn2". As you notice, it's unlikely that any cracker would guess this password; however, it is easy to remember when you note the passphrase "John Jacob Jingleheimer Schmidt, his name is my name too". Notice the use of number substitution and capitalization in the password.


The best passwords are complete phrases if the system will allow them. They are sometimes called "passphrases" in reflection of this. For example, a good passphrase might be "I clean my Glock in the dishwasher." You can also use number and letter substitution on passphrases as well. Longer passphrases generally mean better password security.

[SIZE="4"]Password Secrecy[/SIZE]

Passwords are useless if they are distributed to other than to their intended users. Below is a list of methods to keep your passwords private.


If you have a large number of passwords to remember, or you don't feel you can remember important ones, you can use your computer to assist you in the storage of passwords. You can encrypt your password list with an acceptable master password using reliable encryption software. Many password managers are available for this purpose. For experienced users Gnu Privacy Guard and Pretty Good Privacy are free for individual use. Ensure you know how to use encryption properly; improper use of encryption technologies may defeat the whole purpose of using encryption in the first place. Seek help from an encryption expert, or purchase commercial encryption software if understanding is not forthcoming. Do not store your encrypted passwords, or your encryption keys, somewhere that another person may gain access to them.
Refrain from using the same password on multiple systems, especially systems that do not serve the same function. Never use passwords you use on Internet forums, games, websites, or otherwise for any important password. It is trivial for the owners of these systems to extract your passwords if they are willing.


Never tell another a password through e-mail, instant messenger clients, chat rooms, forums or other shared environments. These conversations are almost never entirely private. Do not tell someone your passwords over a cell phone or cordless telephone, as these are insecure mediums for conversation, and may easily be monitored. If you must tell someone a password over a telephone land line, make sure the party you are speaking with is the only listener. You may want to validate that additional parties are not listening in by calling the original party on a number you know is owned by them.


Do not use shared passwords unless it is entirely unavoidable. Passwords shared between multiple users prevents the determination of which user performed which actions.

Of course, never tell your passwords to anyone. Once you tell someone else your password, you no longer have control over the scope of password knowledge. If you absolutely must share your account access to a computer system, change the password to a new password first before sharing it, and then change the password back to its original form once the other users are done performing the necessary efforts.
[/B]

[B][COLOR="DarkOrchid"]How do I Find Stored Passwords on My Computer?[/COLOR][/B]

[B][COLOR="MediumTurquoise"]Many programs prompt you to save passwords on the computer. These range from browsers such as IE and Firefox to instant messengers such as Windows Live Messenger. Often, you may want to recover passwords that were lost because of forgetfulness, or because a co-worker left.

[B][U][COLOR="DarkOrchid"]Recovering passwords from Firefox 3.0[/COLOR][/U][/B]
Go to the security tab in the options/preferences window. This window is usually accessed through the tools menu.
Click on the Saved Passwords button in the middle of the window.
Here you'll see all stored passwords listed along with the corresponding website names. Click "Show Passwords" to see the passwords.
Confirm the warning dialog that appears.


[/COLOR][/B]

[B][COLOR="Red"]How can I Change my NT Administrator Password?[/COLOR][/B]

[B]To change a local NT password, such as an NT Administrator password, follow these steps:

Open the <Start Menu>
Open the <Control Panel>
Open <User Accounts>
Click <Change an Account>
Select the account you wish to change
Click <Change the password>
Enter the new password
Enter the new password again
Enter a word or a phrase to use as a password hint
These instructions only work if you know your current Windows NT Adminstrator password
[/B]

If you forget your user password than.

1. Restart Computer.
2. Press F8 immediately after boot.
3. Click on Administrator's account
4. Open the <Control Panel>
5. Open <User Accounts>
6. Click <Remove password>
7. Enter the new password
8. Enter the new password again.

and proper Restart Your P.C from Start Menu.

wassim