|

The information security threats conditioned by incorrect password selection

Authors: Sukhorukova N.A.
Published in issue: #2(31)/2019
DOI: 10.18698/2541-8009-2019-2-444


Category: Informatics, Computer Engineering and Control | Chapter: Methods and Systems of Information Protection, Information Security

Keywords: information protection, information security threats, password compromise, password cracking methods, password entropy, password resistance, password rating, password selection
Published: 15.02.2019

Nowadays, the protection of information, processed in computer networks against hacking and embezzlement, is very relevant. One of the most common ways to obtain unauthorized access to information, is password cracking. The article describes the history of the passwords use in the protection of computer data, methods of their hacking and the password resistance to hacking. It is shown that the password stability is determined not only by its length, but also by such factors as the power of the alphabet, used for its creation, the frequency of changing passwords, the logical “unpredictability” of a password (i.e. the rejection of the use of frequently used words and shortcuts). The password vulnerabilities due to incorrect user actions during passwords creation, were analyzed. The recommendations were formulated on the basis of this analysis, that allow to counter the threats of information security caused by password compromise.


References

[1] TsB otsenil potentsial’nyy ushcherb bankov ot deystviy khakerov v 2017 godu [Central bank estimated expected bank losses from hacker actions in 2017]. Rbc.ru: website (in Russ.). URL: https://www.rbc.ru/finances/16/02/2018/5a869b6c9a794738db5d10da (accessed: 05.11.2018).

[2] Ushcherb ot khakerov za 2017 god otsenili v 172 mlrd dollarov [Estimated losses from hacker actions in 2017 are about 172 billion dollars]. dailycomm.ru: website (in Russ.). URL: http://www.dailycomm.ru/m/43911/ (accessed: 05.11.2018).

[3] A short history of the computer password. welivesecurity.com: website. URL: https://www.welivesecurity.com/2017/05/04/short-history-computer-password/ (accessed: 05.11.2018).

[4] Shcheglov A.Yu. Modeli, metody i sredstva kontrolya dostupa k resursam vychislitel’nykh system [Models, methods and means of access control to the computer systems resources]. Sankt-Petersburg, Universitet ITMO Publ., 2014 (in Russ.).

[5] Most common password cracking methods and their countermeasures. techcubers.com: website. URL: https://techcubers.com/tips-and-tricks/6-most-common-password-cracking-methods-and-their-countermeasures/ (accessed: 05.11.2018).

[6] Prostoy i nadezhnyy parol’ - kollektivnoe tvorchestvo [Simple and computer systems password: a collective art]. habr.com: website (in Russ.). URL: https://habr.com/post/118499/ (accessed: 07.11.2018).

[7] Chto takoe fishing [What is fishing?]. avast.ru: website (in Russ.). URL: https://www.avast.ru/c-phishing (accessed: 10.11.2018).

[8] Kolichestvennaya otsenka stoykosti parol’noy zashchity [Quantitative estimate of the password protection security]. cyberpedia.su: website (in Russ.). URL: https://cyberpedia.su/11x65b9.html (accessed: 10.11.2018).

[9] Khorev P.B. Metody i sredstva zashchity informatsii v komp’yuternykh sistemakh [Methods and means for information protection in computer systems]. Moscow, Akademiya Publ., 2005 (in Russ.).

[10] Tyurin K.A., Sëmin R.V. Analysis of passphrases resistance based on information entropy. Izvestiya YuFU. Tekhnicheskie nauki [Izvestiya SFedU. Engineering Sciences], 2015, no. 5(166), pp. 18–27 (in Russ.).

[11] Markov G.A. Strength metrics of password protection. Molodezhnyy nauchno-tekhnicheskiy vestnik, 2013, no. 2. URL: http://ainsnt.ru/doc/541673.html (in Russ.).

[12] Furnell S. The death of passwords: cybersecurity’s fake new. (In)Secure Magazine, 2017, no. 54, pp. 10–12. URL: https://www.helpnetsecurity.com/dl/insecure/INSECURE-Mag-54.pdf