Password Authentication

• Check for good passwords when they are selected. Dissallow:
  • Short passwords
  • Username appearing in password
  • Only digits
  • Only numbers
  • Words in the dictionary (uppercase, lowercase, mixed)
• Do not store the encrypted password; use the password to encrypt a known key.
• Protected the password databse to prevent dictionary attacks.
• Keep track of failed login attempts
• Even better, use variable passwords like SecureID
  

• PreviousData and Privilege Leakage
• Contents
• NextDatabase Security

 Last change: Friday, July 4, 2003 4:28 pm
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.