Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

CS Passwords

Many systems rely on simple passwords for protection, which is not ideal since they can often be easily compromised, reused, or exploited by attackers. This section will examine various password-related attacks and defenses.

Password Strength

What makes a password strong? Is it its complexity, length, or the inclusion of special characters?

The comic by xkcd effectively illustrates how passwords can be compromised. Take a moment to review it, and then we can discuss further.

Note: Entropy refers to unpredictability; higher entropy means a password is more difficult to crack using standard methods.

img_password_strength

                                                 Comic from XKCD: https://xkcd.com/936/

The password Tr0ub4dor&3 adheres to many password policy requirements, including a mix of uppercase letters, numbers, special characters, and an 11-character length. However, it has several drawbacks:

  • Difficult to remember: Users may confuse characters, like the letter ‘o’ with the number ‘0’ or ‘a’ with ‘4’.
  • Hard to type: Entering a combination of letters, numbers, and symbols in a specific order can slow down typing speed.
  • Limited strength: Despite its complexity, it provides only about 28 bits of entropy, making it relatively weak.

In contrast, the password CorrectHorseBatteryStaple demonstrates significant improvements:

  • Easy to type: Regular words can be typed quickly and naturally.
  • Memorable: Creating a visual image of a horse, battery, staple, and the word “correct” enhances recall.
  • Stronger security: It offers around 44 bits of entropy, making it more resistant to password cracking.

This type of password is known as a passphrase and is generally a better practice than a complex single word. To enhance its strength further while complying with password policy rules, consider adding special characters and capital letters. Additionally, using spaces in passphrases makes them more natural to type.