Passwords are often sought after by hackers because they are the gateway to data, systems and networks. Security breaches by hacktivist groups LulzSec and Anonymous often resulted in the release of passwords, which then provides the opportunity to snag other sensitive data like credit card information.
Therefore, a strong knowledge of password management is important in keeping information secure. These 10 questions will test your password acumen.
After taking the quiz, you can find more information on password management on our site, including The Computer Guy’s PowerPoint on Protecting Your Passwords. In addition, our SMB Blogger Paul Mah has come up with five pointers about password management that all employees should know about. Remember, your efforts to secure your data may all be for naught if your end users don’t have the proper training.
Click through for 10 questions that will test your password acumen, and get more information on password management.
Answer: False – Reusing passwords for multiple accounts is a bad idea. A better idea would be to have different sets of passwords for personal and work accounts.
Answer: D — Never write down your passwords. You wouldn’t write down your PIN number for your ATM card, would you?
Answer: True – Putting personal information, like your birth date, username or any part of your Social Security number, in your password simply makes work easier for hackers. The point of a password is to protect such information.
Answer: B – With the mnemonic method, explains NIST, “a user selects a phrase and extracts a letter of each word in the phrase (e.g., the first letter or second letter of each word), adding numbers or special characters or both … many mnemonic passwords are still susceptible to brute force guessing attacks. Common phrases converted into mnemonic passwords, without using unusual character substitutions or other alterations, can be guessed. Users that create mnemonic passwords should either avoid using common phrases, making up their own phrases instead, or should make significant unexpected changes to the passwords, such as changing capitalization and punctuation and spelling out one or more of the words.”
Answer: A – According to NIST, password synchronization “reduces the number of passwords that users need to remember,” thereby allowing them to select stronger passwords and remember them more easily. However, “because password synchronization causes the same password to be used for many resources … the compromise of any one instance of the password compromises them all.”
Answer: B – Phishing scams use a variety of lures disguised as legitimate emails from reputable companies in an attempt to snag personal information, including the promises of money or the restoration of a supposedly hijacked or closed account. As always, users should be wary of unsolicited emails.
Answer: A – According to Lockdown, a fast PC could decipher a six-character password that includes a mixture of upper- and lowercase letters and numbers in 1 ½ hours. In contrast, an eight-character password would take 253 days to crack.
Answer: C – Transmitting cryptographic password hashes instead of plaintext passwords can reduce the possibility of sniffing. An attacker that gains access to hashes cannot determine the corresponding passwords directly from the hashes and must use cracking techniques to attempt to recover the passwords.
Answer: B – A solution should be implemented that prevents the use of shared local account passwords across many systems. Says NIST: “If a single machine is compromised, an attacker may be able to recover the password and use it to gain access to all other machines that use the shared password.” One solution is to use “randomly generated passwords, unique to each machine, and a central password database that is used to keep track of local passwords on client machines … Another solution to management of local account passwords is to generate passwords based on system characteristics such as machine name or media access control (MAC) address.”
Answer: D – NIST explains: “Password management software is a utility that allows a user to store usernames, passwords, and other small pieces of sensitive information, such as account numbers. Password management software can greatly reduce the number of passwords that users have to remember.” However, password management software cannot counteract all threats against passwords. “For example, if a computer is compromised, such as by malicious code, then a keystroke logger or other malicious means could be used by an attacker to gain access to the password management software and the passwords it is intended to protect.”
Congratulations! Perhaps you found this quiz rather easy. In that case, keep up the good work! If you struggled with some of the questions, beef up your password knowledge with documents from our site like the Enterprise Password Management Guide from the National Institutes of Standards and Technology.
Make sure you educate your end users on the appropriate use of passwords with a clearly worded password policy. You can find a Sample Password Policy from The Computer Guy on the IT Downloads section of IT Business Edge. Also, be sure to check out the Password Policy Template from our partners at Info-Tech.