Tjp1 Task 1

1. TJP1 Task 1

1. Steven Morton

1. TJP1

1. A. Rationale

Purpose:

        At the end of my presentation, the audience will understand what makes a password strong and why password complexity is no longer enough.

Audience:

        The appropriate audience is anybody using passwords to secure web, network, or other computer accounts.

Significance:

        For many years, users have been told repeatedly that complex passwords (those utilizing uppercase and lowercase letters, special characters, and numbers) are more secure than use using plain English words. These short, complex passwords are no  longer secure when considering the advancements in password cracking and hardware. In addition, they are not user friendly. As artist Randall Munroe (2011) put it, we've spent decades training people to use passwords that are difficult to remember and easy for computers to crack. The solution is longer, less complex passwords – the length makes them less vulnerable to cracking efforts and the lowered complexity makes them easier for people to remember them.

1. B. Presentation Plan

        These days the average person has a ton of information in the cloud. With the phone in my pocket I can check my email, catch up with friends on Facebook, pay my car insurance, find out the balance in my bank account and much more. And we use passwords to secure all of those accounts. Having a weak password is like leaving the front door of your house unlocked while you go to get groceries. Strong passwords are essential in this day and age and what constitutes strength is evolving. For many years, experts have relied on the idea of complex passwords – those utilizing a mix of upper and lowercase letters, numbers and special characters. Unfortunately, these have always been hard to remember and are increasingly susceptible to cracking. Research has shown that longer passwords are more secure, even if they are less complex (and thus easier to remember.)

        By the late 90s, nefarious folks were starting to use things like dictionary and brute-force attacks to help them crack passwords. In a dictionary attack, common words are placed into a database and encrypted in the ways that passwords normally are. Then the cracking software can compare the passwords that it is trying to crack to the list in the database. Brute force attacks systematically compare passwords to every permutation of letter, number and character in existence.  As seen in this image from Thomas Baekdal (2007) this served to drastically reduce the amount of time needed to crack many passwords.