> >

Password protection of personal data. Protecting data using a password Protecting data using a computer

Greetings to everyone who watches this video!
This is not my first article, but in the field of user education not to do stupid things, the first.

In this video and the text of the article, I will tell and show what should be done and what should not be done when entering a password, or choosing it.

Passwords are different, someone keeps them in their head, someone writes them down on a piece of paper, someone in text documents.
Keeping passwords in your head means the following:
passwords will be:
1. small length;
2. the same on different resources,
and therefore if you register at the mail, and then in the chat, then the person after the chat is hacked will have access to your mail, which is not good ...

store passwords on paper, the same is not an option, although it is better than the first, but since we are moving away even from books on paper,

electronic media, I suggest storing passwords in text form.

This method also has disadvantages as well as advantages.
Disadvantage: an attacker gaining access to your password file will know all the resources and can gain access on your behalf.

Advantages: getting access to resources (third-party is more difficult) since you can create complex passwords and not be afraid to forget them
Can be improved this method, remembering 1 complex 10-digit password or more,
and just use it to decrypt a password-protected archive with passwords.
I'll show you later...

And now I'll show you how difficult it can be to decrypt a normal password.

At present, quite a lot of encryption algorithms have been invented. The most popular in my opinion is MD5 and its modifications.

Let's take, for example, different passwords and their hashes, and try to decrypt, and clearly see how long it will take.

And so, now we will decipher and look at the time ...

first we will use only numbers, and then increase the complexity ...

Fractions of a second...
Same…
The same, but we know that the password contains only numbers, and if it contained signs, it would take much more time ...
Next password...
The password was not found by numbers ... let's connect the characters ... lowercase ...
added 1 character (not a number and that's how it made the process more difficult)
On a rather not weak machine, a password of 8 characters using upper and lower case letters will take a very, very long time to decrypt, and this is provided that MD5 is not modified ...
It’s a pity that not every site / service / server can use additional characters ...

Attention to the screen, that's how they use them would complicate the process of direct enumeration ...
With their use, the password is practically not vulnerable, unless, of course, supercomputers are used to decrypt it.

And as promised, I show how you can store passwords for accessing resources knowing one password:

Of course, such a password is difficult to remember, so we will simplify it a bit ... a little later
w1W4W5a$4PYi

By using this password, your passwords will be safe.
You can shorten it, as I said, to 10 characters ... Well, or so ...
It’s easier to remember, in fact, like hacking, but I don’t think that your passwords will be hacked on purpose
Oh, and the name of the file "Passwords" will attract attention, so change the name to something less catchy ...

That's actually all!

What are the requirements for the organization of password protection of information in educational institution?

Organizational and technical support for the processes of using, changing and terminating passwords, as well as controlling the work with passwords in an educational institution, it is advisable to entrust the system administrator.

Personal passwords it is desirable to generate and distribute centrally. However, users of the information system can choose them independently, taking into account the following requirements:

  1. password length must be at least 8 characters;
  2. letters must be present among the characters (in the upper and lower case) and numbers;
  3. the password should not contain easily calculated combinations of characters (names, surnames, well-known names, slang words, etc.), sequences of characters and characters, common abbreviations, abbreviations, pet names, car numbers, phone numbers and other combinations of letters and characters, which can be guessed based on information about the user;
  4. The user has no right to disclose his personal password to anyone.

If the formation of personal user passwords is carried out centrally, the responsibility for their correctness rests with system administrator educational institution.

If there is a technological need to use the employee's password in his absence, it is recommended to change the password as soon as possible and transfer it to the person responsible for information security in a sealed envelope. Sealed envelopes with passwords must be kept in a safe.

In case of termination of the user's authority (dismissal, transfer to another job, etc.) System Administrator must delete his account immediately after the end of the last session with information system.

An urgent (unscheduled) change of passwords should be made in the event of termination of the powers of information system administrators and other employees who have been granted the powers to manage password protection.

In an educational institution, it is recommended to develop instructions for organizing password protection of information, with which password owners should be familiarized with signature. The instructions must define security measures, the observance of which will prevent information leakage. We present a possible formulation.
It is forbidden to write down passwords on paper, in a file and other media. When entering a password, the user does not have to say it out loud.

It is forbidden to tell other users your personal password and register them in the system under your own password.
Storing the password on paper is allowed only in the safe.

Password owners should be warned about the responsibility for using passwords that do not meet institutional requirements, as well as for disclosing password information.

official source

How is monitoring carried out? information security automated systems processing personal data in an educational institution? Monitoring of the performance of hardware components of automated systems that process personal data is carried out in the process of their administration and during equipment maintenance work. The most essential components of the system (servers, active network hardware) should be constantly monitored as part of the work of the administrators of the respective systems.

Password protection monitoring provides for: setting password expiration dates (no more than 3 months); periodic (at least once a month) check of user passwords for the number of characters and evidence in order to identify weak passwords that are easy to guess or decrypt using specialized software tools(password crackers).

Integrity monitoring software includes the following steps:

  1. verification of checksums and digital signatures of catalogs and files of certified software during download operating system;
  2. detection of duplicate user IDs;
  3. recovery system files system administrators with backups if the checksums do not match.

Prevention and timely detection of unauthorized access attempts is carried out using the means of the operating system and special software and provides for:

  1. fixing failed login attempts system log;
  2. logging of network services;
  3. detection of the facts of scanning a certain range of network ports in short periods of time in order to detect network analyzers that study the system and identify its vulnerabilities.

Performance monitoring of automated systems processing personal data is carried out at the request of users, in the course of system administration and preventive maintenance to detect unauthorized access attempts that have led to a significant decrease in system performance.

Systemic audit produced quarterly and special situations. It includes conducting security reviews, system testing, control of changes to system software.

official source

  • Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (as amended on July 25, 2011)
  • Regulation on ensuring the security of personal data during their processing in personal data information systems, approved. Decree of the Government of the Russian Federation of November 17, 2007 No. 781
  • Regulations on methods and ways of protecting information in information systems of personal data, approved. by order of the FSTEC dated 05.02.2010 No. 58

Article author

Elizaveta Kompaniets, student of MBOU secondary school No. 28, 11th grade A

Goals

What is the password history?

How do passwords protect data on computers and drives?

How do hackers crack passwords?

How to make a password resistant to cracking?

Hypothesis

The password is the most accepted and therefore the most commonly used means of authentication based on the knowledge of the accessing subjects.

Data protection using a computer

Password history

Password(French parole - word) is a secret word or set of characters designed to confirm identity or authority. Passwords are often used to protect information from unauthorized access. In most computing systems, a username-password combination is used to authenticate a user. Passwords have been used since ancient times.

Polybius describes the use of passwords in ancient Rome as follows:

The way in which they ensure safe passage at night is as follows: from ten maniples of each branch of infantry and cavalry, which is located at the bottom of the street, the commander chooses who is exempt from guard duty, and he goes every night to the tribune, and receives from his password - a wooden tablet with the word. He returns to his unit, and then passes with a password and a sign to the next commander, who in turn passes the sign to the next.

Passwords are used to prevent unauthorized access to data stored on the computer. The computer allows access to its resources only to those users who are registered and have entered the correct password. Each user can only be allowed access to certain information resources. In this case, all unauthorized access attempts can be logged.

Computer access protection.

Protection of user settings is available in the operating system Windows (when the system boots, the user must enter his password), but this protection is easily overcome, since the user can refuse to enter a password. Password login can be set in the program BIOS Setup , the computer will not start loading the operating system unless the correct password is entered. It is not easy to overcome such protection, moreover, there will be serious data access problems if the user forgets this password.

Disk data protection.

Every drive, folder and file local computer, as well as a computer connected to local network, can be protected from unauthorized access. Certain access rights can be set for them (full, read only, by password), and the rights can be different for different users.

Cracking computer passwords

Password cracking is one of the most common types of attacks on Information Systems that use password or username/password authentication. The essence of the attack is reduced to the intruder taking possession of the password of a user who has the right to enter the system. The attractiveness of the attack for an attacker is that if he successfully obtains a password, he is guaranteed to receive all the rights of the user whose account was compromised, and in addition, logging in under an existing account usually causes less suspicion among system administrators. Technically, the attack can be implemented in two ways: by multiple attempts of direct authentication in the system, or by analyzing password hashes obtained in another way, for example, by intercepting traffic. In this case, the following approaches can be used:

Direct override. Enumeration of all possible combinations of characters allowed in the password. For example, the password “qwerty” is often cracked, since it is very easy to pick it up by the first keys on the keyboard.

Dictionary selection. The method is based on the assumption that the password uses existing words any language or a combination of them.

Method of social engineering. Based on the assumption that the user used personal information as a password, such as his first or last name, date of birth, etc. Eg. Vasya Pupkin, born December 31, 1999 often has a password like "vp31121999" or "vp991231". Many tools have been developed to carry out the attack, for example, John the Ripper.

Password strength criteria

Based on the approaches to conducting an attack, it is possible to formulate criteria for the strength of a password to it. The password should not be too short, as this makes it easier to brute-force it. The most common minimum length is eight characters. For the same reason, it should not consist of only numbers.

The password should not be a dictionary word or a simple combination of them, this simplifies its selection from a dictionary.

The password should not consist only of public information about the user.

As a recommendation for compiling a password, one can name the use of a combination of words with numbers and special characters(#, $, *, etc.), use of less common or non-existent words, adherence to the minimum length.

Conclusion

Passwords have been in use since the early days of their creation to this day. They successfully help us protect information from unauthorized access.

In today's world, more and more personal data gets on the Internet. Among them are various financial services and applications. This data must be under reliable protection.

You yourself protect your own data using various passwords, on which the security of various accounts depends. So how do you make your password easy to remember and hard to crack?

Common Mistakes

Many users around the world do not pay much attention to the selection secure password, thanks to which they become victims of Internet scammers who hack into their accounts with 5-6 attempts. For many years, users have been using the simplest combinations - 1234567, 12345554321, 1q2w3e4r5t6y - thereby exposing themselves to the threat of hacking.

Most cybersecurity experts point to two main criteria for a secure password - complexity and length. In their opinion, when creating a password, you need to use a long combination using various characters - numbers, letters, symbols, punctuation marks.

How to create passwords correctly

  • Use more than 8 characters
  • For each account use your unique password, because if you use the same password on all accounts, if one of them is hacked, the scammer will be able to open other accounts as well
  • Passwords should be changed periodically - at least once every 3 months. To do this, set an automatic reminder so as not to forget about such an important procedure.
  • A variety of characters in a password is a guarantee of reliability. But do not use the recent replacements of letters with numbers or symbols, for example, "FOR" with "4".
  • Use the full range of characters available on the keyboard

Also, do not forget - passwords must be stored in a place to which only you have access.

As much as possible, avoid using in creating passwords:

  • Vocabulary words in any language
  • Repetitions or characters placed consecutively one after another. For example: 1234567, 55555, abc where, etc.
  • Passwords using personal data: full name, date of birth, serial numbers documents and so on.

In general, take password creation very seriously, as your financial well-being or reputation may depend on what they protect.

A computer
The most interesting:
How to connect the printer via LAN
Instagram self-promotion tools
How to make money on Glopart