next. Let's look at password cracking.
how do militias Attackers figure out? Uses passwords?
Well, they can try variety of techniques.
A brute force attack says. Just try every possible combination of characters until you hit on the right one
Instead of just trying random characters, try words in the dictionary and obvious permutations.
Now, if you look at those two examples,
uppercase P at SS W. Zero RD might seem like a really clever password
because it's fairly easy to remember.
But the AI is replaced by
he always replaced by zero.
So you have a what's called a complex password. There's also an uppercase P and lower case letters in there,
but unfortunately, that's a very common combination that people come up with.
So that wouldn't be a good idea for a password.
Well, look, att Hello, one
that attempts to be a complex password because it has both letters and a number in it.
But frequently, when people add a number into their password, it is the number one
on the first part of it is a word in the dictionary, so that's not particularly clever either.
Another way hackers can get two passwords is to look to see if users have written it down somewhere.
So if a malicious user gets to your desk, for example,
they could look around on the desk, See if you Britain the password, like I said, you know, somewhere not very obvious, like under the keyboard, onto the mouse mat or in your top drawer, or even stuck up on the monitor or left lying around on a piece of paper.
So to guard against possible attacks,
users should be forced through policy to choose complex passwords. And by complex, we mean a mixture of lower case uppercase nono, non alphanumeric characters and numbers.
We should ensure users do not use names
people often tempted to use the name of their spouse there partner
their child, their pet,
their favorite movie star. And so on,
Um, or any words in the dictionary
do not use the same password for multiple. Resource is this is a very common problem now because
were now expected to log on to hundreds of different websites in the normal course of activity,
and you have to supposedly coming up with a different password for each website and each resource you connect to.
Problem is, of course, if somebody discovers your password,
they now have access to everything that uses that password.
So it's a good practice to have unique passwords for everything you connect to.
And finally never write down your password or disclose your password to anyone else.