Question Of The Week

• Explanation

Passwords authenticate users and prevent unauthorized access to systems and data. Weak passwords provide inadequate protection against computer password cracking.

Easy passwords to crack are those that:

• Are short (ie, 10 characters or fewer)
• Use personal information such as names (eg, relatives) and dates (eg, birthdays)
• Use whole words (eg, dictionary words, foreign words)
• Use keyboard patterns (eg, QWERTY, 098765)
• Use common substitutions (eg, "SL33P")

Using dictionary words makes the password susceptible to brute-force password-hacking software. This software typically uses dictionaries, words from foreign languages, and character substitution lists (eg, replacing "a" with a "@") to crack passwords.

(Choices A, C, and D) Protocols for strong passwords encourage the use of random, mixed-case letters, numbers, and symbols (eg, "%" or "!"). A multiword phrase (ie, passphrase), composed of multiple words in the form of a statement should be used instead of a password composed of a single word. Passphrases are difficult to crack but easy to remember (eg, "The school bus will be here @ 4 P.M."). A passphrase may include dictionary words because it is typically a statement whose complexity and length make it difficult to crack.

Things to remember:
Elements of a strong password include substantial length; random, mixed-case letters and numbers; and symbols. A password should not use dictionary words, which are easily cracked by computer hacking programs. Using a passphrase that incorporates all elements of a strong password is recommended.

Lecture References :

• AUD 10.02 : Understanding an entity’s controls: Control environment, IT general controls, and entity-level controls