2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet552/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   548   549   550   551   552   553   554   555   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Password Phrases 
A password mechanism that is more effective than a basic password is a
passphrase

A passphrase is a string of characters similar to a password but that has unique mean-
ing to the user. As an example, a passphrase can be “I passed the CISSP exam.” Many 
authentication systems do not support spaces, so this passphrase can be modifi ed to 
“IPassedTheCISSPExam.” 
Using a passphrase has several benefi ts. It is easy to remember, and it encourages users to 
create longer passwords. Longer passwords are more diffi cult to crack using a brute-force 
tool. Encouraging users to create passphrases also helps ensure that they don’t use com-
mon, predictable passwords such as “password” and “123456.” 
Online authentication systems often impose complex rules on users requiring them to 
use a minimum number of uppercase letters, lowercase letters, numbers, and special char-
acters. One way to meet the requirements of these rules is to replace letters with characters 
or numbers. As an example, the letter
a
can be replaced with the @ character, and the letter 
i
can be replaced with the number 1. This effectively changes “IPassedTheCISSPExam” to 
“1P@ssedTheC1SSPEx@m.” 
It’s worth noting that some security experts recommend that security poli-
cies do not require users to create excessively complex or lengthy pass-
words. NIST SP 800-63B mentions how these often frustrate users and 
force them to write their passwords down or store them in nonsecure files. 
Instead of complex rules, NIST SP 800-63B suggests comparing a user’s 
password against a list of commonly known simple passwords and reject-
ing the commonly known passwords. It also recommends salting pass-
words with a random value, hashing the result, and storing the hash.


Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   548   549   550   551   552   553   554   555   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish