-
Notifications
You must be signed in to change notification settings - Fork 0
/
doc.html
108 lines (100 loc) · 4.6 KB
/
doc.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width">
<title>Your eRaksha Guide</title>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body id="bg">
<div id="topnav" style="padding: 8px;">
<a href="contact.html">Contact</a>
<a href="about.html">About</a>
<a class="active" href="doc.html">Documentation</a>
<a href="index.html">Home</a>
</div>
<article>
<h1>
Password Management and Protection
</h1>
<section>
<p>
A strong password is one that is more secure by virtue of being difficult for a machine or a human to guess. Password strength can be achieved by incorporating the following characteristics; the more characteristics you incorporate into your password, the stronger it will be.
</p>
<p>
Examples of weak passwords
~ Any word that can be found in a dictionary, in any language (e.g., airplane or aeroplano).</p>
<p>~ A dictionary word with some letters simply replaced by numbers (e.g., a1rplan3 or aer0plan0).</p>
<p>~ repeating or sequential digits (e.g., AAAAA or 12345).</p>
<p>~ A keyboard series of characters (e.g., qwerty or poiuy).</p>
<p>~ Personal information (e.g., birthdays, names of pets or friends, Social Security number, addresses).</p>
<p>~ Anything that’s written down and stored somewhere near your computer.</p>
<p>
</p>
</section>
<section>
<h2>
Technical Advice by experts:
</h2>
<p>
~ Avoid using the same password for multiple accounts
</p>
<p>
While using the same password for multiple accounts makes it easier to remember your passwords, it can also have a chain effect allowing an attacker to gain unauthorized access to multiple systems. This is particularly important when dealing with more sensitive accounts such as your Andrew account or your online banking account. These passwords should differ from the password you use for instant messaging, webmail and other web-based accounts.
</p>
<p>
~ Do not use automatic logon functionality
</p>
<p>
Using automatic logon functionality negates much of the value of using a password. If a malicious user is able to gain physical access to a system that has automatic logon configured, he or she will be able to take control of the system and access potentially sensitive information.
</p>
<p>
~ Technology should facilitate, not complicate passwords
</p>
<p>
Technologies like one-time passwords, client certificates, smart cards, and biometrics can add layers to account security. Two-factor authentication combines multiple layers of security, thereby enhancing the overall security of the system. The more critical the system, the greater number of layers of authentication it should include.
</p>
<br>
<p>
However, the traditional password still remains the primary method of user authentication. And despite the number of layers included in the system, they all generally rely on a username and password combination. When creating a password policy, administrators should focus on these three key elements:
</p>
</section>
<section>
<h2>
A few good Practices to be followed:
</h2>
<p>
~ Passwords must be prohibited from being displayed when entered.
</p>
<p>
~ Passwords must never be stored in clear, readable format (encryption must always be used).
</p>
<p>
~ Passwords must never be stored as part of a login script, program, or automated process.
</p>
<p>
~ Systems storing or providing access to confidential data or remote access to the internal network must be secured with multifactor authentication.
</p>
<p>
~ Password hashes (irreversible encoded values) must never be accessible to unauthorized individuals.
</p>
<p>
~ Where possible, salted hashes (irreversible encoded values with added randomness) should be used for password encryption.
</p>
<p>
~ In order to limit attempts at guessing passwords or compromising accounts, an account lockout policy is in effect for all systems. Account lockout thresholds and durations vary based on the type of user
</p>
<p>
~ Passwords must be changed upon suspicion or confirmation of compromise.
</p>
<p>
~ Passwords must not be reused for at least six (6) generations.
</p>
<p>
</p>
</section>
</article>
<script src="script.js">
</script>
</body>
</html>