Page 25 - GP Fall 2020
P. 25
al’ characters used in passwords making Another tactic is the salt. A salt is a segment place the salt after the third character or at
your password even more robust against a that is inserted into a password. For exam- the end of each password.
password guessing attack. There are many ple, inserting a four-digit pin into any pass-
websites offering advice on how to make se- word you create. This completely adds an- Owners must recognize the increased man-
16
cure passwords. other level of complexity to your passwords agement responsibilities that computer net-
15
and even further resists password guessing works carry. System ownership requires
To be sure, remembering passwords is trou- and rainbow table attacks. However, if policies to regulate usage, proper configu-
17
blesome and many people resort to writing you consider writing your passwords pass- ration and patching, and putting the tools
them down, which defeats the purpose. One words, never write the pin. This allows you in place that protect against intrusion. This
option is to use a password phrase and ini- the convenience of writing passwords with- must include employee and user education
tialism as in the example above. out the complete password memorialized. to decrease the likelihood of intrusion due
Figure 5
From: www.howsecureismypassword.net You can decide, for example, to always to human factors.
References
1. https://www.pcmag.com/news/ransomware-
attack-hits-400-dental-offices-across-the-us
2. https://en.wikipedia.org/wiki/Ransomware
3. https://healthitsecurity.com/news/ransom-
ware-attacks-on-healthcare-providers-rose-350-
in-q4-2019
4. https://info.corvusinsurance.com/hubfs/Se-
curity%20Report%202.2%20-%20Health%20
Care%20.pdf
5. https://krebsonsecurity.com/2015/05/whos-
scanning-your-network-a-everyone/
6. https://angryip.org/
7. https://blog.rapid7.com/2016/03/01/the-at-
tackers-dictionary/
8. https://blog.rapid7.com/2016/03/01/the-at-
tackers-dictionary/
9. http://www.passwordmeter.com/
10. It is important to remember that attackers
may have an army of zombie computers at their
disposal to work on cracking passwords for a
target. See: https://en.wikipedia.org/wiki/Zom-
bie_(computing)
11. https://howsecureismypassword.net/
12. https://www.my1login.com/resources/pass-
Figure 5.
word-strength-test/
13. An initialism is an abbreviation that uses
the first letter of each word in a phrase (thus,
some but not all initialisms are acronyms). We
want to avoid acronyms for passwords because
they can be found in rainbow charts and as
passwords harvested in the wild.
14. https://tools.oratory.com/altcodes.html
15. https://wmich.edu/arts-sciences/technolo-
gy-password-tips
16. https://en.wikipedia.org/wiki/Salt_(cryptog-
raphy)
17. https://en.wikipedia.org/wiki/Rainbow_table
Dr. DiDonato received
his dental degree from the
NYU College of Dentistry
and an MBA from Roches-
ter Institute of Technology.
He is a fellow of the Acad-
emy of General Dentistry
and a past-president of the
NYSAGD. He is an attend-
ing and clinical instructor at the Eastman
Department of Dentistry of the University of
Rochester. He maintains a private practice
in Rochester, NY.
Figure 6.
www.nysagd.org l Fall 2020 l GP 25
