Download as PDF, PPTX
Uploaded byKhawar Nehal [email protected]
Password security by_khawar_6_sep_2014-1
Khawar Nehal discusses a system he developed for managing passwords using pass-sentences for enhanced security. He details the process of creating and storing these passwords, including using an encrypted partition and regular backups. The document also offers a method for maintaining security through the use of GPG encryption and encourages contributions for further research in computer security.
More Related Content
Similar to Password security by_khawar_6_sep_2014-1
More from Khawar Nehal [email protected]
Password security by_khawar_6_sep_2014-1
- 1. How I solvedmy password problem By : Khawar Nehal Applied Technology Research Center http://atrc.net.pk Dubai Computer Services. http://dubai-computer-services.com Date : 6 Sep 2014
- 2. Problem Just likemany other people, I have to have passwords.
- 3. Sentences Since manyyears the computers required longer passwords due to the ever increasing computation speeds of computers. So I came up with the pass-sentence idea many years ago and write about that. In this my passwords looks like a sentence like this : “thisismypasswordanditislong”
- 4. Storage What Iused to do is create different passwords for many sites which I visited. Also I was responsible for a lot of ISPs concurrently so there needed to be a way to store all passwords.
- 5. Paper Initially itwas all done on paper with paper backups. The paper was well guarded physically.
- 6. Electronic The about10 years ago I stored the passwords in a directory aptly called “passwords.” I was not afraid of anyone getting access through the network because I was always using some version of Linux installed less than 6 months ago.
- 7. Encrypted partition Nowthe laptop and desktop had to be physically protected. Then a few years ago I started using an encrypted partition. This way, the computer needs the password on startup and if you do not give the password, the encrypted partition is not available.
- 8. Solution for you So I if you want peace of mind, you can use my password management system to prevent unauthorized access to your stuff on the computers and the net.
- 9. Procedure Copy allof your data off the computer to backup. Download the latest available ISO of the OS. Create an encrypted partition of about 100 MB when installing the OS. This procedure needs to be done every 6 months so your OS distribution is fresh. This solves the update causing your apps to go haywire issue. And increases security while keeping your system running smoothly.
- 10. Procedure Create adirectory called passwords in an encrypted partition. Create directories in the passwords directory for each domain and application. Examples : yahoo.com, your_database, your_server, ...
- 11. Files Create textfiles or odt files in the directories with the date and version in the name of the file. Example : in yahoo.com you might have a file called khawar.nehal_5_sep_2014-1.txt
- 12. Contents of files Inside the file the contents look like : User khawar.nehal Password thisismylongpassword Date of birth 9/11/2001 Alternative email : [email protected] … any other info relevant to the password.
- 13. File names. Ifthe file is changed on the same day then the file name may look like Khawar.nehal_5_sep_2014-3.txt To represent the 3rd version on the 5th of sep 2014 This is to avoid having any wrong CMOS/BIOS clock time messing up your backup/restore.
- 14. Old files Oldfiles are deleted regularly. If a restore is required and they show up again, they are deleted. With terabytes of storage, the number of files does not matter. Just delete the old ones and keep the latest. Use save as to change the name to the new version to avoid restore disasters.
- 15. GPG Also useGPG with symmetric encryption when copying to backups. To make it easy, use a king of reminder in the GPG file name to help you figure out the master passwords of the whole backup file.
- 16. Reminder For exampleyour master password for the GPG file is maryhadalittlelamb. You could use the reminder KG to remind you of the password. Anything which shall help you remember your long pass-sentence.
- 17. GPG I hopeyou shall be able to use this procedure to have strong passwords and keep them secure. If you need help with other computer security issues or better ideas on how to manage your enterprise security requirements. Please contact me : [email protected] and mention this presentation.
- 18. How I solvedmy password problem By : Khawar Nehal Applied Technology Research Center http://atrc.net.pk Dubai Computer Services. http://dubai-computer-services.com Date : 6 Sep 2014
- 19. Request for contribution If you find this useful and would like to contribute resources, books, things or money to help my company to provide more such useful research please contact us. Do also contact to send ideas of things which you would like to see more research on.