Which of the following is a reason why using passwords is a poor security mechanism?
Guidelines for Password ManagementPurposeThe purpose of this Guideline is to educate Carnegie Mellon University (“University”) students, faculty and staff on the characteristics of a Strong Password as well as to provide recommendations on how to securely maintain and manage passwords. Show
Applies ToThis Guideline applies to all students, faculty and staff that have a username and password to at least one University system or application, independent of whether you are an end user or a system administrator for that system or application. DefinitionsA Strong Password is defined as a password that is reasonably difficult to guess in a short period of time either through human guessing or the use of specialized software. GuidelinesThe following are general recommendations for creating a Strong Password: A Strong Password should -
Strong Passwords do not -
The following are several recommendations for maintaining a Strong Password:
The following are Guidelines for individuals responsible for provisioning and support of user accounts:
The following are several additional Guidelines for individuals responsible for the design and implementation of systems and applications:
The following are additional Guidelines for system or service accounts - those not designed to be used by humans:
Additional InformationIf you have any questions or comments related to this Guideline, please send email to the University Information Security Office at . Additional information can also be found using the following resources:
Revision History
Which of the following is not a valid means to improve the security offered by password authentication?Which of the following is not a valid means to improve the security offered by password authentication? Preventing password reuse by tracking password history increases security but allowing users to reuse the same password does not increase security.
Is the process of verifying or testing the validity of a claimed identity?The process of determining claimed user identity by checking user-provided evidence is called authentication and the evidence which is provided by the user during process of authentication is called a credential.
Which of the following is an example of twoSSO (single sign-on) enables users to access multiple servers and multiple resources while entering their credentials only once. The type of authentication can vary but will generally be a username and password. Smart cards and biometrics is an example of two-factor authentication.
Which of the following is an example of access control?Access control is a security measure which is put in place to regulate the individuals that can view, use, or have access to a restricted environment. Various access control examples can be found in the security systems in our doors, key locks, fences, biometric systems, motion detectors, badge system, and so forth.
|