Security - Usernames and Passwords

Exam: CompTIA 220-701 - CompTIA A+ Essentials 700 series

Explain the basic principles of security concept and technologies

Authentication technologies - Usernames and passwords

The username/password combination is the most common type of authentication when it comes to gaining access to computers. The username is known to all parties involved and can be seen as plain text when typed. In some cases, the user has no control over what the username will be, or it will be the name or email address of the user. However, the password is either set by the user or created automatically for the user. It is common knowledge that a strong password is important for protecting a user account, whether the account is with a bank, at work, or elsewhere. But what is a strong password? Many organizations define a strong password as a password with at least 8 characters, including at least one uppercase letter, one number, and one special character. The best passwords have the same requirements but are 14 characters or more. Many password checker programs are on the web, for example Microsoft's password checker at http://www.microsoft.com/protect/yourself/password/checker.mspx.

Changing your password at regular intervals is important as well. The general rule of thumb is to change your password as often as you change your toothbrush. However, because this is a subjective concept (to put it nicely!), many organizations have policies concerning your password. It might need to meet certain requirements, or be changed at regular intervals, and so forth.

It's important to note that when logging on to a Microsoft network, the logon process is secured by the Kerberos protocol, which is run by the Domain Controller. This adds a layer of protection for the username and password as they are being authenticated across the network. When a user is going to take a break or go to lunch, they should lock the computer. This can be done by pressing Windows+L. When doing so, the operating system goes into a locked state, and the only way to unlock the computer is to enter the username and password of the person who locked the computer. The difference between this and logging out is that a locked computer keeps all the session's applications and files open, whereas logging out closes all applications and open files.

User Account Control (UAC) is a security component of Windows Vista that keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights-even if they are a member of the administrators group. It is meant to prevent unauthorized access and avoid user error in the form of accidental changes. With UAC enabled users perform common tasks as non-administrators, and when necessary, as administrators, without having to switch users, log off, or use Run As.

Basically, UAC was created with two goals in mind. First, to eliminate unnecessary requests for excessive administrative-level access to Windows resources. And second, to reduce the risk of malicious software using the administrator's access control to infect operating system files. When a standard end user requires administrator privileges to perform certain tasks such as installing an application, a small pop-up UAC window appears notifying the user that an administrator credential is necessary. If the user has administrative rights and clicks Continue, the task will be carried out, but if they do not have sufficient rights, the attempt fails. Note that these pop-up UAC windows do not appear if the person is logged on with the actual Administrator account.