Security

Visualizing dataset of 2 million+ passwords:

Standard

I found a data-set of password(s) on DataScienceCentral: Password and hijacked email dataset for you to test your data science skills – And for fun, I played with the data-set for an hour or so:

1) Password Length vs Frequency

1 how to choose password password length

2) Percentage of passwords having at least one special character vs passwords having no special character:

2 passwords that have special character vs the one's that dont

3) Percentage of passwords that have: at-least one number, one alphabet & one special character AND length = 8 or more.

Answer: 1.4856%

Let’s see a comparison of Passwords of length 8 or more (69.302%) vs Passwords of length 8 or more having combination of alphabets & numbers & special characters (1.485%)

4 passwords having combination of alphabets plus numbers and special characters

That’s about it for now – it was fun!

 

And for those interested, here are the few behind the scene technical details:

Tools I used:

1. Excel & 2. SQL Server

Note: I first tried using Google refine to augment data – but it crashed on me. So thought of using SQL Server and TSQL. And if excel 2010 supported 2+ million then I would not have needed SQL server. Anyhow – the tool used is not important here.

Initial state:

2 million passwords in a .txt file.

Information I appended to the data-set using TSQL:

1. Length of password

2. Has Alphabets?

[a-zA-Z]

3. Has Numbers?

[0-9]

4. Has special Characters?

[^a-zA-Z0-9]

Plus few others derived from #2, #3 & #4 like ” has alphabets+ characters + special characters?”

That’s about it for the technical details. Ping me if interested!

 

Related articles:

How to Disable password expiration for Windows Server 2008 R2 (domain controller)?

Standard

I have written about how to disable password expiration for Windows Server 2008 R2 if it is NOT a domain controller. You can Find that post here: http://parasdoshi.com/2012/04/19/how-to-disable-the-password-expiration-policy-in-windows-server-2008-r2-demo-machine/

Now, if you are looking to disable the password for the Windows Server 2008 R2 dev. machine which is also a Domain Controller then follow these steps:

1) If you go to “Local security policy- you’ll see the options but it is not going to allow you to change the setting even if you are logged in as domain administrator.

windows server 2008 r2 disable password expiration local security policy

2. So we need an alternate path to edit the password expiration policy.

Go to Start > Administrative Tools > Group Policy Management

3. Here click on “edit” for the default domain policy for the domain of your choice:

windows server 2008 r2 disable password expiration group policy management

4. Go To Policies > Windows Settings > Security Settings > Account Policies > Password Policy

windows server 2008 r2 disable password expiration group policy management editor

5. Change the Password Policy!

Note that changing your password policy to disable password expiration is a security vulnerability. It’s applicable for your Demo Machine only. Or your Dev Machine. The reason I am documenting it that I do not want to change the password of Windows Server on which I have my Sharepoint BI dev environment Setup. It’s MY Dev Environment and I am NOT sharing it with other folks PLUS I do not anything sensitive on it, So I can afford disabling the password expiration policy.

That’s about it for this post. Happy Tweaking!

[cloud 101] Is cloud secure?

Standard

I got this question recently and I thought of converting them into a “cloud 101” blog posts. So here they are:

Q: “Banking – with its high security needs and strict regulations – was always considered to be one of the last industries to accept cloud-computing”. So is cloud computing insecure?”

A: I would say – Cloud is secure. At least companies like Amazon (AWS), Microsoft, Google have advanced security mechanisms in place – In most cases, Cloud is more secure than private data-centers. And some banks do not move to Cloud (or cannot move to cloud) because of other reasons. And most of them fall on the legal side of things. Strict regulations (government regulations) as you mentioned.

And later at one point, we discussed about banks keeping parts of the data/app on-premise and moving other parts to cloud. That’s called hybrid cloud. What they do is that since they cannot move “sensitive” data to cloud because of government regulation and/or business policies – they move things that are permissible by law/business policies to cloud.

And we also discussed about what are the disadvantages of moving to cloud? I realized: Most of the perceived “disadvantages” are actually MYTHS. so at one point I felt the need to clear myths and then talk about other topics. It was fun though!

Resource:

Cloud Security Alliance