HIPS Series > Picking and Protecting Passwords > Quiz + Answers

•  •  •  •  •

1. Which of these "high tech" methods presents a threat to your passwords?

A. "Dictionary attack" -- using a computer to try all the words commonly used as passwords.

B. "Brute Force attack" -- using a computer to try all possible combinations of letters, numbers and special characters that could be used for a password.

C. "Mind Probe attack" -- using a brain scanner to read your mind.

D. All of these are realistic risks.

A and B are correct. Both "dictionary" and "brute force" attacks are realistic high-tech threats. As far as we know, mind-reading brain scanners are not (yet) broadly deployed.

2. Which of these "low tech" methods presents a threat to your passwords?

A. "Shoulder Surfing attack" -- an intruder sees you typing in your password.

B. "Post-It attack" -- an intruder finds the passwords you've written down and left in plain view.

C. "Simple Guess attack" -- an intruder guesses your password based on the things he/she knows about you.

D. "Elvis has Left the Building attack" -- you leave your logged-in computer unattended, and an intruder gets access to it while you're away.

All of these are important low-tech threats. It's hard to say which is the most dangerous.

•  •  •  •  •

3. Which of these is a characteristic of a good password?

A. Uses only a few characters.

B. Uses mixes of uppercase, lowercase and special characters.

C. Uses common words found in the dictionary

D. Uses words related to things commonly known about the user.

B is correct. All the others are characteristics of bad passwords.

•  •  •  •  •

4. Which of these is a characteristic of a good password?

A. Not changed very often.

B. The same for every system the person uses.

C. Not changed from the manufacturer's default or starting password.

D. It's "strength" is appropriate to the importance of the system it protects.

D is correct. All the others are characteristics of bad passwords.

•  •  •  •  •

5. When should you lend out your password to someone else?

A. Whenever someone asks you for it.

B. When someone you know asks for it.

C. When someone you know asks for it, but only for a true emergency situation.

D. Never.

Some would say D. But we think C is the realistic answer.

•  •  •  •  •

6. When and where should you write down your passwords?

A. Whenever it is convenient. And you can keep this information anywhere that is convenient.

B. Whenever you really need it for your memory.

C. Whenever you really need it for your memory, but this information should only be kept in a secure location.

D. Never.

Some would say D. But we think C is the realistic answer.

•  •  •  •  •

7. When is it OK to have your computer "remember" passwords?

A. Any time the computer software offers the option.

B. When you have "password management" software that stores the information in a secure database.

C. When you have "password management" hardware that stores the information in a secure database.

D. Never.

Some would say D, but they'd definitely be wrong here. "Password management" software or hardware are safe options, provided you use them correctly.

•  •  •  •  •

8. Must all passwords be chosen to offer the same security?

A. Yes, every password should be chosen using rules to make it very secure.

B. No. Passwords can be of different quality depending on what they protect.

Some would say A, but we believe that's unrealistic and wrong. It makes little sense to use the same strength password regardless of the importance of the resource it protects -- unless you are using the same password for many resources, in which case it should be a strong as the most important resource requires.