4 Network Secure solutions
4.1 Use of secure authentication methods

Several organizations require the use of “strong authentication methods” especially in online transactions that include payment service. There are several definitions of strong authentication. Some authors refer to it as the authentication method with multi-factor authentication that requires the use of solutions from two or more of the three categories of factors (knowledge, possession and inherence), already explained in the section 1.3. Other authors (A. J. Menezes, P. C. van Oorschot and S. A. Vanstone) consider in [11] that strong authentication methods require a cryptographic challenge response protocol … In any case, a strong authentication protocol could not be accomplished with the transmission of passwords.

It is important to know that the reliability of authentication is affected not only the number of factors involved but also how they are implemented. In each category, the choices made for authentication rules greatly affect the security of each factor. Poor or absent password rules, for example, can result in the creation of passwords like “guest,” which completely defeats the value of using a password. Best practices include requiring inherently strong passwords that are updated regularly. Lax rules and implementations result in weaker security; alternatively, better rules can yield better security per factor and better security overall for multifactor authentication systems.

In the case of using passwords, it is essential creating a good quality password policy to prevent password guessing and cracking. The advent of password crackers has made it so much easier for hackers to "guess" passwords. There are also numerous password cracking tools available that any average person can use Unfortunately the average user is more inclined to make the password easy to remember than difficult to guess.

Password cracking is the process of figuring out or breaking passwords in order to gain unauthorized entrance to a system or account. Passwords can be cracked in a variety of different ways. The most simple is the use of a word list or dictionary program to break the password by brute force. These programs compare lists of words or character combination against password until they find a match. Therefore, it is obvious that passwords should not be dictionary words, proper nouns or foreign words.

Password crackers can be used to ensure that users are implementing secure passwords. Systems administrators can use them to test the strength of user's passwords. The system administrator can then notify users whose passwords are insecure.

Another way that intruders can use to discover passwords is through social engineering. Many users create passwords that contain personal information and therefore, they can be guessed by learning a minimal amount of information about them. So, passwords should not contain personal information.

Many users store the different passwords they use in computer files. If so, in order to mitigate the impact of password sniffing, it is necessary to encrypt these files. In fact, this recommendation is useful not only for password files, but also for all files that contains sensitive information.