Information security is one of the main concerns in modern society. Even though we have much more advanced methods to secure our data, good old passwords are the final security measurement standing between our information and the outside world. So, the security of passwords is very important for the overall security of a system, network, or application.
In this paper, the learner discusses about John the ripper tool and its 4 different password cracking modes. Using Kali Linux operating system and John the ripper tool, learner demonstrates the Single crack mode by creating different passwords in different strength levels and cracking them. By analysing the time, which is taken to crack those passwords, learner is looking forward to gain knowledge about strong and weak passwords along with their characteristics. At last, learner discusses about major principles behind password policies to learn about good password construction and password management. By using that knowledge, learner creates an organizational password policy for “Rythmo Art Gallery”.
1. W.A Neranjan Viduranga COL/A-069224 pg. 7
Password Security and Use of John the Ripper Tool
Course Work Report – Cyber Security
W.A Neranjan Viduranga
Kingston University
2. W.A Neranjan Viduranga COL/A-069224 pg. 8
Abstract
Information security is one of the main concerns in modern society. Even though we
have much more advanced methods to secure our data, good old passwords are the
final security measurement standing between our information and the outside world. So,
the security of passwords is very important for the overall security of a system, network
or application.
In this course work, the learner discusses about John the ripper tool and its 4 different
password cracking modes. Using Kali Linux operating system and John the ripper tool,
learner demonstrates the Single crack mode by creating different passwords in different
strength levels and cracking them. By analysing the time which is taken to crack those
passwords, learner is looking forward to gain knowledge about strong and weak
passwords along with their characteristics. At last, learner discusses about major
principles behind password policies in order to learn about good password construction
and password management. By using that knowledge, learner creates an organizational
password policy for “Rythmo Art Gallery”.
3. W.A Neranjan Viduranga COL/A-069224 pg. 9
Table of Contents
Introduction ........................................................................................................................... 11
Activity 01 .............................................................................................................................. 12
Part “A” ................................................................................................................................ 12
1] Navigating to the Desktop through the Terminal ..................................................... 12
2] Creating a MD5 hash value for “password1” and store it in a file named
“md5hash.txt”. ................................................................................................................. 12
3] Creating five more hashing values using the same command............................... 12
4] Hash values of the created passwords..................................................................... 13
5] Cracking the MD5 hashes stored in the md5hash.txt file using John the Ripper
tool. .................................................................................................................................. 13
6] Cracked and failed passwords. ................................................................................. 14
7] Analysis of password strengths and the time taken to crack them ........................ 15
Part “B” ................................................................................................................................ 16
1] Creating users. ........................................................................................................... 16
2] Contents of “passwd”. ................................................................................................ 18
3] Contents of “shadow”................................................................................................. 19
4] Copying the contents of “passwd” and “shadow” in to text files. ............................ 21
5] Unshadowing the contents in the text files in to “passwords.txt” file...................... 22
6] Cracking the passwords using John the Ripper tool. .............................................. 22
7] Cracked and failed passwords. ................................................................................. 23
8] Analysis of password strengths and the time taken to crack them ........................ 24
Activity 02 .............................................................................................................................. 25
Part “A” – John the Ripper Tool......................................................................................... 25
Different cracking modes in John the Ripper tool ........................................................ 25
Part “B” – Password policy and principles........................................................................ 27
Password Policy for Rythmo Art Gallery....................................................................... 27
Principles behind password policy ................................................................................ 30
Conclusion............................................................................................................................. 32
References............................................................................................................................. 33
4. W.A Neranjan Viduranga COL/A-069224 pg. 10
Table of figures
Figure 1 - Navigating to the desktop.......................................................................................... 12
Figure 2 – Creating MD5 hash values......................................................................................... 12
Figure 3 – Creating more hash values........................................................................................ 13
Figure 4 - Hash values................................................................................................................ 13
Figure 5 - Cracking the MD5 hashes........................................................................................... 14
Figure 6 - Cracked and failed passwords.................................................................................... 14
Figure 7 - Creating users (01)..................................................................................................... 17
Figure 8 - Creating users (02)..................................................................................................... 17
Figure 9 - Contents of passwd (01) ............................................................................................ 18
Figure 10 - Contents of passwd (02) .......................................................................................... 19
Figure 11 - Contents of shadow (01).......................................................................................... 20
Figure 12 - Contents of shadow (02).......................................................................................... 21
Figure 13 - Copying passwd and shadow in to a .txt................................................................... 22
Figure 14 _ Unshadowing.......................................................................................................... 22
Figure 15 - Password cracking ................................................................................................... 23
Figure 16 - Cracked and failed passwords.................................................................................. 23
List of tables
Table 1 - Analysis of password strengths ................................................................................... 15
Table 2 - User details................................................................................................................. 16
Table 3 - Analysis of password strengths ................................................................................... 24
Table 4 - Pre-defined incremental modes.................................................................................. 26
Key words
Kali Linux, John the Ripper tool, Hashing, Single crack mode, Word List mode,
Incremental mode, External mode, Password cracking, Password unshadowing,
Password policy, Password principles
5. W.A Neranjan Viduranga COL/A-069224 pg. 11
Introduction
This course work consists of two main parts (Activities) and four sub parts. The first
activity includes,
Part “A”
Part “B”
Part “A” is a practical work which consists of creating different passwords with different
levels of strength and cracking them using “Single crack mode” of John the Ripper tool.
The “B” part is also a practical work which works with the same single crack mode in
john the ripper tool but bit more advanced than the part “A”. At the end of the both parts,
learner put the analysis of password strengths with the time that they spend on cracking
those passwords.
The second activity is also consists of two sub parts named part “A” and “B”. Part “A” of
second activity includes, a brief explanation about John the Ripper tool and its 4
password cracking modes. The “B” part includes a password policy for “Rythmo Art
Gallery” created by the learner. At last, the learner discusses about major principles
behind password policies and gives his conclusion about this course work and
knowledge that he gained during this course work.
6. W.A Neranjan Viduranga COL/A-069224 pg. 12
Activity 01
Part “A”
1] Navigating to the Desktop through the Terminal
cd Desktop
Figure 1 - Navigating to the desktop
2] Creating a MD5 hash value for “password1” and store it in a file named “md5hash.txt”.
echo -n “password1” | md5sum | tr -d “-” >> md5hash.txt
Figure 2 – Creating MD5 hash values
3] Creating five more hashing values using the same command.
echo -n “river” | md5sum | tr -d “-” >> md5hash.txt
echo -n “bridge” | md5sum | tr -d “-” >> md5hash.txt
echo -n “557” | md5sum | tr -d “-” >> md5hash.txt
echo -n “neranjan123” | md5sum | tr -d “-” >> md5hash.txt
echo -n “WAN@1999lanka” | md5sum | tr -d “-” >> md5hash.txt
7. W.A Neranjan Viduranga COL/A-069224 pg. 13
Figure 3 – Creating more hash values
4] Hash values of the created passwords.
cat md5hash.txt
Figure 4 - Hash values
5] Cracking the MD5 hashes stored in the md5hash.txt file using John the Ripper tool.
john –format = Raw-MD5 md5hash.txt
8. W.A Neranjan Viduranga COL/A-069224 pg. 14
Figure 5 - Cracking the MD5 hashes
6] Cracked and failed passwords.
john –show –format = Raw-MD5 md5hash.txt
Figure 6 - Cracked and failed passwords
9. W.A Neranjan Viduranga COL/A-069224 pg. 15
7] Analysis of password strengths and the time taken to crack them
Table 1 - Analysis of password strengths
Password No. of characters Password
Strength
Time taken to
crack
01 password1 9 (8 lowercase letters
and 1 digit)
Low
(Over 8 characters
but commonly
used. Not unique)
Under 5 minutes
02 river 5 (5 lowercase letters) Low
(Fewer characters.
Not unique)
Under 5 minutes
03 bridge 6 (6 lowercase letters) Low
(Fewer characters.
Not unique)
Under 5 minutes
04 557 3 (3 digits) Low
(Fewer characters.
Not unique)
Under 7 minutes
05 neranjan123 11 (8 lowercase letters
and 3 digits)
Medium
(Over 8 characters
and has letters plus
digits)
Failed to crack
(15 minutes time
frame)
06 WAN@1999lanka 13 (3 uppercase
letters, 1 symbol, 4
digits and 5 lowercase
letters)
Strong
(Unique
combination.
Doesn’t related to
the user name)
Failed to crack
(15 minutes time
frame)
By the time of using John the Ripper tool, there was total of six hash values (passwords)
in the md5hash.txt file. John the Ripper tool took 5 minutes to crack the first 3 passwords
(“river”, “bridge”, “Password1”). Then it took additional 2 minutes to crack the fourth
password which was “557”. After that the learner gave additional 15 minutes to crack the
last 2 passwords (“neranjan123” and “WAN@1999lanka”) but the tool was unable to
crack those passwords.
10. W.A Neranjan Viduranga COL/A-069224 pg. 16
As the fifth password, the learner gave his first name and three numbers (neranjan123)
to the system hoping that the tool (John the Ripper) will be able to crack that password
due to its simplicity. But it had total of 11 characters and those higher number of
character combinations may cause the tool to fail.
The sixth password (WAN@1999lanka) was a unique password with thirteen harder to
guess character combinations. It was created using numbers, uppercases, lowercases
and symbols in order to avoid cracking. So, the tool failed to crack the last password as
the learner expected.
By looking at those results, the learner came to a conclusion that, passwords with
common use, fewer than 8 characters and single type of characters (uppercases only,
lowercases only) are easy to crack. Even though, the 4th
password (557) took additional
2 minutes to crack it cannot be considered as a strong password due to its minimum use
of characters.
Part “B”
1] Creating users.
sudo adduser user01
sudo adduser user02
sudo adduser user03
Table 2 - User details
User
name
Password Full
name
Room
number
Work
phone
Home
phone
Other Info/
correct
(Y/N)
user01 user01 Default Default Default default Default Yes
user02 neranjan Default Default Default Default Default Yes
user03 WAN@1999lanka Default Default default Default Default Yes
15. W.A Neranjan Viduranga COL/A-069224 pg. 21
Figure 12 - Contents of shadow (02)
4] Copying the contents of “passwd” and “shadow” in to text files.
cp /etc /passwd passwd.txt
sudo cp /etc/shadow shadow.txt
16. W.A Neranjan Viduranga COL/A-069224 pg. 22
Figure 13 - Copying passwd and shadow in to a .txt
5] Unshadowing the contents in the text files in to “passwords.txt” file.
sudo chmod 777 shadow.txt
unshadow passwd.txt shadow.txt > passwords.txt
Figure 14 _ Unshadowing
In here, the learner had to use additional command, “sudo chmod 777 shadow.txt”,
which is used to change the permission in order to make the shadow.txt file readable.
[Thornsby, J., 2020.]
6] Cracking the passwords using John the Ripper tool.
john –format = sha512crypt passwords.txt
17. W.A Neranjan Viduranga COL/A-069224 pg. 23
Figure 15 - Password cracking
7] Cracked and failed passwords.
john –show passwords.txt
Figure 16 - Cracked and failed passwords
18. W.A Neranjan Viduranga COL/A-069224 pg. 24
8] Analysis of password strengths and the time taken to crack them
Table 3 - Analysis of password strengths
User
Name
Password No. of
characters
Password
Strength
Time taken
to crack
01 user01 user01 6
(4 lowercase
letters and 2
digits)
Low
(Usage of user
name as the
password and
lower characters)
One minute
02 user02 neranjan 8
(all lowercase
letters)
Medium
(Has 8 characters
and slightly
unique. But
contains only
lowercases)
Failed to
crack
(13 minutes
time frame)
03 user03 WAN@1999lanka 13
(3 uppercase
letters, 1
symbol, 4
digits and 5
lowercase
letters)
Strong
(Unique
combination.
Doesn’t related to
the user name)
Failed to
crack
(13 minutes
time frame)
By the time of using John the Ripper tool, there was total of three passwords in the
passwords.txt file. John the Ripper tool took only one minute to crack the first password
which was “user01”. Then the learner gave another 12 minutes to crack the other
passwords but the tool (John the Ripper) was unable to do that.
As the second password, the learner gave his first name (neranjan) to the system hoping
that the tool (John the Ripper) will be able to crack that password due to its simplicity.
But it had total of 8 characters and those higher number of character combinations may
cause the tool to fail.
The sixth password (WAN@1999lanka) was a unique password with thirteen harder to
guess character combinations. It was created using numbers, uppercases, lowercases
19. W.A Neranjan Viduranga COL/A-069224 pg. 25
and symbols in order to avoid cracking. It was successful and shows some of the
characteristics that should be in a strong password.
Activity 02
Part “A” – John the Ripper Tool
John the Ripper tool is a password cracking tool which was released to the public in
1996 for UNIX based systems. John the ripper tool is designed to test different
passwords for their strength, hashed passwords (Brute – Force encrypted passwords)
and to crack passwords using dictionary attacks.
Mainly, there are two versions of John the ripper tools are available. General Public
Licenced (GNU/GPL) and Proprietary (Pro) versions. GNU/GPL versions are designed
for light users like students while professionals like, cyber security engineers and
penetration testers use the Pro version with more advanced features like multilingual
wordlists and 64 bit architecture support.
[Sharma, A., 2020.]
Different cracking modes in John the Ripper tool
1. “Single Crack” mode
Single crack mode is considered as the quickest password cracking mode in john
the ripper tool. This mode uses the data and information from “passwd” files such
as login names, GECOS or full name fields and user’s home directory names to
crack passwords by guessing the password. This mode uses the collected
information only to crack passwords which are related to those information.
Because of that reason, this mode is way faster than other modes when it comes
to password cracking. But, to successfully crack a password using this mode, the
password must be based on commonly available phrases or combinations in the
username that it related to. Also, it should not be an uncommon and strong
password. Otherwise it will take much longer time or fail to crack the password.
E.g.- admin123 / 1234 / kasun345
[Openwall.com. 2013.]
2. “Wordlist” mode
Wordlist mode is considered as the simplest password cracking mode in John the
ripper tool. That’s because, in this mode, the user only have to specify a wordlist
and password files. (“Wordlist” is a text file which contains single word per line)
20. W.A Neranjan Viduranga COL/A-069224 pg. 26
This mode uses a user specified wordlist and password files to crack passwords
by applying each passwords again and again until the correct password is found.
In this mode, the user can enable “word managing rules” to modify or change the
combinations of words in the specified wordlist in order to make new passwords.
By enabling this feature, users can get multiple likely passwords per every line in
the wordlist. So, it increases the chance of cracking password by multiple times.
John the ripper tool does not contain the ability to sort wordlists due to the large
quantity of resources that need. So, every wordlist that is intended to use on john
the ripper must be sorted beforehand. Users can sort their wordlists by more
likely passwords listed first or in the alphabetical order. Alphabetical order of a
wordlist allows the tool to crack passwords that are longer than the maximum
supported password length for the hash type that you are cracking.
[Openwall.com. 2013.]
3. “Incremental” mode
Incremental mode is considered as the most powerful password cracking mode
in John the ripper tool. Although, technically this mode can try all possible
phrases and character combinations as likely passwords, it is assumed that the
incremental password cracking will never terminate due to the large number of
possible character combinations. Due to that reason, incremental mode deals
with different trigraph frequencies for each and every character positions and
password lengths separately, in order to crack each possible password within a
limited time frame. But, users can set this mode to terminate automatically by
setting low password lengths or giving it a small charset to use.
John the ripper tool provides some pre-defined incremental modes like ASCII,
LM_ASCII, Alnum, Alpha, LowerNum, UpperNum, LowerSpace, Lower, Upper
and Digits. (Below chart shows the content of above pre-defined incremental
modes)
Table 4 - Pre-defined incremental modes
Pre-defined incremental
mode
Contents of the mode
ASCII All of the 95 printable ASCII characters.
LM_ASCII All the ASCII characters that are used in LM
hashes.
Alnum All of the Alphanumeric characters.
21. W.A Neranjan Viduranga COL/A-069224 pg. 27
Alpha All of the 52 letters. (Uppercase and Lowercase
letters)
LowerNum All of the lowercase letters with 0 to 9 digits
(Total of 36 characters)
UpperNum All of the uppercase letters with 0 to 9 digits
(Total of 36 characters)
LowerSpace All of the lowercase letters with the space. (Total
of 27 characters)
Lower All of the lowercase letters.
Upper All of the uppercase letters.
Digits Digits only.
Apart from using pre-defined incremental modes, users can give specific
parameters like password length limits and charset to create their custom
incremental mode.
[Openwall.com. 2013.]
4. “External” mode
External mode allows the user to write their own rules for generating password
guesses. By using this mode, users can define and create their own custom
password cracking mode in john the ripper tool.
[Clarke, M., 2015.]
Part “B” – Password policy and principles
Password Policy for Rythmo Art Gallery
1.0] Overview
Information security is one of the major concerns of a modern company. Passwords hold
the last standing protection against unauthorized access and resource exploitation of the
company. To prevent that, all the employees and suppliers of “Rythmo Art Gallery” who
22. W.A Neranjan Viduranga COL/A-069224 pg. 28
has the access to the system must take appropriate actions and actions as outlined
below.
2.0] Purpose
The main purpose of this password policy is to create and establish a well-managed,
standard password policy in order to ensure the security of the system. This password
policy will establish a standard to create strong passwords and frequent password
changes.
3.0] Scope
The scope of the password policy of “Rythmo Art Gallery” includes all of the employees,
suppliers and people who have the authorized access to the company’s system, network
or any kind of user account that belongs to the company.
4.0] Policy
4.1] General
All of the passwords must be changed after using for 90 days.
All of the passwords that were expired in last year cannot be reused again for
next 2 years.
All of the expired passwords can be used again after 3 year time period but
characters of every password must be rearranged.
Passwords or a part of a password must not be transmitted through any form of
electronic communication media under any kind of circumstances.
All of the passwords must conform to the guidelines below.
4.2] Guidelines for password creation
1. A password must include minimum of 8 characters. 15 characters are
recommended.
2. A password must not be same as the User ID or User name.
3. A password must not use birthdays, addresses or any kind of personal
information.
4. A password must not be a dictionary word, common name or proper name.
5. A password must include uppercases, lowercases, digits and symbols.
6. A password must be changed after using for 90 days.
7. A password should not be identical to the previous passwords.
8. Ensure passwords must only be reset for authorized users.
23. W.A Neranjan Viduranga COL/A-069224 pg. 29
9. Do not use personal passwords as the work account passwords.
4.3] Guidelines for password protection
1. Do not use any kind of digital or electronical media to store your password
without strong encryption.
2. Do not write down your password in a book, paper or any kind of a surface.
3. Do not share your password with your supervisor, co-workers or other
employees.
4. Do not share your password with your family members.
5. Do not talk about your password in front of people.
6. Do not use your password in front of people (public)
7. Do not enable the “See password” option when you are logging in to the
system/account.
8. Do not use “Remember password” or “Remember me” option on an application.
9. Do not reveal your password on questionnaires or security forms.
10. Do not use your password to log in to other applications that are suspicious.
11. Do not use the same password for different accounts.
12. If someone demands a password, please refer them to this document or the IT
department.
Security check-ups may be performed randomly by the information security officer. Users
will be informed and require changing their passwords if a password is guessed or
cracked during these security check-ups.
4.4] Guidelines for password deletion
All of the passwords and accounts that are no longer needed must be deleted
immediately. When an account no longer needed,
Employee should notify his/her superior officer.
Suppliers should notify the supply manager.
After that, that supply manager or superior officer should notify IT department. The
information security officer (of IT department) should delete the password and suspend
the user account within the day.
4.5] Guidelines for application development
To ensure the security of the system and information, application developers of the
Rythmo Art Gallery must follow the guidelines in below.
24. W.A Neranjan Viduranga COL/A-069224 pg. 30
1. Applications should not show the passwords in clear text when logging in to the
system.
2. User authentication should be done in individual basis, not the group basis.
3. Passwords should not be stored in clear text (in databases). All the stored
passwords must be encrypted using a strong encryption method.
4. Some sort of role management should be provided.
4.6] Guidelines for remote access
Remote access to the Rythmo Art gallery must be limited to fewer numbers of authorized
employees. Remote access must be controlled by using a Virtual Private Network (VPN)
/ form of advanced authentication method (biometrics) or combination of both methods.
5.0] Penalties
All the employees and suppliers of Rythmo Art Gallery should not violate this policy. Any
employee, who violated this policy, may be subjected to disciplinary action or even
termination of employment. Suppliers who violated this policy may be subjected to
termination of supply contract.
Principles behind password policy
Above password policy (Password policy of Rythmo Art Gallery) is completely based on
below principles in order to ensure the security of password as well as the system and
information.
A password should be lengthy.
Always, a password should have at least 8 different characters. Passwords,
which consist of less than 8 characters, are easy to crack or guess using John
the ripper tool or any other kind of password cracking tool. By increasing the
characters and character combinations of a password, users can reduce the
possibility of someone cracking their password. Even though 8 characters are
safer, 15 characters are recommended in order to increase the security of a
password further more.
A password should be unique and strange.
Passwords should be as strange as possible to others. It should not consist of
User ID, User name, nick name, birthday or your phone number. People, who are
familiar with you, can easily get these data and use it to break or guess your
25. W.A Neranjan Viduranga COL/A-069224 pg. 31
password. Always should use unique and strange combinations without using
any common phrases which are easy to guess.
A password should be complex.
Always, a password should be complex enough that others cannot guess or
crack it. This is the principle behind the use of uppercases, lowercases, digits and
symbols as a combination. Passwords with pure numbers or letters can be easily
cracked or guesses. So users should always use at least 3 of those different
varieties of characters to construct their passwords. It turns the password in to a
complex password while increasing the security of it.
Two passwords should not be similar.
When using a digital media, internet or a computer, users required to have
multiple accounts with multiple passwords. So, it’s easy to use the same
password throughout different accounts and platforms. But, it is not a good
practice. This principle shows that, the use of same password can compromise
your security easily. If someone finds your password, he/she can get access to all
of your sensitive data quite easily. But if you use different passwords for different
accounts and applications, no one can steal all of your data easily.
A password should be changed regularly.
This is one of the most important principles behind password policies. A good
password should be changed regularly. Even though your password is strong and
hard to crack, that doesn’t mean it couldn’t be cracked. Strength of a password is
slowly decreasing as long as it’s used. To increase your security, passwords
should be changed at least once per three months (90 days).
A system or application should not remember your password.
Almost all of the modern day applications, websites and systems provide a option
called “Remember me”. This option store your user name and password in order
to provide speed login for their users. Most of the users are willing to use this
option due to its convenience. But this practice is very dangerous. Hackers and
outsiders can easily see those passwords as long as they have related viewing
softwares.
[Asunsoft.com. 2019.]
26. W.A Neranjan Viduranga COL/A-069224 pg. 32
Conclusion
By doing this course work, learner has learnt to use “Kali Linux” operating system as well
as “John the Ripper tool”. Also, this course work helped the learner to get a deep
understanding of how password cracking works and how to construct stronger
passwords in order to ensure the security of a password and information.
The first part (Activity 01) of this course work encouraged the learner to do self-studies
about “Kali Linux” and “John the Ripper” tool and helped to do practical work using
“Single crack” mode of John the ripper tool. It showed the strength of different kinds of
passwords and different combinations that can increase or compromise the security of a
password.
The second part (Activity 02) of this course work allowed the learner to explore the
technical side of John the ripper tool. By doing research, the learner had been able to
gain knowledge about different cracking modes of John the ripper tool and their uses.
Also, in ths part, learner had to create a professional password policy for an
organization. By doing that the learner gained the knowledge to create professional
paper works and policies.
Overall, learner had been able to gain new knowledge about password cracking,
password construction, identify weak or strong passwords and organizational password
policies. This new knowledge will be helpful for the learner in his future education and
work life.
27. W.A Neranjan Viduranga COL/A-069224 pg. 33
References
1] Thornsby, J., 2020. Chmod 777: What Does It Really Mean? - Make Tech Easier. [online]
Make Tech Easier. Available at: <https://www.maketecheasier.com/file-permissions-what-does-
chmod-777-means/> [Accessed 17 December 2020].
2] Sharma, A., 2020. John The Ripper Explained: An Essential Password Cracker For Your
Hacker Toolkit. [online] CSO Online. Available at:
<https://www.csoonline.com/article/3564153/john-the-ripper-explained-an-essential-password-
cracker-for-your-hacker-toolkit.html> [Accessed 16 December 2020].
3] Openwall.com. 2013. John The Ripper - Cracking Modes. [online] Available at:
<https://www.openwall.com/john/doc/MODES.shtml> [Accessed 16 December 2020].
4] Clarke, M., 2015. John The Ripper - External Mode - Recover Partially Remembered Password
| Jumping Bean - We Build, We Support, We Train. [online] Jumpingbean.co.za. Available at:
<https://www.jumpingbean.co.za/blogs/mark/john-the-ripper-partially-remembered-
password#:~:text=External%20mode%20allows%20one%20to%20write%20rules%20for%20gene
rating%20password%20guesses.> [Accessed 17 December 2020].
5] Asunsoft.com. 2019. Ten Principles To Set A Secure Computer Password. [online] Available at:
<https://www.asunsoft.com/password-management-and-protection/ten-principles-to-set-a-secure-
computer-password.html> [Accessed 20 December 2020].