ncompass live: password management & security

Jezmynne Dene Portneuf District Library

jezmynne.dene@portneuflibrary.org

Password Security & Management

Jezmynne Dene, MLIS

Portneuf District Library

Chubbuck, Idaho

Why Be Worried?

• Hacks happen. To everyone.

Who Hacks?

• Overseas syndicates

• Bored kids

General Security Tips

• It’s gonna happen – not a matter of “if” but “when”

• Bad guys chase the path of least resistance

–Make it just difficult enough to make it not worth their time

• Update and patch everything

– Especially Flash and Java

• Remove what you don’t use

• Change your passwords frequently

• Redundant backups

– Local hard drives

–Remote service, like Carbonite or similar

• Be careful with remote wipe options

–Hackers can wipe out all your stuff if they access your devices remotely

Social Engineering

• By far the easiest way to hack

• Using your info against you

• A good guess will get a hacker into your stuff

Social Engineering

• Use false personal data for security questions

• Guard your data on websites and social networking

Social Engineering

• Daisy chaining accounts

–Avoid having everything point to one email account for resets

• Usernames across services

–Vary usernames for important accounts, like banking or credit cards

2 Factor ID

• Uses your login and something you have on you, like your phone, a biometric, a smart card, or a USB device

Good Passwords

• “Sorry, but your password must contain an uppercase letter, a number, a punctuation mark, a gang sign, an extinct mammal and a hieroglyph” -- @StephBWright

Good Passwords

• At least eight characters long

• Combination of numbers & letters

Good Passwords

• Contains special characters

Good Passwords

• No names

Good Passwords

• No words found in the dictionary

Good Passwords

• Avoid common styles

–Replacing numbers for vowels

–Capitalizing the first letter

–Putting a special character at the end

• If you’ve thought of a pattern, someone else has, too.

Good Passwords

• Long Passwords

–A five letter password has 10 billion combinations and can be brute force cracked in five seconds

• 9 letters can’t be brute forced, but they’re vulnerable to rainbow tables

Good Passwords

• Change them often. More often than you’d think.

– Set a calendar reminder

–Change one every day when it’s time to change

Good Passwords

• Combination of numbers & letters

• Contains special characters

• No names

• No words found in the dictionary

• Never reused by other sites

Good Passwords

• NEVER REUSED BY OTHER SITES.

• NEVER REUSED BY OTHER SITES. !!!!!!!!

• !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

That’s eleventy billion different passwords I have to remember!!!!

Password Managers

• Software that manages multiple passwords

• Encrypted and secure

• Passwords are always with you

• Can auto log into websites

• Many work with tablets and mobile devices

• Keeps a record of accounts

Password Managers

• How do they work?

– Secured data file, usually on your device or computer

– Some are web based

– Some require a token

Password Managers

• Pros

–Creates & manages complex and unique passwords

–Only one password to remember

–Bypasses keylogging software

–Helps against phishing, because it’ll spot fake URLs

Password Managers

• Cons

– If someone gets your one password, all is lost.

– If you don’t have your key or app, you’ll have to reset your password to get into your accounts.

Password Managers

• Good for you, and good for your library

Password Management Security

• Specify logins by country

• Disallow Tor network logins

• Track logins and shares

• Drill down master password prompts

– Every login? Every change? You decide

Other Features

• Support for multiple profiles

• Supports multiple identities

–Work, personal, school

• Saves credit card information

• Saves bank information

• Last Pass offers credit monitoring

Other Password Managers

• RoboForm

• Iron Key Personal

• Splash ID

• Dashline

• Msecure (Security Everywhere)

• KeePass

• Direct Pass

• Norton Identity Safe

• MyLok+

KeePass Roboform

1 Password SplashID

Business Solutions

• Some offer business options perfect for libraries

• Last Pass - $24 per employee per year

To Sum:

• General Security

–Make it hard enough to make it not worth their time

–Remove apps/programs and kill accounts you don’t use

–Change your passwords frequently

To Sum:

• General Security

–Run your updates and patches

–Redundant back ups

–Be cautious and don’t leave your stuff lying around, physical or digital

To Sum:

• Social engineering

–Use fake personal data

–Vary usernames

–Don’t link everything to one email address

–Be very mindful of sharing your personal data

To Sum:

• 2 factor ID

– Turn it on if it’s an option, and it’s a high target site like Facebook , Twitter, or Gmail

To Sum:

• Good passwords

–Numbers, letters, and caps

– Special characters

–Make ‘em long

–Change ‘em often

–NEVER REUSE THEM. EVER.

To Sum:

• Try password managing tools

–Decide which meets your personal and library needs

–Ask how they maintain security of your data

–Use trials to get the best fit

Be Safe Out There!

Thank you!

Jezmynne Dene, MLIS

Portneuf District Library

Chubbuck, Idaho

Jezmynne.dene@portneuflibrary.org

ncompass live: password management & security

Education

ncompass live: library in a dash

ncompass live: libraries they are a changin

ncompass live: healthy kids resources

ncompass live: university of nebraska in your neighborhood

ncompass live: technology classes at your library

ncompass live: coding corner @ your library

ncompass live: the best of ala 2010

ncompass live: internships: cultivating nebraska's future...

ncompass live: how to get buy-in

ncompass live: pokemon go @ your library

ncompass live: technology in libraries: what's next?

ncompass live: css: a brief introduction

ncompass live: customer service means convenience

ncompass live: conducting surveys ii: data collection

ncompass live: rda: are we there yet?

ncompass live: planning for successfull internships

ncompass live: e-rate 101: the basics

ncompass live: accessing courts through e-government

ncompass live: reader of the week

ncompass live: health information for your community