making good passwords (and how to keep them safe)
TRANSCRIPT
- Slide 1
- MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE)
- Slide 2
- Slide 3
- BUT PASSWORD MANAGEMENT IS HARD
- Slide 4
- WHY CANT WE USE EASY PASSWORDS?
- Slide 5
- THIS IS A GRAPHICS CARD Its cheap and good at playing video games. About every teenager has access to one. Its also very good at hacking your password.
- Slide 6
- A $1000 computer can process 3.3 billion passwords per second a professional can make thousands of dollars a day selling your information on the black market. (PCPro.com)
- Slide 7
- Dictionary Attacks: GoBuffs! a couple minutes P@$$w0rd1 a couple hours Brute Force: fjR8n in 24 seconds %fjR8nQNUc5GPj9 would take over ten years *Extra credit: 15 characters or more forces windows to store passwords differently which breaks certain attacks. ITS JUST A MATTER OF TIME
- Slide 8
- Slide 9
- HACKING IS BIG BUSINESS 2011 = 12.5 billion in reported losses Some estimates put that number closer to 10 times as much. www.hotforsecurity.com
- Slide 10
- HOW DO HACKERS GET YOUR PASSWORD? Physical access to your office or computer Social Engineering/Phishing (asking nicely) Hacking commonly used sites Malware Infections Network based attacks
- Slide 11
- LOSING YOUR PASSWORDS SINCE 1978
- Slide 12
- Slide 13
- Slide 14
- Slide 15
- Slide 16
- SECURING YOUR PASSWORD DOESNT MEAN USING TAPE
- Slide 17
- Under Keyboard In a Rolodex Top desk drawer Under desk calendar In the planter Wallet/Purse/Gym Bag
- Slide 18
- NOW THAT YOU KNOW WHERE PEOPLE HIDE THEIR PASSWORDS
- Slide 19
- DONT DO IT
- Slide 20
- SURE, LONG PASSWORDS ARE SECURE BUT I CANT REMEMBER THEM.
- Slide 21
- MAKING MEMORABLE PASSWORD REQUIRES THOUGHT
- Slide 22
- ABBREVIATE I like taking the bus, but I ended up 20 minutes late! Becomes: Ilttb,bIeu20ml! (15 characters)
- Slide 23
- LETTER SUBSTITUTION Create a long word or phrase: I Like To Eat Tacos Remove spaces: ILikeToEatTacos Replace letters with symbols: IL!k3T0e@tT@c0$
- Slide 24
- A FEW SUBSTITUTION SUGGESTIONS LetterBecomes A@ E3 S$ I! O0 K|< C(
- Slide 25
- Take two words: Bot & Kneecap Scramble a few letters: Bocat_&_Kneep Add Complexity: 54 Bocat_&_Kne54ep WORD JUMBLE
- Slide 26
- KEYBOARD PATTERNS Use the Shift Key to Add Complexity Becomes: 5^YghjkmnbVCX Use with caution, easy ones are in dictionary attacks!
- Slide 27
- OK, SO IVE GOT A GREAT PASSWORD, ILL JUST KEEP USING THAT ONE RIGHT?
- Slide 28
- REUSED PASSWORDS ARE DANGEROUS
- Slide 29
- Slide 30
- LINKEDIN LOST 6.4 MILLION USERS PASSWORDS Hackers can use those passwords to commit identity fraud including: Hack into corporate accounts Break into bank accounts Spam email accounts Gather more info for offline use (Credit Cards) LinkedIn is now facing $5 million class action lawsuit due to the loss.
- Slide 31
- PRO TIP: MAKING PASSWORDS UNIQUE TO EACH SITE Have a secure base password: 5^YghjkbVCX Select two letters from the site or program: usbank.com (2nd & 4th in this case) Add those letters to your password: 5^YghjsakbVCX
- Slide 32
- WAIT A MINUTE THIS SITE WANTS ME TO CHANGE IT NOW Todays Date: 1/11/13 Pick a couple characters of the date: 11 Shift the numbers (+3 in this case): 44 Add those numbers to your password 5^Yghjsak becomes 5^Yghjsak44 Write down when you last change the password
- Slide 33
- INSTANT, UNIQUE AND SECURE PASSWORDS FOR ALL USES
- Slide 34
- A FEW TOOLS TO HELP
- Slide 35
- PASSWORD GENERATORS Many free ones, but be careful! We suggest changing the results before using them. http://www.pctools.com/guid es/password/
- Slide 36
- PASSWORD MANAGERS
- Slide 37
- TWO FACTOR AUTHENTICATION
- Slide 38
- QUESTIONS? Joe Kuster IT Projects Manager [email protected]
- Slide 39
- IDENTIKEY Your username is the Identikey assigned to you by the University. Keep private Commit to memory Do not use Username or Password for any other purpose!
- Slide 40
- HR IDENTIKEY REQUIREMENTS 15 characters or longer Avoid repeating characters No words that can be found in a dictionary (in any language) Not be easily guessable (e.g., your birthday, age, anniversary) All four character sets: capital, lowercase, numerical and symbol (e.g., A,a,1,!)