ncompass live: password management & security
DESCRIPTION
NCompass Live - March 12, 2014 http://nlc.nebraska.gov/ncompasslive/ How many passwords do you have to remember for your library? How many are for your own library accounts? How many are for the library’s databases or materials accounts? For social networking? Are these passwords secure? Safe? How many of those passwords must be shared with your coworkers? Libraries everywhere struggle with passwords every day, and security is always a concern. Attend this session to learn how to ensure your passwords are safe, secure, and easily managed. Presenter: Jezmynne Dene, Director, Portneuf District Library, Chubbuck, Idaho.TRANSCRIPT
Jezmynne Dene Portneuf District Library
Password Security & Management
Jezmynne Dene, MLIS
Portneuf District Library
Chubbuck, Idaho
Jezmynne Dene Portneuf District Library
Why Be Worried?
• Hacks happen. To everyone.
Jezmynne Dene Portneuf District Library
Who Hacks?
• Overseas syndicates
• Bored kids
Jezmynne Dene Portneuf District Library
General Security Tips
• It’s gonna happen – not a matter of “if” but “when”
• Bad guys chase the path of least resistance
–Make it just difficult enough to make it not worth their time
Jezmynne Dene Portneuf District Library
General Security Tips
• Update and patch everything
– Especially Flash and Java
• Remove what you don’t use
• Change your passwords frequently
Jezmynne Dene Portneuf District Library
General Security Tips
• Redundant backups
– Local hard drives
–Remote service, like Carbonite or similar
• Be careful with remote wipe options
–Hackers can wipe out all your stuff if they access your devices remotely
Jezmynne Dene Portneuf District Library
Social Engineering
• By far the easiest way to hack
• Using your info against you
• A good guess will get a hacker into your stuff
Jezmynne Dene Portneuf District Library
Social Engineering
• Use false personal data for security questions
• Guard your data on websites and social networking
Jezmynne Dene Portneuf District Library
Social Engineering
• Daisy chaining accounts
–Avoid having everything point to one email account for resets
• Usernames across services
–Vary usernames for important accounts, like banking or credit cards
Jezmynne Dene Portneuf District Library
2 Factor ID
• Uses your login and something you have on you, like your phone, a biometric, a smart card, or a USB device
Jezmynne Dene Portneuf District Library
Good Passwords
• “Sorry, but your password must contain an uppercase letter, a number, a punctuation mark, a gang sign, an extinct mammal and a hieroglyph” -- @StephBWright
Jezmynne Dene Portneuf District Library
Good Passwords
• At least eight characters long
• Combination of numbers & letters
Jezmynne Dene Portneuf District Library
Good Passwords
• Contains special characters
Jezmynne Dene Portneuf District Library
Good Passwords
• No words found in the dictionary
Jezmynne Dene Portneuf District Library
Good Passwords
• Avoid common styles
–Replacing numbers for vowels
–Capitalizing the first letter
–Putting a special character at the end
• If you’ve thought of a pattern, someone else has, too.
Jezmynne Dene Portneuf District Library
Good Passwords
• Long Passwords
–A five letter password has 10 billion combinations and can be brute force cracked in five seconds
• 9 letters can’t be brute forced, but they’re vulnerable to rainbow tables
Jezmynne Dene Portneuf District Library
Good Passwords
• Change them often. More often than you’d think.
– Set a calendar reminder
–Change one every day when it’s time to change
Jezmynne Dene Portneuf District Library
Good Passwords
• Combination of numbers & letters
• Contains special characters
• No names
• No words found in the dictionary
• Never reused by other sites
Jezmynne Dene Portneuf District Library
Good Passwords
• NEVER REUSED BY OTHER SITES.
• NEVER REUSED BY OTHER SITES. !!!!!!!!
• !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Jezmynne Dene Portneuf District Library
That’s eleventy billion different passwords I have to remember!!!!
Jezmynne Dene Portneuf District Library
Password Managers
• Software that manages multiple passwords
• Encrypted and secure
• Passwords are always with you
• Can auto log into websites
• Many work with tablets and mobile devices
• Keeps a record of accounts
Jezmynne Dene Portneuf District Library
Password Managers
• How do they work?
– Secured data file, usually on your device or computer
– Some are web based
– Some require a token
Jezmynne Dene Portneuf District Library
Password Managers
• Pros
–Creates & manages complex and unique passwords
–Only one password to remember
–Bypasses keylogging software
–Helps against phishing, because it’ll spot fake URLs
Jezmynne Dene Portneuf District Library
Password Managers
• Cons
– If someone gets your one password, all is lost.
– If you don’t have your key or app, you’ll have to reset your password to get into your accounts.
Jezmynne Dene Portneuf District Library
Password Managers
• Good for you, and good for your library
Jezmynne Dene Portneuf District Library
Password Management Security
• Specify logins by country
• Disallow Tor network logins
• Track logins and shares
• Drill down master password prompts
– Every login? Every change? You decide
Jezmynne Dene Portneuf District Library
Other Features
• Support for multiple profiles
• Supports multiple identities
–Work, personal, school
• Saves credit card information
• Saves bank information
• Last Pass offers credit monitoring
Jezmynne Dene Portneuf District Library
Other Password Managers
• RoboForm
• Iron Key Personal
• Splash ID
• Dashline
• Msecure (Security Everywhere)
• KeePass
• Direct Pass
• Norton Identity Safe
• MyLok+
Jezmynne Dene Portneuf District Library
Business Solutions
• Some offer business options perfect for libraries
• Last Pass - $24 per employee per year
Jezmynne Dene Portneuf District Library
To Sum:
• General Security
–Make it hard enough to make it not worth their time
–Remove apps/programs and kill accounts you don’t use
–Change your passwords frequently
Jezmynne Dene Portneuf District Library
To Sum:
• General Security
–Run your updates and patches
–Redundant back ups
–Be cautious and don’t leave your stuff lying around, physical or digital
Jezmynne Dene Portneuf District Library
To Sum:
• Social engineering
–Use fake personal data
–Vary usernames
–Don’t link everything to one email address
–Be very mindful of sharing your personal data
Jezmynne Dene Portneuf District Library
To Sum:
• 2 factor ID
– Turn it on if it’s an option, and it’s a high target site like Facebook , Twitter, or Gmail
Jezmynne Dene Portneuf District Library
To Sum:
• Good passwords
–Numbers, letters, and caps
– Special characters
–Make ‘em long
–Change ‘em often
–NEVER REUSE THEM. EVER.
Jezmynne Dene Portneuf District Library
To Sum:
• Try password managing tools
–Decide which meets your personal and library needs
–Ask how they maintain security of your data
–Use trials to get the best fit
Jezmynne Dene Portneuf District Library
Be Safe Out There!
Thank you!
Jezmynne Dene, MLIS
Portneuf District Library
Chubbuck, Idaho