password security & management

Jezmynne Dene Portneuf District Library

[email protected]

Password Security & Management

Jezmynne Dene, MLIS

Portneuf District Library

Chubbuck, Idaho

[email protected]


[email protected]

Why Be Worried?

• Hacks happen. To everyone.


[email protected]

Who Hacks?

• Overseas syndicates

• Bored kids


[email protected]

General Security Tips

• It’s gonna happen – not a matter of “if” but “when”

• Bad guys chase the path of least resistance

–Make it just difficult enough to make it not worth their time


[email protected]


• Update and patch everything

– Especially Flash and Java

• Remove what you don’t use

• Change your passwords frequently


[email protected]


• Redundant backups

– Local hard drives

–Remote service, like Carbonite or similar

• Don’t use remote wipe options

–Hackers can wipe out all your stuff if they access your devices remotely


[email protected]

Social Engineering

• By far the easiest way to hack

• Using your info against you

• A good guess will get a hacker into your stuff


[email protected]

Social Engineering

• Use false personal data for security questions

• Guard your data on websites and social networking


[email protected]

Social Engineering

• Daisy chaining accounts

–Avoid having everything point to one email account for resets

• Usernames across services

–Vary usernames for important accounts, like banking or credit cards


[email protected]

2 Factor ID

• Uses your login and something you have on you, like your phone, a biometric, a smart card, or a USB device


[email protected]

Good Passwords

• “Sorry, but your password must contain an uppercase letter, a number, a punctuation mark, a gang sign, an extinct mammal and a hieroglyph” -- @StephBWright


[email protected]

Good Passwords

• At least eight characters long

• Combination of numbers & letters


[email protected]

Good Passwords

• Contains special characters


[email protected]

Good Passwords

• No names


[email protected]

Good Passwords

• No words found in the dictionary


[email protected]

Good Passwords

• Avoid common styles

–Replacing numbers for vowels

–Capitalizing the first letter

–Putting a special character at the end

• If you’ve thought of a pattern, someone else has, too.


[email protected]

Good Passwords

• Long Passwords

–A five letter password has 10 billion combinations and can be brute force cracked in five seconds

• 9 letters can’t be brute forced, but they’re vulnerable to rainbow tables


[email protected]

Good Passwords

• Change them often. More often than you’d think.

– Set a calendar reminder

–Change one every day when it’s time to change


[email protected]

Good Passwords

• Combination of numbers & letters

• Contains special characters

• No names

• No words found in the dictionary

• Never reused by other sites


[email protected]

Good Passwords

• NEVER REUSED BY OTHER SITES.

• NEVER REUSED BY OTHER SITES. !!!!!!!!

• !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


[email protected]

That’s eleventy billion different passwords I have to remember!!!!


[email protected]

Password Managers

• Software that manages multiple passwords

• Encrypted and secure

• Passwords are always with you

• Can auto log into websites

• Many work with tablets and mobile devices

• Keeps a record of accounts


[email protected]

Password Managers

• How do they work?

– Secured data file, usually on your device or computer

– Some are web based

– Some require a token


[email protected]

Password Managers

• Pros

–Creates & manages complex and unique passwords

–Only one password to remember

–Bypasses keylogging software

–Helps against phishing, because it’ll spot fake URLs


[email protected]

Password Managers

• Cons

– If someone gets your one password, all is lost.

– If you don’t have your key or app, you’ll have to reset your password to get into your accounts.


[email protected]

Password Managers

• Good for you, and good for your library


[email protected]


[email protected]

Password Management Security

• Specify logins by country

• Disallow Tor network logins

• Track logins and shares

• Drill down master password prompts

– Every login? Every change? You decide


[email protected]

Other Features

• Support for multiple profiles

• Supports multiple identities

–Work, personal, school

• Saves credit card information

• Saves bank information

• Last Pass offers credit monitoring


[email protected]

Other Password Managers

• RoboForm

• Iron Key Personal

• Splash ID

• Dashline

• Msecure (Security Everywhere)

• KeePass

• Direct Pass

• Norton Identity Safe

• MyLok+


[email protected]

KeePass Roboform

1 Password SplashID


[email protected]

Business Solutions

• Some offer business options perfect for libraries

• Last Pass - $24 per employee per year


[email protected]

To Sum:

• General Security

–Make it hard enough to make it not worth their time

–Remove apps/programs and kill accounts you don’t use

–Change your passwords frequently


[email protected]

To Sum:

• General Security

–Run your updates and patches

–Redundant back ups

–Be cautious and don’t leave your stuff lying around, physical or digital


[email protected]

To Sum:

• Social engineering

–Use fake personal data

–Vary usernames

–Don’t link everything to one email address

–Be very mindful of sharing your personal data


[email protected]

To Sum:

• 2 factor ID

– Turn it on if it’s an option, and it’s a high target site like Facebook , Twitter, or Gmail


[email protected]

To Sum:

• Good passwords

–Numbers, letters, and caps

– Special characters

–Make ‘em long

–Change ‘em often

–NEVER REUSE THEM. EVER.


[email protected]

To Sum:

• Try password managing tools

–Decide which meets your personal and library needs

–Ask how they maintain security of your data

–Use trials to get the best fit


[email protected]

Be Safe Out There!

Thank you!

Jezmynne Dene, MLIS

Portneuf District Library

Chubbuck, Idaho

[email protected]

mailto:[email protected]

password security & management

Education