password management: creating and managing passwords to be as secure as possible

Download PASSWORD MANAGEMENT: Creating and managing passwords to be as secure as possible

Post on 14-Dec-2015

214 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Slide 1

PASSWORD MANAGEMENT: Creating and managing passwords to be as secure as possible Slide 2 1.The scale of consumer cyber crime 2.What is a password and facts about password security and its importance 3.Tiered password system - review and categorize your existing passwords 4.Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password 5.Password management techniques 6.Additional tips to secure your identity TABLE OF CONTENTS Slide 3 Slide 4 Slide 5 1.The scale of consumer cyber crime 2.What is a password and facts about password security and its importance 3.Tiered password system - review and categorize your existing passwords 4.Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password 5.Password management techniques 6.Additional tips to secure your identity TABLE OF CONTENTS Slide 6 A password is a string of characters that gives you access to a computer or an online account. WHATS A PASSWORD? Slide 7 Password cracking is the process of breaking passwords in order to gain unauthorized access to a computer or account. Guessing: Method of gaining access to an account by attempting to authenticate using computers, dictionaries, or large word lists. Brute force uses every possible combination of characters to retrieve a password Dictionary attack uses every word in a dictionary of common words to identify the password Social Engineering/Phishing: Deceiving users into revealing their username and password. (easier than technical hacking) Usually by pretending to be an IT help desk agent or a legitimate organization such as a bank. DO NOT EVER SHARE YOUR PASSWORDS, sensitive data, or confidential banking details on sites accessed through links in emails. COMMON THREATS AGAINST YOUR PASSWORD Slide 8 1.The scale of consumer cyber crime 2.What is a password and facts about password security and its importance 3.Tiered password system - review and categorize your existing passwords 4.Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password 5.Password management techniques 6.Additional tips to secure your identity TABLE OF CONTENTS Slide 9 Banking and Business services HOW MANY PASSWORDS DO YOU HAVE? Personal Emails Social media & news Work related accounts Slide 10 DONT FORGET YOUR COMPUTER AND PHONE LOGINS! Slide 11 Tiered password systems involve having different levels of passwords for different types of websites, where the complexity of the password depends on what the consequences would be if that password is compromised/obtained. Low security: for signing up for a forum, newsletter, or downloading a trial version for a certain program. Medium security: for social networking sites, webmail and instant messaging services. High security: for anything where your personal finance is involved such as banking and credit card accounts. If these are compromised it could drastically and adversely affect your life. This may also include your computer login credentials. Keep in mind that this categorization should be based on how critical each type of website is to you. What goes in which category will vary from person to person. TIERED PASSWORD SYSTEMS Slide 12 1.Categorize your passwords into 3 categories: high, medium, or low. Categorization should be based on how critical each type of website is to you. Take 5 minutes to categorize some of your online accounts. 2.Your high security passwords are the most important. Keep in mind: You should change any password that is weak. If you have used any of your passwords for more than 1 site, you should change. HANDS-ON PART 1: REVIEW AND CATEGORIZE YOUR PASSWORDS Slide 13 1.The scale of consumer cyber crime 2.What is a password and facts about password security and its importance 3.Tiered password system - review and categorize your existing passwords 4.Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password 5.Password management techniques 6.Additional tips to secure your identity TABLE OF CONTENTS Slide 14 COMMON MISTAKES IN CREATING PASSWORDS Slide 15 RISK EVALUATION OF COMMON MISTAKES MistakeExampleRisk Evaluation Using a Common Password. 123456789 password qwerty Too risky. These are most criminals first guesses, so dont use them. Using a Password that is based on personal data Gladiator Bobby Jenny Scruffy Too risky: anyone who knows you can easily guess this information. Basing a password on your social security number, nicknames, family members names, the names of your favorite books or movies or football team are all bad ideas. Using a Short Password John12 Jim2345 The shorter a password, the more opportunities for observing, guessing, and cracking it. Using the same password everywhere. Using one password on every site or online service. Too risky: its a single point of failure. If this password is compromised, or someone finds it, the rest of your accounts including your sensitive information are at risk. Writing your passwords down. Writing your password down on a postit note stuck to your monitor. Very high risk, especially in corporate environments. Anyone who physically gets the piece of paper or sticky note that contains your password can log into your account. Slide 16 Slide 17 Strong passwords: are a minimum of 8 characters in length, its highly recommended that its 12 characters or more contain special characters such as @#$%^& and/or numbers. use a variation of upper and lower case letters. WHAT MAKES A PASSWORD SAFE? Slide 18 It must not contain easily guessed information such your birth date, phone number, spouses name, pets name, kids name, login name, etc. It shouldnt contain words found in the dictionary. WHAT MAKES A PASSWORD SAFE? (CONT.) Slide 19 Slide 20 Treat your password like your toothbrush. Dont let anybody else use it, and get a new one every six months. ~ Clifford StollClifford Stoll The stronger your password, the more protected your account or computer is from being compromised or hacked. You should make sure you have a unique and strong password for each of your accounts. HOW TO MAKE A STRONG PASSWORD Slide 21 1.Pick up a familiar phrase or quote, for example, May the force be with you and then abbreviate it by taking the first letter of each word, so it becomes mtfbwy 2.Add some special characters on either sides of the word to make it extra strong (like #mtfbwy!) 3.And then associate it with the website by adding a few characters from the website name into the original password as either a suffix or prefix. So the new password for Amazon could become #mtfbwy!AmZ, #mtfbwy!FbK for Facebook and so on. *While this technique lets us reuse the phrase-generated part of the password on a number of different websites, it would still be a bad idea to use it on a site like a bank account which contains high-value information. Sites like that deserve their own password selection phrase. MOZILLAS SAFE PASSWORD METHODOLOGY Slide 22 While generating a password you should follow two rules; Length and Complexity. Lets start by using the following sentence: May the force be with you. Lets turn this phrase into a password. 1.Take the first letter from each word: Mtfbwy. 2.Now increase its strength by adding symbols and numbers: !20Mtfbwy13! The 20 and 13 refer to the year, 2013. Secondly, I put a ! symbol on each end of the password Try using the name of your online account in the password !20Mtfbwy13!Gmail (for gmail) fb!20Mtfbwy13! (for Facebook) Thats one password developing strategy. Lets keep adding complexity, while also attempting to keep things possible to memorize. *you actually should not use a should not be a common phrase. USING A PASSPHRASE TO WRITE A SECURE PASSWORD Slide 23 Password Haystack is a methodology of making your password extremely difficult to brute force by padding the password with a pattern like (//////) before or/and after your password. HAYSTACKING YOUR PASSWORD: A SIMPLE AND POWERFUL WAY OF SECURING YOUR PASSWORD Heres how it works: 1.Come up with a password, but try to make it as a mix of uppercase and lowercase letters, numbers and symbols 2.Come up with a pattern/scheme you can remember, such as the first letter of each word from an excerpt of your favorite song or a set of symbols like (../////) 3.Use this pattern and repeat using it several times (padding your password) Lets have an example of this: Password: !20Mtfbwy13! By applying this approach, the password becomes a Haystacked Password: ../////!20Mtfbwy13!..///// Slide 24 Use these tools to test the strength of a password. As a precaution, you probably shouldnt use these services to test your actual password. Instead, simply use it to learn what works and what doesnt work. Just play with the strength checkers by constructing fake passwords and testing them. http://rumkin.com/tools/password/passchk.php http://rumkin.com/tools/password/passchk.php https://www.microsoft.com/security/pc-security/password- checker.aspx https://www.microsoft.com/security/pc-security/password- checker.aspx http://www.grc.com/haystack.htm http://www.grc.com/haystack.htm http://howsecureismypassword.net/ http://howsecureismypassword.net/ HANDS-ON PART 2: TESTING YOUR PASSWORDS Slide 25 1.The scale of consumer cyber crime 2.What is a password and facts about password security and its importance 3.Tiered password system - review and categorize your existing passwords 4.Writing secure passwords Characteristic of strong and weak passwords Tips and techniques Testing the strength of a password 5.Password management techniques 6.Additional tips to secure your identity TABLE OF CONTENTS Slide 26 PASSWORD OVERLOAD: HOW CAN ANYONE REMEMBER THEM ALL? Many people use a few passwords for all of their major accounts. The average

Recommended

View more >