Passwords

by The UTHSC Information Security Team

Before we begin…

Google Yourself!

Think Like a Hacker

Ask Yourself…

What information would a hacker need to get into any of your financial, professional, and/or personal online accounts?

Banking and Business services

How many passwords do you have?

Personal Emails

Social media and news

Work related accounts

Password 101

A secret word or phrase that must be used to gain admission to something.

A string of characters that allows access to a computer, interface, or system.

Why do I need a secure password?

Passwords are the key to your digital life.

Passwords secure vital information such as: Date of Birth

Address

Mother’s Maiden Name

Bank details

Social Security Number(s)

Other financial information

Your Entire Identity

How to create a secure password

Use a mixture of the following

CAPITAL and lower cAsE

M1xture 0f l3tt3r5 numb3r$ & $ymb0|$

Do not use your children's names, pets’ names, dates of birth, your address, grandkids names, parents names, etc. Refrain from using any names, including names of past schools/institutions you attended, organizations you have worked for, and names of town/cities/states.

What is a passphrase?

A passphrase is a sequence of words or other text used to control access to a computer system, program or data.

A passphrase is similar to a password in usage, but is generally longer for added security.

Basically, passphrases are combination of random words or sentences.

How to Create a Passphrase

Method #1 Create a sentence that you can remember.

My favorite drink is lemonade 1987!

Method #2 I want a peanut butter and jelly sandwich every Tuesday for the month.

IwaPB&Jet4tm

Use the site name to increase your security of passphrase

Youtube – Myfavoritydrinkislemonade1987!Yt

Twitter – Myfavoritydrinkislemonade1987!Tr

Facebook – Myfavoritedrinkislemonade1987!Fb

Password Hierarchy

1. Banking (These passwords should be their own and not used on sites with lower security)

2. Work and/or Employment Organization (This password should be exclusive to your work logins. Do not use this password elsewhere.)

3.Business (Amazon, iTunes, Netflix, Hulu, Etsy, Apple Pay, Groupon)

4. Email (Used to reset and control all other usernames and passwords. This password should not be used anywhere else.)

5. Social & Entertainment (Facebook, Twitter, Youtube, Internet forums)

Secure Password Tips

Dictionary passwords are easy to crack. Do not use them.

Do not write your password down and stick it to your computer, monitor, under your keyboard.

Use a Mnemonic or a sequential pattern to remember your passwords

So many passwords, so little time…What’s the solution?

Password managers Are great to keep track of passwords

Should be encrypted

Uses a master password to keep your other passwords

Should have a cloud backup

Better than writing them in a “password book” (Never a good option)

Managing Passwords/Passphrases

A password manager is a software application that helps a user store and organize passwords.

Password managers usually store passwords encrypted, requiring the user to create a master password;

a single, ideally very strong password which grants the user access to their entire password database.

Advantages

Password management tools are really good solutions for reducing the likelihood that passwords will be compromised

No more easily lost scraps of paper!

Online or Cloud-based

Access your data from any computer, 24/7

No downloading software

Many password managers to try and choose what best fits your needs

Disadvantages

Because any computer or system is vulnerable to attack, relying on a password management tool creates a single point of potential failure.

If you forget the master password, all your other passwords in the database are lost forever, and there is no way of recovering them. Don’t forget the master password!

Most Common “Password Manager”

Choosing Password Managers

Users must be extra careful in choosing a provider.

Make sure they're a valid and reputable vendor.

TRIAL!!! Try recommended managers.

Recommended Password Managers

Dashlane (f) – keeps your passwords for you. Will go out and change your passwords on your request. It will autofill passwords on sites for you. https://www.dashlane.com

Keeper (p)– keeps your passwords and digital files for you. Encrypted and offers a cloud backup. https://keepersecurity.com/

PasswordBox (f) - keeps your passwords. Offers a digital heir feature if something were to happen to you your information would be obtainable by someone else. https://www.passwordbox.com

Last Pass (f/p) – allows you to save, organize, and access your login data. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. www.lastpass.com

Password Generator

A random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.

LAST RESORT if you cannot create a good, strong password.

Are great for those that need a password to use only once or twice.

Similar to password management but they are hard to guess when you don’t have access to your password manager.

Not heavily recommended for the normal computer user

Summary

Never write your passwords down.

Never insert and save them on an unencrypted Microsoft word document, excel spreadsheet, or any other electronic documents, including Smartphone notepads.

Easy to remember Passphrases or sentences are your best bet when creating a strong, secure password.

Always use two-factor authentication when it is provided, especially with your financial and personal or smartphone app accounts.

Are you considering a password manager and generator? Try them all out and choose which manager best suits your needs.

Still unable to create a strong password or passphrase, use a password generator as your last resort.

Lastly, when in doubt, contact your UTHSC Information Security Team or your UTHSC Helpdesk!

Fun Fact: Most Used Passwords of 2014

• 123456 • password • 12345• 12345678• qwerty• 123456789• 1234 (Up 9)• baseball

• dragon • football• 1234567 • monkey • letmein• abc123• 111111 • mustang

• access • shadow• master• michael • superman • 696969• 123123 • batman • trustno1

Condliffe, Jamie. "The 25 Most Popular Passwords of 2014: We're All Doomed." Gizmodo. N.p., 20 Jan. 2015. Web. 20 Apr. 2015.

THANKS!!!!

UTHSC Information Security Team

L. Kevin Watson

lwatso20@uthsc.edu

(901) 448-7010

Frank Davison

fdavison@uthsc.edu

(901) 448-1260

Jessica McMorris

jmcmorr1@uthsc.edu

(901) 448-1579

Ammar Ammar

aammar@uthsc.edu

(901) 448-2163

• Information Security Email: itsecurity@uthsc.edu

• Website: security.uthsc.edu

• To report phishing and spam email forward it to abuse@uthsc.edu

• UTHSC Help Desk: (901) 448-2222 ext. 1 or helpdesk@uthsc.edu