passwords, passwords and more passwords

Tips and Tricks September 2017

David Shinkfield

Computer Learning Center at Ewing

September 2017

ProgramWhy we need better passwords

Ways to create better passwords

Using a Password Manager

The Threats to Internet Security Every second, 8 new users are joining the internet

Every year, 2 billion records lost or stolen

Every day,

250,000 new pieces of malware

30,000 new infected web sites. 80% for small businesses

Where is all this coming from

80% from organized and ultra sophisticated international gangs

One of the largest illegal economies in the World - $445 billion – larger than the GDP of 160 nations

James Lyne and Caleb Barlow

What Protection do we have?

Passwords•We need strong passwords•We need different

passwords for each site we visit

A Great TED Talk

James Lyne: Everyday cybercrime --and what you can do about it

https://youtu.be/fSErHToV8IU

The 25 most common passwords in 2016 123456

123456789

qwerty

12345678

111111

1234567890

1234567

password

123123

987654321

qwertyuiop

mynoob

123321

666666

18atcskd2w

7777777

1q2w3e4r

654321

555555

3rjs1la7q

google

1q2w3e4r5t

123qwe

zxcvbnm

1q2w3e

NIST Recommendations The National Institute of Standards and Technology is

about to make all of our lives much easier. The organization recently revised its guidelines for creating passwords, and the new advice sharply diverges from previous rules.

NIST suggests keeping passwords simple, long and memorable. Phrases, lowercase letters and typical English words work well. If you can picture it in your head, and no one else could, that's a good password.

Changing passwords every 90 days unnecessary

NIST Recommendations

correcthorsebatterystaple

An Alternative ApproachCreate a phrase in your head, that no one else can, that's a good password.

Eg.

I am an Eagles fan, and I go to all the games

IaaEf,aIgtatg

Creating a (Bad)Password

Creating a (Bad) Password

Creating a (Good) Password

How to Pick a Password Don't re-use passwords. One ultra-secure one won't be

any good if someone finds it

While combining upper and lower case passwords with numbers to alter a memorable word is often advised, these are more easily cracked than you might think

Good advice is to make a long but memorable "passphrase". String a few words together that you can remember with a visual. "puffineatingbanana" is easy to remember but would take millions of years for a computer to crack

How to Pick a Password Alternatively, you can use a password manager such as

LastPass or KeePass, which can generate secure passwords and store them online

The best way to protect yourself is to use two-factor authentication, which will send a text with a code or use an app to verify your log-in

What is Last Pass and KeePassThe password manager lives in your browser and acts a digital gatekeeper, filling in your login info when you need to get on a certain site. You just have to remember one (very secure!) master password for the manager itself, and everything else is taken care of for you.

KeePass

Installing LastPass - Chrome

LastPass

LastPass-Where are my passwords now?Your Passwords are in your browser

Your Passwords are stored in a file on your computer or in the Cloud

You’ve written down your passwords in a notebook

LastPass – How to get Passwords into LastPass Import /Export. This is the easiest way by far to get

started

As you Browse. Just go about your business normally, and when you get the chance to enter a password online, your manager will pop up and ask if you want to save it. However: if you’re perma-logged in to lots of accounts, you’ll need to log out and log back in to upload your passwords this way.

Enter Manually. Each password manager has a clear way to enter new credentials. Get copying.

clcewing.org