Strong Passwords How to make your passwords work for you…. Linda A. LeBlanc IT Security Support IS&T.

Download Strong Passwords How to make your passwords work for you…. Linda A. LeBlanc IT Security Support IS&T.

Post on 24-Dec-2015

213 views

Category:

Documents

1 download

TRANSCRIPT

  • Slide 1
  • Strong Passwords How to make your passwords work for you. Linda A. LeBlanc IT Security Support IS&T
  • Slide 2
  • Once upon a time.
  • Slide 3
  • The (old) Dos & Donts of Passwords DO! Pick a password you can remember! Make it REALLY hard to guess. Use upper and lower characters DONT! Write your password down ANYWHERE! Make them similar to each other. Use klingon or Elvish (Elven?)
  • Slide 4
  • Lets be realistic How many passwords do you have? Dont forget your ATM, Insurance Phone Tree, your Bank Account Test question How are we supposed to remember them ALL???
  • Slide 5
  • We know you write them down.somewhere. Underneath your keyboard? In your top desk drawer? On your monitor?(Please say its on the back at least!) The little notebook marked PASSWORDS? The sheet of paper folded and sticking out of the dictionary above your head?
  • Slide 6
  • The Dilemma: Im supposed to remember but its not supposed to be a word in any language & its supposed to be hard to guess. If I forget it, theres no way to recover it because I cant write it down. My dogs (cats)name isnt a word, and has upper and lower case characters.
  • Slide 7
  • New, more realistic rules Use letters, numbers, special characters (upper and lower case). If you must write them down, separate the password from the account name, and keep them somewhere secure. Similarity and composition are not the same. (brainiac23 & brainiac12 are similar; fre:sZib61 and glii:tZul72 are composed in the same way)
  • Slide 8
  • Risk Assessment & Reality You have to decide for yourself what level of risk you are willing to assume when choosing how to secure your passwords.
  • Slide 9
  • Were always scheming Develop password generation methods that work for you, and are easy to replicate. Number/letter substitutions, nonsense sounds Passphrases and acronyms Group by account type. (whats good for mail, might not be sufficient for the IRA)
  • Slide 10
  • Exhibit A: My Father
  • Slide 11
  • One Password, Many Places Insecure accounts sharing a password with sensitive data accounts. One FIVE letter word.
  • Slide 12
  • A new method The Book of Psalms Chapter and Verse Preserve Case, Punctuation Annotate account w/matching chapter verse pair.
  • Slide 13
  • Exhibit B: My Bohemian Sister
  • Slide 14
  • w0rDz not words! Use nonsense sounds that are pronounceable. Build a word with all the requirements Substitute a number for a vowel Use the number combination for the vowels to identify the password.
  • Slide 15
  • More Ideas: Your favorite formulas? Chemical compounds? (EtOH is a little too simple) What else?
  • Slide 16
  • Last Writes Establish a password generation method for yourself. Find a place to keep your passwords and keep them secure. Never reuse passwords EVER. Build a fresh one.
  • Slide 17
  • T he End (of passwords as we know them?)
  • Slide 18
  • More information and handouts are available from ITSS Email: leblancl@mit.edu

Recommended

View more >