two-factor authentication & tools for password management august 29, 2014 pang chamreth, it...
TRANSCRIPT
Two-Factor Authentication & Tools for Password Management
August 29, 2014
Pang Chamreth, IT Development Innovations
1
Objectives
• Understand what is two-factor authentication• Define how to enable two-factor authentication for• Understand how to setup step by step • Understand most common worst password• Know how to securing your password• Understand what is password management
Pang Chamreth, IT Development Innovations
2
What is Two-Factor Authentications
• Two-factor authentication adds a second level of authentication to an account log-in.
• Two-factor authentication is used to increase security by requiring:
“Something you know”
AND “Something you have”
Pang Chamreth, IT Development Innovations
3
How to enable two factor authentications for:
• LinkedIn • Twitter • Microsoft • Apple • Google• Yahoo• Dropbox
Pang Chamreth, IT Development Innovations
4
Benefits of Two-Factor Authentications
• Stronger security• When logging in to your account, after typing in your
username and password, a second password sent to you via text.
• If a hacker gets your username and password they still won’t be able to get in to your account.
Pang Chamreth, IT Development Innovations
5
How two-factor authentication can help
•Can recovery your email’s password•Can protect your account from hacker•Easy to used with 1st password & 2nd mobile•See the practice to use 2-step verification on your google account
Pang Chamreth, IT Development Innovations
7
Practices to used two- factor authentication
Practices to used two- factor authentication with google account.
Set up 2- Step VerificationsPang Chamreth, IT Development Innovations
8
2-step verification
Help to prevent hacker that try to use your account when they know your username and password.
For best practices we will set up 2-Step Verification in Gmail account.
Pang Chamreth, IT Development Innovations
9
Why you should use 2-Step Verification
2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen.
To break into an account with 2-Step Verification, hacker would not only have to know your username and password, they'd also have to get a hold of your phone.
Pang Chamreth, IT Development Innovations
10
How it work
• Enter your password• Enter a code from your phone• Keep it simple
Pang Chamreth, IT Development Innovations
11
Set up 2-Step Verification
Sign in to your Google Account settings page by clicking on your name or picture in the upper right corner of the screen and then clicking Account.
Pang Chamreth, IT Development Innovations
12
See Setup process
• At the top, click Security tab• In the Password box, click Setup next to “2-Step
verification” This will bring your to the 2-Step Verification settings page.
• You will then see a step-by-step guide which will help you through the setup process.
Pang Chamreth, IT Development Innovations
13
Set up a backup
• Once you’re done, you’ll be taken to the 2-Step Verification settings page again. Be sure to review your settings and Set up a backup phone numbers and Get backup codes.
• You’re done! Next time you sign in, you’ll receive an SMS with a verification code
Pang Chamreth, IT Development Innovations
14
Common Techniques for Protecting Emails
• The three common techniques adopted by most internet users for protecting themselves are:
1. Logging out of accounts when they’re done, and not just close your
2. Confirm it is a secure session or website (such as https://) for “security”
3. Changing password periodically
Pang Chamreth, IT Development Innovations
15
Best practices of password management
Why best practices of password management are required?
Recently, most of people have their own password at least three so they are difficult to remember all of it because of they don’t know how to manage their password properly. You will see the common password that the hacker can easily to guess.
Pang Chamreth, IT Development Innovations
16
Most Common Passwords
• Most people choose passwords that can too easily be guessed. If your password can easily be guessed, or it can easily be reset, you are at risk of identity theft.
Pang Chamreth, IT Development Innovations
17
Password recommendations
• A good password are:– Private– Secret– Easily Remembered– At least 8 characters, complex– Not guessable– Changed regularly
• Beware that someone may see you typing it. If you accidentally type your password instead of your login name, it may appear in system log files
• Use 3rd party tools to encrypt password
Pang Chamreth, IT Development Innovations
19
Sample how to put password
Combine 2 unrelated words Mail + phone = m@!lf0n3
Abbreviate a phrase My favorite color is blue=
Mfciblue
Music lyric Happy birthday to you,
happy birthday to you,
happy birthday dear John,
happy birthday to you.
hb2uhb2uhbdJhb2u
Pang Chamreth, IT Development Innovations
20
How are passwords stolen?
• CrackedBrutef orce
Dictionary- based
Decryption
• TheftKey loggers
Screen captures
Social engineering
Pang Chamreth, IT Development Innovations
21
Securing your password
• Do not share your password with others• Avoid recording your passwords in an insecure manner• Avoid saving passwords in Web browsers and other
applications• Always delete e-mails that contain a password• Use a Web site’s logout feature rather than just closing your
browser• Be smart with secret questions and answers• Create strong passwords with a combination of number, special
symbols, and letters that cannot be guessed• Always change passwords Once every three months is
recommended
Pang Chamreth, IT Development Innovations
22
Password management
• Today you need to remember many passwords. You need a password for:- Windows network logon, - Servers and Routers- E-mail account, Social account- your website's FTP password, - online passwords (like website member account), etc.
• Password Management(LastPass – KeePass)
Pang Chamreth, IT Development Innovations
23
What is KeePass?
• Free open source for password manager• No need remember many passwords• Can bring along with you any where
Pang Chamreth, IT Development Innovations
24