Upload File

you$and$your$passwords$sites.duke.edu/training/files/2012/10/passwordpresentation.pdf ·...

  • Home
  • Documents
  • You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$
15
You and Your Passwords

Upload: others

Post on 02-Jun-2020

7 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

You  and  Your  Passwords  

Page 2: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

Why  Passwords?  

Page 3: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$
Page 4: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

Threat  -­‐  Cracking  Passwords  

Password  Type   Using  the  CPU   Using  the  GPU  

6  char  (no  spec  chars)   1  hour  30  sec   4  seconds  

7  char  (no  spec  chars)   4  days   17  minutes  30  seconds  

7  char  (spec  chars)   75  days   7  hours  

9  char  (spec  chars)   43  years   48  days  

Password FileH

ASHPassword Guess d131dd02c5e

6eec4693d9a0698aff95c

d131dd02c5e6eec4693d9a

0698aff95c

Page 5: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

Methods  to  Compromise    Accounts/Passwords  

Password  A6ack  

Defense  

Longer  

passwords  

(passphrases)  

Regular  

Password  

changes  

Accoun

t  lockou

ts  

MulL-­‐factor  

EducaL

on  

Network  

encrypLo

n  

Host-­‐based

 security  

Password  Cracking  • DicLonary  ASack      �  • Brute  Force  • Rainbow  Tables            • GPU  Cracking  

✔   ✔   ✔   ✔  

Password  Sharing   ✔   ✔  

Phishing/Social  Engineering   ✔   ✔  

Man-­‐in-­‐the-­‐Middle  ASack   ✔   ✔   ✔  

Network  Sniffing   ✔   ✔   ✔   ✔   ✔  

Keylogger   ✔* ✔  

*(unless  digital  cert)    

Page 6: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

Look,  a  Demo!  

Page 7: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

RecommendaLons  

•  Not  just  one  strong  passwords,  but  mulLple  strong  passwords  

•  Password  Escrow  •  MulLfactor  

Page 8: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

What’s  a  Strong  Password?    

•  8  characters  •  Mix  of  upper,  lower,  numbers,  symbols  

•  11  characters  •  One  each  of  upper,  lower,  numbers,  symbols  

•  Change  regularly  •  MulLple  passwords!    

Page 9: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

Password  Escrow  –  1Password  

Page 10: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

1Password  

Pros  •  MulLplacorm  and  

mulLbrowser  •  Password  generator  •  Password  history  •  Sync  with  mobile  devices  

Cons  •  Cost    

Page 11: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

Password  Escrow  –  LastPass  

Page 12: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

LastPass  

Pros  •  Free  and  Pay  versions  •  MulLplacorm  and  

mulLbrowser  •  Password  generator  •  Sync  with  mobile  devices  

Cons  •  Stores  in  the  cloud  

(encrypted)  

Page 13: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

Password  Escrow  –  Keepass  

Page 14: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

KeePass  

Pros  •  Free    •  MulLplacorm  and  

mulLbrowser  •  Password  generator  •  Sync  with  mobile  devices  

Cons  •  May  require  different  

installaLons  for  different  OS’s  

•  May  require  some  advanced  work  to  sync  with  mobile  devices  

Page 15: You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

MulLfactor  


Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

2-ลืม Username และ Password · saved passwords in Safari Passwords preferences or (Snq4.) O O mom g bysdoO-fyj» Strong Password bysdoO-fyj» Strong Password by asking

Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information

Vip strong authentication : No Passwords - infographic by Symantec

Strong Passwords Safety... · 2016-07-27 · Hackers use programs that will try every word in the dictionary to guess passwords. • Create passwords with at least eight characters

STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security

Are you protected? ONLINE PASSWORD SECURITY...and are your best defense against hacking. Create Strong Passwords Building strong passwords is the key to online security. Follow these

Passwords and Password Controlsmedia.techtarget.com/searchOracle/downloads/455_ORACLE_07.pdf · 173 Passwords and Password Controls Solutions in this chapter: Configuring Strong

Malling U3A Computer Group · Passwords Passwords are needed for virtually every app. or website we access via PC, Laptop or smartphone. Most importantly use a strong password. NEVER

P@$$w0rd Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work

Beyond Passwords: FIDO (Fast IDentity Online) and the Larger Market for Strong Authentication

Preventing the Revealing of Online Passwords to ......ing strong passwords and protecting them from being stolen. However,inrecentyears,especiallywiththeram-pancy of Web-based malicious

Mc gregor (2010) weak protection of strong passwords

Authentication Chapter 2. Learning Objectives Create strong passwords and store them securely Understand the Kerberos authentication process Understand

Strong Passwords - eSoftenb-wp.esoftbusiness.com/.../uploads/userfiles/file/StrongPasswords… · Passwords Always use strong passwords on the Internet. A strong password is one that

Password protecting your uploaded documents · Use strong passwords that combine uppercase and lowercase letters, numbers, and symbols. Weak passwords don't mix these elements. Strong

Making Strong Passwords

LastPass strong passwords for the web

Okta + Palo Alto Networks: Strong Authentication ... · Okta + Palo Alto Networks: Strong Authentication Everywhere via MFA + Passwords are under attack. Last year, three out of four

1,2,3,4,5,6,7,8,9,0 passwords deboli e strong authentication

Take Control of Your Passwords (3.1) … · Create Strong but Memorable Passwords .....59 Use a Password Manager for Everything Else .....63 Handle Security Questions ... changed

How to create a strong password (and why this is important) · Change your passwords regularly. Use at least 10 characters, although the longer the better. Longer passwords take longer

1 Authentication. 2 Strong passwords Kerberos CHAP Digital Certificates Biometrics

Passwords, Passwords and more Passwords

Do Users’ Perceptions of Password Security Match Reality?lbauer/papers/2016/chi... · selecting terrible passwords and choose to do so intentionally, ... strong passwords. In fact,

CSE 484 / CSE M 584 Computer Security: Passwords€¦ · Password Managers •Allows the user to use one secure password to secure all other passwords •Generate strong password

STRONG PASSWORDS

Video Doorbell - beekman.nl · II Cybersecurity Recommendations Mandatory actions to be taken towards cybersecurity 1. Change Passwords and Use Strong Passwords: The number one reason

2 Create strong passwords Smarter Online = Safer Online ...download.microsoft.com/download/3/A/2/3A2C118B-3D... · Use unique passwords for bank and other important accounts. Avoid

Villa VTO (Version 3.1)€¦ · User’s Manual V1.0.1. II Cybersecurity Recommendations Mandatory actions to be taken towards cybersecurity 1. Change Passwords and Use Strong Passwords:

Rapid recommendaons, point-of-care decision aids, and

starominskaya.n-23.ru · Cybersecurity Recommendations I Cybersecurity Recommendations Mandatory actions to be taken towards cybersecurity 1. Change Passwords and Use Strong Passwords:

STRONG AUTHENTICATION ... NO PASSWORDS

Psychology of Passwords: Combatting Cognitive Dissonance ......© 2019, LogMeIn, Inc. 12 1. Create unique, strong passwords for every account –Meaning 20 characters or more, randomly

Creating STRONG Passwords