Passwords are the main authentication method used for internet sites and applications. But passwords get stolen and have many weaknesses Here are tips you can use at home and at work to protect your information.
2. Passwords
Why Are They A Problem?
• Hard to remember
• Hard to enter
• Need too many
• Inconsistent Rules
• Changes
3. How Passwords Work
• Site saves encrypted pw
• At login – enter pw – it’s
encrypted and compared to
stored value
• Some sites:
Don’t encrypt well
Don’t encrypt at all!
6. How Passwords Get Stolen
• Phishing or…
• Site attacked – many methods
• Encrypted pw file downloaded
(should be more difficult!)
• Over time, attackers crack the
file
• What does that get them?
7. • Avg. web user has:
25 separate accounts but
6.5 unique passwords
password reuse – not good
• So…
Passwords
8. Password Self-Defense
Tips for Home:
1. Choose good (long) passwords
2. Don’t reuse passwords
3. Use a Password Vault
4. Only enter on secure sites
9. Password Self-Defense
5. Care with “secret” questions
6. Care with linking accounts
7. Login notifications
8. 2-step authentication
9. Use separate email addresses
10. Password Self-Defense
Tips for the Office:
1. No one will ask for your
password
2. Choose a good (long) password
3. Follow the policy
4. Don’t use a work password on a
non-work system
12. Tips
1. Don’t reuse passwords
The average online user needs passwords for 25 different websites and
services, but uses only 6.5 different passwords. If one site gets compromised it
can expose your password for another (perhaps more important) site.
2. Only enter on secure sites
Look for https:// in the address bar and a lock symbol to assure your
passwords are kept confidential when traveling across the Internet.
3. Login notifications
Some sites will let you know when you last logged in, or if it looks like your
account was logged in to from another country. Some sites allow you to block
this.
4. Choose good (long) passwords
Length is more important than complexity! Choose 16-20 or longer length
passwords if available. You can use all letters (upper and lower) if you are
using 20 or more characters.
13. Tips
5. Vault it
Password vaults are a great way to store all your passwords. Make sure you
choose a good long master password and don’t forget it! Some great
password vaults include: LastPass, 1Password, PasswordSafe and KeePass.
6. Care with “secret” questions
Many sites use “secret” questions to help identify you if you forget your
password. Choose questions and answers that people can’t just look up on
Facebook! Your place of birth, high school mascot, and other common
information are not good choices. Or… you could provide fake answers to
common questions. Just be sure you know what answers you give!
7. Care with linking accounts
Don’t just log into every site using your Facebook or Twitter logins (when
available). If either of those accounts get compromised you could lose a lot
more than just the one (or two) accounts).
14. Tips8. Write down your passwords
What??? You were always told to not do that! Well, you’re best option is using
a password vault, but you can write down your passwords. Here are the
“rules”: don’t write down what they’re for; keep them with your money (you
already know how to protect that!), and; for extra credit – insert “fake”
characters into the password – these are extra characters you know aren’t
really part of the password but someone else would not.
9. 2-step authentication
Google (google authenticator), ebay, paypal, dropbox, facebook and other sites
now allow 2-factor or 2-step authentication. It’s a bit more complicated to set
up but definitely worth it. See the individual sites for info.
10. Use separate email addresses
If you use the same email account to associate with all your online accounts,
then a hacker can own you online by compromising that email account. For
instance, most online sites will send a confirmation email to your associated
address if a change is made or to process a password change. If you can use
different email addresses, then having one compromised won’t affect all your
other online accounts.