SlideShare une entreprise Scribd logo

Password Management

Rick Chin
Rick Chin

A discussion of the problems with password security and how to make your passwords more secure. Also, we debunk some common myths about what makes a good password. (This was originally part one of a three part presentation on the need for and use of password managers.)

Technologie
1  sur  21
Télécharger pour lire hors ligne
Password Management by Rick Chin May 14, 2015
Topics • Password Problems • Password Security • Password Strategies • Password Managers
Passwords Problems • Too Simple • Passwords are Reused • Too Many Passwords/Sites to Maintain • Too Complicated • Sometimes Passwords Expire and Must Be Changed
Passwords Threats • You (are too trusting and don’t believe it will happen to you) • Easier to Guess than Expected • Brute Force • Hacking / Keyboard Loggers / Sniffing / Nosy People • Social Engineering • Use Familiar “Tricks” • Transformations and substitutions (f00tb@ll or sdrawkcab) • Keyboard patterns (qwertyasdf) • Padding (Montana12&*-&*-&*-)
Password Security • Passwords need to be mathematically complex • Passwords are more guessable than you think • “Complex” is not the same as “Complicated” • Passwords need to be memorable
Complexity Components • Length • Character Set (letters, numbers, symbols) • Randomness (absence of a discernible pattern) • Ladnomics (not a word but follows a pattern) • 8vgz2N'A (no discernable pattern)
 8 visa golf zip 2 NUT ' APPLE
Password Length Flaws • possibilities - 13 characters long • Readable • Dictionary word • Not complex • iYb48zJ# - 8 characters long • Short but complex • Not memorable

Character Set Flaws • P@ssw0rd • Multiple character sets • Easily broken by a computer
Complexity:
 human vs. computer
Can You Crack This? (Test 1) Password: SjdlDijo <— what’s my pattern?
Can You Crack This? (Answer 1) • RickChin - shift one character in the alphabet • A computer will crack this in under 1 second
Can You Crack This? (Test 2) Password: SkfoHnpw <— what’s my pattern?
Can You Crack This? (Answer 2) • RickChin - shift 1x(character position) characters in the alphabet, character by character • R =1, shift one to S • i = 2, shift two to k • c = 3, shift 3 to f • etc. • A computer will crack this quickly
Why Your Passwords
 Need Help • A computer will crack over 2 billion password combinations in less than 1 second • If a human could crack 1 password combination per second continuously (but we can’t), it would take 3.8 years to crack 2 billion
Password Cracking • There are many free and commercially available password crackers and recovery tools • Rainbow tables and more • Databases of pre-cracked (i.e., no computational delay) lists of password combinations
Ways People Keep Their Passwords • Post It Notes • Taped to the bottom of their keyboard • Text, Word, or Excel file on their desktop (password protected or not) • No place, I use (one, two, three) main passwords and rotate between them
What Happens When a Password is Compromised • Passwords are often entered into a program/database that tries to access every major bank, credit card company, payment system, retail stores, email systems, and more at blistering speed • They will cross-match with public information records for addresses and other information to answer security questions • Information gathered from one system (like email addresses or mother’s maiden name) will be used in attacks on other systems • For this reason, reusing passwords is one of the most dangerous practices you can do
Password Strategy • There are a few key passwords you must know • Generally these are passwords you might need often or in an emergency to get access to everything else. Common examples: • Master password for a password manager • Computer login password • Your Apple ID password • Dropbox or cloud storage password • Create strong but memorable passwords for these • Practice and memorize them • Use a Password Manager for everything else
Password Managers • A software vault that stores your passwords encrypted • Has a master password that grants access to all the other passwords • Can generate and store random complex passwords that you can use instead of less complex passwords • Syncs your passwords and makes them available on the devices you use, wherever you are, even without Internet access
Suggested Features • Works in a browser, preferably also on your phone and tablet • Autofills most places (occasionally you’ll need to copy and paste) • Syncs via Dropbox, iCloud, or their own cloud service • Preferably syncs automatically, not just when you manually initiate a sync • Allows you to share certain logins securely with other people (like family members)
Example Password Managers • 1Password - www.agilebits.com • LastPass - www.lastpass.com • Dashlane - www.dashlane.com • Roboform - www.roboform.com • iCloud Keychain - availability began in OS X 10.9 and iOS 7

Recommandé

Password management for you
Password management for youPassword management for you
Password management for youChit Ko Ko Win
 
Password management
Password managementPassword management
Password managementPortalGuard dba PistolStar, Inc.
 
Password management
Password managementPassword management
Password managementWilmington University
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Password Policy and Account Lockout Policies
Password Policy and Account Lockout PoliciesPassword Policy and Account Lockout Policies
Password Policy and Account Lockout Policiesanilinvns
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 

Recommandé

Password management for you
Password management for youPassword management for you
Password management for youChit Ko Ko Win
 
Password management
Password managementPassword management
Password managementPortalGuard dba PistolStar, Inc.
 
Password management
Password managementPassword management
Password managementWilmington University
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute forcevishalgohel12195
 
Brute force-attack presentation
Brute force-attack presentationBrute force-attack presentation
Brute force-attack presentationMahmoud Ibra
 
Password Policy and Account Lockout Policies
Password Policy and Account Lockout PoliciesPassword Policy and Account Lockout Policies
Password Policy and Account Lockout Policiesanilinvns
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingHajer alriyami
 
Brute Forcing
Brute ForcingBrute Forcing
Brute Forcingn|u - The Open Security Community
 
Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Cryptography
CryptographyCryptography
CryptographyShivanand Arur
 
Cryptography
CryptographyCryptography
Cryptographysubodh pawar
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Web security
Web securityWeb security
Web securitySubhash Basistha
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksScott Sutherland
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFAJack Forbes
 
Cryptography
CryptographyCryptography
CryptographySagar Janagonda
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation finaladrigee12
 
Cyber attack
Cyber attackCyber attack
Cyber attackManjushree Mashal
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation Nikolaos Georgitsopoulos
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 
Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentationHitachi ID Systems, Inc.
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threatswardjo
 

Contenu connexe

Tendances

Brute force attack
Brute force attackBrute force attack
Brute force attackjoycruiser
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101mateenzero
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksScott Sutherland
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation finaladrigee12
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness TrainingDave Monahan
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessInnocent Korie
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITYSupanShah2
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 

Tendances (20)

Brute Forcing
Brute ForcingBrute Forcing
Brute Forcing
 
Brute force attack
Brute force attackBrute force attack
Brute force attack
 
Information security awareness - 101
Information security awareness - 101Information security awareness - 101
Information security awareness - 101
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Social engineering
Social engineering Social engineering
Social engineering
 
Web security
Web securityWeb security
Web security
 
Introduction to Windows Dictionary Attacks
Introduction to Windows Dictionary AttacksIntroduction to Windows Dictionary Attacks
Introduction to Windows Dictionary Attacks
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFA
 
Cryptography
CryptographyCryptography
Cryptography
 
Encryption presentation final
Encryption presentation finalEncryption presentation final
Encryption presentation final
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Cybersecurity Awareness Training
Cybersecurity Awareness TrainingCybersecurity Awareness Training
Cybersecurity Awareness Training
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Phishing Presentation
Phishing Presentation Phishing Presentation
Phishing Presentation
 
Secure password - CYBER SECURITY
Secure password - CYBER SECURITYSecure password - CYBER SECURITY
Secure password - CYBER SECURITY
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 

En vedette

Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threatswardjo
 
Lyons Document Storage Corporation: Bond Accounting
Lyons Document Storage Corporation: Bond AccountingLyons Document Storage Corporation: Bond Accounting
Lyons Document Storage Corporation: Bond AccountingVijay Somu
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virusshusrusha
 
Tech Ed 2011 Preso
Tech Ed 2011 PresoTech Ed 2011 Preso
Tech Ed 2011 PresoPAUL CONROY
 
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_resetKunal Grover
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Intruders
IntrudersIntruders
Intruderstechn
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionUmesh Dhital
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9koolkampus
 
Mass User Password Reset Using Lsmw
Mass User Password Reset Using LsmwMass User Password Reset Using Lsmw
Mass User Password Reset Using LsmwDitto S Perumalsami
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system pptSheetal Verma
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system gaurav koriya
 
Step by step lsmw tutorial
Step by step lsmw tutorialStep by step lsmw tutorial
Step by step lsmw tutorialraonivaz
 

En vedette (16)

Password Manager: Detailed presentation
Password Manager: Detailed presentationPassword Manager: Detailed presentation
Password Manager: Detailed presentation
 
Viruses & security threats
Viruses & security threatsViruses & security threats
Viruses & security threats
 
Lyons Document Storage Corporation: Bond Accounting
Lyons Document Storage Corporation: Bond AccountingLyons Document Storage Corporation: Bond Accounting
Lyons Document Storage Corporation: Bond Accounting
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
 
roberts portfolio
roberts portfolioroberts portfolio
roberts portfolio
 
Tech Ed 2011 Preso
Tech Ed 2011 PresoTech Ed 2011 Preso
Tech Ed 2011 Preso
 
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_reset
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)
 
Intruders
IntrudersIntruders
Intruders
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9Intruders and Viruses in Network Security NS9
Intruders and Viruses in Network Security NS9
 
Mass User Password Reset Using Lsmw
Mass User Password Reset Using LsmwMass User Password Reset Using Lsmw
Mass User Password Reset Using Lsmw
 
Firewalls
FirewallsFirewalls
Firewalls
 
Intrusion detection system ppt
Intrusion detection system pptIntrusion detection system ppt
Intrusion detection system ppt
 
Intrusion detection system
Intrusion detection system Intrusion detection system
Intrusion detection system
 
Step by step lsmw tutorial
Step by step lsmw tutorialStep by step lsmw tutorial
Step by step lsmw tutorial
 

Similaire à Password Management

2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptxssuser2f0fb0
 
Password Cracking
Password CrackingPassword Cracking
Password CrackingSagar Verma
 
Protecting Your Data with Encryption
Protecting Your Data with EncryptionProtecting Your Data with Encryption
Protecting Your Data with EncryptionEd Leighton-Dick
 
SQL Server High Availability and DR - Too Many Choices!
SQL Server High Availability and DR - Too Many Choices!SQL Server High Availability and DR - Too Many Choices!
SQL Server High Availability and DR - Too Many Choices!Mike Walsh
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based SecurityRare Input
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13Barry Caplin
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingYaser Zhian
 
Nicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsNicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsCSNP
 
The economies of scaling software - Abdel Remani
The economies of scaling software - Abdel RemaniThe economies of scaling software - Abdel Remani
The economies of scaling software - Abdel Remanijaxconf
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting DataRed Gate Software
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 stk_jj
 
Don't Get Hacked
Don't Get HackedDon't Get Hacked
Don't Get HackedYTH
 
The Economies of Scaling Software
The Economies of Scaling SoftwareThe Economies of Scaling Software
The Economies of Scaling SoftwareAbdelmonaim Remani
 
Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryChristopher Grayson
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)Sam Bowne
 

Similaire à Password Management (20)

2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx
 
Password Cracking
Password CrackingPassword Cracking
Password Cracking
 
Protecting Your Data with Encryption
Protecting Your Data with EncryptionProtecting Your Data with Encryption
Protecting Your Data with Encryption
 
Passwords
PasswordsPasswords
Passwords
 
SQL Server High Availability and DR - Too Many Choices!
SQL Server High Availability and DR - Too Many Choices!SQL Server High Availability and DR - Too Many Choices!
SQL Server High Availability and DR - Too Many Choices!
 
Improving Password Based Security
Improving Password Based SecurityImproving Password Based Security
Improving Password Based Security
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13
 
Scalable game-servers-tgc
Scalable game-servers-tgcScalable game-servers-tgc
Scalable game-servers-tgc
 
Preventing Complexity in Game Programming
Preventing Complexity in Game ProgrammingPreventing Complexity in Game Programming
Preventing Complexity in Game Programming
 
Crypto academy
Crypto academyCrypto academy
Crypto academy
 
Nicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of PasswordsNicholas Dorans - The Evolution of Passwords
Nicholas Dorans - The Evolution of Passwords
 
The economies of scaling software - Abdel Remani
The economies of scaling software - Abdel RemaniThe economies of scaling software - Abdel Remani
The economies of scaling software - Abdel Remani
 
Steve Jones - Encrypting Data
Steve Jones - Encrypting DataSteve Jones - Encrypting Data
Steve Jones - Encrypting Data
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020 WordPress Security 101 - Meetup Nairobi March 2020
WordPress Security 101 - Meetup Nairobi March 2020
 
Don't Get Hacked
Don't Get HackedDon't Get Hacked
Don't Get Hacked
 
The Economies of Scaling Software
The Economies of Scaling SoftwareThe Economies of Scaling Software
The Economies of Scaling Software
 
Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 

Dernier

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Dernier (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 

Password Management

  • 2. Topics • Password Problems • Password Security • Password Strategies • Password Managers
  • 3. Passwords Problems • Too Simple • Passwords are Reused • Too Many Passwords/Sites to Maintain • Too Complicated • Sometimes Passwords Expire and Must Be Changed
  • 4. Passwords Threats • You (are too trusting and don’t believe it will happen to you) • Easier to Guess than Expected • Brute Force • Hacking / Keyboard Loggers / Sniffing / Nosy People • Social Engineering • Use Familiar “Tricks” • Transformations and substitutions (f00tb@ll or sdrawkcab) • Keyboard patterns (qwertyasdf) • Padding (Montana12&*-&*-&*-)
  • 5. Password Security • Passwords need to be mathematically complex • Passwords are more guessable than you think • “Complex” is not the same as “Complicated” • Passwords need to be memorable
  • 6. Complexity Components • Length • Character Set (letters, numbers, symbols) • Randomness (absence of a discernible pattern) • Ladnomics (not a word but follows a pattern) • 8vgz2N'A (no discernable pattern)
 8 visa golf zip 2 NUT ' APPLE
  • 7. Password Length Flaws • possibilities - 13 characters long • Readable • Dictionary word • Not complex • iYb48zJ# - 8 characters long • Short but complex • Not memorable

  • 8. Character Set Flaws • P@ssw0rd • Multiple character sets • Easily broken by a computer
  • 10. Can You Crack This? (Test 1) Password: SjdlDijo <— what’s my pattern?
  • 11. Can You Crack This? (Answer 1) • RickChin - shift one character in the alphabet • A computer will crack this in under 1 second
  • 12. Can You Crack This? (Test 2) Password: SkfoHnpw <— what’s my pattern?
  • 13. Can You Crack This? (Answer 2) • RickChin - shift 1x(character position) characters in the alphabet, character by character • R =1, shift one to S • i = 2, shift two to k • c = 3, shift 3 to f • etc. • A computer will crack this quickly
  • 14. Why Your Passwords
 Need Help • A computer will crack over 2 billion password combinations in less than 1 second • If a human could crack 1 password combination per second continuously (but we can’t), it would take 3.8 years to crack 2 billion
  • 15. Password Cracking • There are many free and commercially available password crackers and recovery tools • Rainbow tables and more • Databases of pre-cracked (i.e., no computational delay) lists of password combinations
  • 16. Ways People Keep Their Passwords • Post It Notes • Taped to the bottom of their keyboard • Text, Word, or Excel file on their desktop (password protected or not) • No place, I use (one, two, three) main passwords and rotate between them
  • 17. What Happens When a Password is Compromised • Passwords are often entered into a program/database that tries to access every major bank, credit card company, payment system, retail stores, email systems, and more at blistering speed • They will cross-match with public information records for addresses and other information to answer security questions • Information gathered from one system (like email addresses or mother’s maiden name) will be used in attacks on other systems • For this reason, reusing passwords is one of the most dangerous practices you can do
  • 18. Password Strategy • There are a few key passwords you must know • Generally these are passwords you might need often or in an emergency to get access to everything else. Common examples: • Master password for a password manager • Computer login password • Your Apple ID password • Dropbox or cloud storage password • Create strong but memorable passwords for these • Practice and memorize them • Use a Password Manager for everything else
  • 19. Password Managers • A software vault that stores your passwords encrypted • Has a master password that grants access to all the other passwords • Can generate and store random complex passwords that you can use instead of less complex passwords • Syncs your passwords and makes them available on the devices you use, wherever you are, even without Internet access
  • 20. Suggested Features • Works in a browser, preferably also on your phone and tablet • Autofills most places (occasionally you’ll need to copy and paste) • Syncs via Dropbox, iCloud, or their own cloud service • Preferably syncs automatically, not just when you manually initiate a sync • Allows you to share certain logins securely with other people (like family members)
  • 21. Example Password Managers • 1Password - www.agilebits.com • LastPass - www.lastpass.com • Dashlane - www.dashlane.com • Roboform - www.roboform.com • iCloud Keychain - availability began in OS X 10.9 and iOS 7