A discussion of the problems with password security and how to make your passwords more secure. Also, we debunk some common myths about what makes a good password. (This was originally part one of a three part presentation on the need for and use of password managers.)
3. Passwords Problems
• Too Simple
• Passwords are Reused
• Too Many Passwords/Sites to Maintain
• Too Complicated
• Sometimes Passwords Expire and Must Be
Changed
4. Passwords Threats
• You (are too trusting and don’t believe it will happen to you)
• Easier to Guess than Expected
• Brute Force
• Hacking / Keyboard Loggers / Sniffing / Nosy People
• Social Engineering
• Use Familiar “Tricks”
• Transformations and substitutions (f00tb@ll or sdrawkcab)
• Keyboard patterns (qwertyasdf)
• Padding (Montana12&*-&*-&*-)
5. Password Security
• Passwords need to be mathematically complex
• Passwords are more guessable than you think
• “Complex” is not the same as “Complicated”
• Passwords need to be memorable
6. Complexity Components
• Length
• Character Set (letters, numbers, symbols)
• Randomness (absence of a discernible pattern)
• Ladnomics (not a word but follows a pattern)
• 8vgz2N'A (no discernable pattern)
8 visa golf zip 2 NUT ' APPLE
7. Password Length Flaws
• possibilities - 13 characters long
• Readable
• Dictionary word
• Not complex
• iYb48zJ# - 8 characters long
• Short but complex
• Not memorable
8. Character Set Flaws
• P@ssw0rd
• Multiple character sets
• Easily broken by a computer
10. Can You Crack This? (Test 1)
Password: SjdlDijo <— what’s my pattern?
11. Can You Crack This?
(Answer 1)
• RickChin - shift one character in the alphabet
• A computer will crack this in under 1 second
12. Can You Crack This? (Test 2)
Password: SkfoHnpw <— what’s my pattern?
13. Can You Crack This?
(Answer 2)
• RickChin - shift 1x(character position) characters in
the alphabet, character by character
• R =1, shift one to S
• i = 2, shift two to k
• c = 3, shift 3 to f
• etc.
• A computer will crack this quickly
14. Why Your Passwords
Need Help
• A computer will crack over 2 billion password
combinations in less than 1 second
• If a human could crack 1 password combination
per second continuously (but we can’t), it would
take 3.8 years to crack 2 billion
15. Password Cracking
• There are many free and commercially available
password crackers and recovery tools
• Rainbow tables and more
• Databases of pre-cracked (i.e., no
computational delay) lists of password
combinations
16. Ways People Keep Their
Passwords
• Post It Notes
• Taped to the bottom of their keyboard
• Text, Word, or Excel file on their desktop
(password protected or not)
• No place, I use (one, two, three) main
passwords and rotate between them
17. What Happens When a
Password is Compromised
• Passwords are often entered into a program/database that tries
to access every major bank, credit card company, payment
system, retail stores, email systems, and more at blistering
speed
• They will cross-match with public information records for
addresses and other information to answer security questions
• Information gathered from one system (like email addresses or
mother’s maiden name) will be used in attacks on other systems
• For this reason, reusing passwords is one of the most
dangerous practices you can do
18. Password Strategy
• There are a few key passwords you must know
• Generally these are passwords you might need often or in an emergency to
get access to everything else. Common examples:
• Master password for a password manager
• Computer login password
• Your Apple ID password
• Dropbox or cloud storage password
• Create strong but memorable passwords for these
• Practice and memorize them
• Use a Password Manager for everything else
19. Password Managers
• A software vault that stores your passwords
encrypted
• Has a master password that grants access to all the
other passwords
• Can generate and store random complex passwords
that you can use instead of less complex passwords
• Syncs your passwords and makes them available on
the devices you use, wherever you are, even without
Internet access
20. Suggested Features
• Works in a browser, preferably also on your phone and
tablet
• Autofills most places (occasionally you’ll need to copy
and paste)
• Syncs via Dropbox, iCloud, or their own cloud service
• Preferably syncs automatically, not just when you
manually initiate a sync
• Allows you to share certain logins securely with other
people (like family members)
21. Example Password
Managers
• 1Password - www.agilebits.com
• LastPass - www.lastpass.com
• Dashlane - www.dashlane.com
• Roboform - www.roboform.com
• iCloud Keychain - availability began in OS X
10.9 and iOS 7