Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Managing Your Risks – The Problem of Passwords

421 vues

Publié le

We all use passwords; for our banking cards, for our emails, to log into our work environment, to access our computers and mobile devices and for all the various apps on those devices, for our social media account, and more. They have become commonplace in our society, yet provide us with a false sense of security. This presentation will discuss the inherent failures when using passwords, how they are now being used against us to commit cyber-crimes, what we need to be doing currently to protect ourselves, and what the future of passwords may hold.

Main points covered:

• How criminals are using our passwords to commit cyber-crimes
• Managing passwords and current ways to protect your data
• What the future may hold for our passwords

Presenter:

Ryan Duquette is passionate about digital forensic investigations and with keeping others from being victimized. He's a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He founded Hexigent Consulting which is a firm focusing on digital investigations, cyber security consulting services and litigation support. Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches He is a sessional lecturer at the University of Toronto teaching digital forensics, holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications. Ryan is a director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide.

Recorded webinar: https://youtu.be/WTIImiEu078

Publié dans : Formation
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Managing Your Risks – The Problem of Passwords

  1. 1. Rank 2011 2012 2013 2014 2015 2016 2017 1 password password 123456 123456 123456 123456 123456 2 123456 123456 password password password password password 3 12345678 12345678 12345678 12345 12345678 12345 12345678 4 qwerty abc123 qwerty 12345678 qwerty 12345678 qwerty 5 abc123 qwerty abc123 qwerty 12345 football 12345
  2. 2. NIST Special Publication 800-63A
  3. 3. P@ssw0rdJan18 P@ssw0rdDec18
  4. 4. NIST Special Publication 800-63B
  5. 5. • Default Passwords • How criminals are using breach data • How our emails and passwords can be used to find our personal information • Steps to mitigate those risks.
  6. 6. Breach Data
  7. 7. • Average Business User Has 191 Passwords • The average 250-employee company has 47,750 passwords in use • 61% of people to use the same or a similar password everywhere, despite knowing that it's not a secure practice https://blog.lastpass.com/2017/11/lastpass-reveals-8-truths-about-passwords-in-the-new-password-expose.html/
  8. 8. From: Paton Reiner <jrrein*****@outlook.com> Date: July 20, 2018 at 12:32:24 PM EDT To: "__________________ (redacted)" Subject: (redacted - this was the recipients "username" and "password")
  9. 9. Current Landscape
  10. 10. (-1i3Zp9lNF6JhK^Ffg- &CZ1xc4b=S.+bZUfV v51g?M6v2BB`T
  11. 11. Two-Factor Authentication Something you know: Password Something you have: One Time Password Token, or OTP app
  12. 12. Two Factor Authentication https://twofactorauth.org/
  13. 13. The Password is dead, Long live the ?
  14. 14. Three-Factor Authentication Something you know Something you have Something you are: biometrics, iris scan, Voice/facial recognition
  15. 15. Four-Factor Authentication Something you know Something you have Something you are Somewhere you are: IP address, MAC address, Geo location
  16. 16. Five-Factor Authentication Something you know Something you have Something you are Somewhere you are Something you do: gestures, eye movement, breathing patterns
  17. 17. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price. www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032 www.pecb.com/events
  18. 18. THANK YOU ? ryanduquette@hexigent.com www.Hexigent.com linkedin.com/in/ryanduquettemsc

×