320 likes | 330 Views
Understand the importance of passwords, strong password creation, organizing passwords, managing multiple accounts securely, and changing passwords regularly for enhanced security. Learn valuable tips and practices for secure password management. Get insights on creating strong passwords, categorizing accounts, and changing passwords at appropriate intervals.
E N D
Passwords and how to Manage ThemCRH503 Jacky Hartnett 2011
Your password informs the computer system that you are genuinely whom you claim to be NOT Your partner An attacker Or your Dog
Your password opens the electronic pathway between you and the resources that the computer system manages for you **** ****
At least when it is protecting things of value to you or your employer But this is not always the case And we have SO many of them
This Talk • Organising Passwords • Strong Passwords • The do’s and don’ts • Recipes for creating passwords • Managing your passwords • Writing them down • Changing them • Explaining the do’s and don’ts
Organising Passwords • Some passwords give access to more than others • Some people have different identities on • different systems
Organising Passwords • Group your passwords into categories • Perhaps start with three • Use a different recipe for creating each category of password • Make each (of the few) passwords in the most important category different • Do not mix passwords used at work with those used at home
Organising Passwords • Use the same password for the moderately important category of accounts • But change it quite often • Use the same password for the least important category of accounts • Change it when you feel like it • BUT for all categories use strong passwords
Strong Passwords • You can find the construction rules for these everywhere: • Australian Government Stay Smart OnLine • http://www.staysmartonline.gov.au/ • AusCERT Reference #: GoodPasswords • http://national.auscert.org.au/render.html?it=2260&cid=2997
Strong Passwordsdo’s & don’ts • At least 8 symbols • Mix of letters, upper/lower case and numbers or special symbols! • NO dictionary or culturally obvious words • GotheCats, RickyPonting • NO personal details • Birthdays, children’s name, car rego, • Different from your username
Recipes for Creating Passwords • My favourite: • Pick a song and use the first letter of the first line of a song • mlilarrrose – 3 rs in row not good, no case change, no numbers • mL1laredr OR mliLarR0se • Choose a different genre for each password • Classical, Country and western, jazz • Or composer, band, album …
Recipes for Creating Passwords • Another one: • Pick a TV series and combine title with a memorable feature: • dwstarstmck or dwtsTMcK or dw1thtsT • Choose a different show for each password • Probably not your current favourite, but there are so many • 6&theCity, rUbe1ngSe, m1dSomer, • And so many ways to use them…
Recipes for Creating Passwords • It is best not to use an interest with which you are indentified • Eg motorbikes if you ride one and talk about them • Or cricket or AFL if you follow it • But you could use a team and the combination of player and injury for a weekly password change – as long as this recipe is secret • Using a recipe makes creating strong passwords easier
Managing Your Passwords • Of course you are going to write them down! • But you are NOT going to keep them near your computer • Exercise is good for you so make sure that you have to walk to retrieve then from your safe location! • For each of your many accounts this is what you need to know
Managing Your Passwords Do not save ANY of these details on your computer I hand write them all
Managing Your Passwords • So my list is very very messy because I also • Change my passwords • Possibly not as often as I should! • The more your password protects the more careful you should be with • Creating it • Changing it • So how often should you change a password?
Managing Your PasswordsChanging passwords • One rule is to change it after a number of uses • Eg every 12 uses: • Access once a week then change it every 3 months • Access once a month then perhaps once a year • Access once a day then every to weeks • Another is to use a period of time • Make sure you change even low use / low value passwords once a year
Managing Your PasswordsChanging passwords • An important rule is to assess your risk environment • How ‘safe’ is your home computer, your work computer , your friend’s, the online access centre, the library, an Internet café? • If you feel that you may have been in a risky environment then change your password! • What about if I share my password?
Managing Your PasswordsChanging passwords • What about if I share my password? • Well we all do sometime or another • If this is at work • Report the fact (and the reason why) • Change your password • If this in your personal life • Record that you did it (and why) • Change your password
Your current password confirms to the computer system that it is indeed you
Explaining the Do’s and Don’ts • Why at least 8 symbols • Mix of letters, upper/lower case and numbers or special symbols? • Imagine 1 symbol that is a lower case letter • 26 possible values • Add upper case and we have 52 possible values • Add numbers and we have 62 • Adding special characters means even more
Explaining the Do’s and Don’ts • A computer could run a program to try each of these in less time than it takes you to read this • As computers get faster we need to add • more symbols and • use more possible values for these symbols • This means that it would take a computer too too long to try each possible combination in turn
Explaining the Do’s and Don’ts • NO dictionary or culturally obvious words • A sample password file maintained by a computer system It is worth even keeping this a secret This is encrypted This gives youe xtra protection
Explaining the Do’s and Don’ts • A password is encrypted by a one way algorithm and stored in its encrypted form • Attackers know this algorithm and run programs to covert dictionary words into the encrypted form • They then compare encrypted entries in the captured password file to entries from their dictionary conversions
Explaining the Do’s and Don’ts • NO personal details • Birthdays, children’s name, car rego • One variety of attacker is known as a ‘social engineer’ • They attack systems using their people skills more than technical skills • SO many people use their personal details as a basis for their passwords that this is the first thing an attacker will try
Explaining the Do’s and Don’ts • If your system is under specific attack • there are sophisticated programs that use personal details from the public record to try possible password combinations • Personal details can also be shared via social networking sites
Explaining the Do’s and Don’ts • Different from your username • Any detail that you give away is one less for an attacker to find out
Final Tips • It is always a fraud if someone asks you to share your username and password via email • That is ALWAYS • If you MUST send your bank account numbers via email • Use 2 separate emails • Consider sending one part by SMS the other via email
And Finally • All of life has risks • The online world is full of promise and opportunities • We just need to learn how to manage our online risks • Like we do when crossing the road • I hope this presentation has helped you to do this