1 / 40

Making Good Passwords

Making Good Passwords. (and how to keep them safe). But Password management is hard. Why can’t we use easy passwords?. This is a graphics card. It’s cheap and good at playing video games. About every teenager has access to one. It’s also very good at hacking your password.

manning
Download Presentation

Making Good Passwords

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Making Good Passwords (and how to keep them safe)

  2. But Password management is hard

  3. Why can’t we use easy passwords?

  4. This is a graphics card • It’s cheap and good at playing video games. • About every teenager has access to one. • It’s also very good at hacking your password.

  5. “A $1000 computer can process 3.3 billion passwords per second… a professional can make thousands of dollars a day selling your information on the black market.” (PCPro.com)

  6. It’s just a matter of time • Dictionary Attacks: • “GoBuffs!” a couple minutes • “P@$$w0rd1” a couple hours • Brute Force: • “fjR8n” in 24 seconds • “%fjR8nQNUc5GPj9” would take over ten years • *Extra credit: 15 characters or more forces windows to store passwords differently – which breaks certain attacks.

  7. Hacking is big business • 2011 = 12.5 billion in reported losses • Some estimates put that number closer to 10 times as much. www.hotforsecurity.com

  8. How do Hackers get your password? • Physical access to your office or computer • Social Engineering/Phishing (asking nicely) • Hacking commonly used sites • Malware Infections • Network based attacks

  9. Losing your passwords since 1978

  10. “Securing your password doesn’t mean using tape”

  11. Under Keyboard • In a Rolodex • Top desk drawer • Under desk calendar • In the planter • Wallet/Purse/Gym Bag

  12. Now that you know Where people hide their passwords

  13. Now that you know Where people hide their passwords Don’t Do It

  14. Sure, long passwords are secure but I can’t remember Them….

  15. Making memorable password requires thought

  16. Abbreviate • Ilike taking the bus,but Iended up 20minutes late! • Becomes: • Ilttb,bIeu20ml! • (15 characters)

  17. Letter substitution • Create a long word or phrase: • I Like To Eat Tacos • Remove spaces: • ILikeToEatTacos • Replace letters with symbols: • IL!k3T0e@tT@c0$

  18. A few substitution suggestions

  19. Word Jumble • Take two words: • Bot & Kneecap • Scramble a few letters: • Bocat_&_Kneep • Add Complexity: 54 • Bocat_&_Kne54ep

  20. Keyboard Patterns • Use the Shift Key to Add Complexity • Becomes: 5^YghjkmnbVCX • Use with caution, easy ones are in dictionary attacks!

  21. Ok, so I’ve got a great password, I’ll just keep using that one right?

  22. Reused passwords are dangerous

  23. LinkedIn lost 6.4 million users passwords • Hackers can use those passwords to commit identity fraud including: • Hack into corporate accounts • Break into bank accounts • Spam email accounts • Gather more info for offline use (Credit Cards) • LinkedIn is now facing $5 million class action lawsuit due to the loss.

  24. Pro Tip: Making passwords unique to each site • Have a secure base password: • 5^YghjkbVCX • Select two letters from the site or program: • usbank.com (2nd & 4th in this case) • Add those letters to your password: • 5^YghjsakbVCX

  25. Wait a minute… This site want’s me to change it now… • Todays Date: 1/11/13 • Pick a couple characters of the date: 11 • Shift the numbers (+3 in this case): 44 • Add those numbers to your password • 5^Yghjsak becomes 5^Yghjsak44 • Write down when you last change the password

  26. Instant, unique and secure passwords for all Uses

  27. A few tools to help…

  28. Password Generators • Many free ones, but be careful! We suggest changing the results before using them. • http://www.pctools.com/guides/password/

  29. Password Managers

  30. Two Factor Authentication

  31. Questions? • Joe Kuster • IT Projects Manager • Joe.Kuster@colorado.edu

  32. Identikey • Your “username” is the Identikey assigned to you by the University. • Keep private • Commit to memory • Do not use Username or Password for any other purpose!

  33. HR Identikey Requirements • 15 characters or longer • Avoid repeating characters • No words that can be found in a dictionary (in any language) • Not be easily guessable (e.g., your birthday, age, anniversary…) • All four character sets: capital, lowercase, numerical and symbol (e.g., A,a,1,!)

More Related