340 likes | 741 Views
Password Best Practices. Rumplestilskin. Open Sesame. abracadabra. “password”. Presented by John Welle. Password Best Practices. Your Money. Your Reputation. Password Best Practices. Top Secret.
E N D
Password Best Practices Rumplestilskin Open Sesame abracadabra “password” Presented by John Welle
Password Best Practices Your Money Your Reputation
Password Best Practices Top Secret Source: http://gizmodo.com/5615939/thirty+year+old-encryption-formula-can-resist-quantum+computing-attacks-that-defeat-all-common-codes
Password Best Practices Do we see a pattern??? Username & Password
Password Best Practices The big confusion… E-Mail as Username
Password Best Practices So… let’s pick… a good… password
Password Best Practices Best practice #1 password length How about a 1 letter password? 2 15 3
Password Best Practices Best practice #2 password “complexity” Lowercase:abcdefghijklmnopqrstuvwxyz • Uppercase:ABCDEFGHIJKLMNOPQRSTUVWXYZ Numbers: 0123456789 • “Special Characters”: ~!@#$%^&*()_+`-=[]{}\|;:<>,./? 26 +26 +10 +33 =95
Password Best Practices Best practice #3 password “weirdness” Brute Force attacks vs. Dictionary attacks
Password Best Practices Best practice #3 password “weirdness” Brute Force Dictionary aaa aab aac … zzy zzz ant cat hat … zip zoo
password1 Password Best Practices master 123456 000000 shadow 123456789 1234 1234567890 football monkey 123123 welcome letmein jesus 111111 sunshine 654321 1234567 qwerty aaaaaa trustno1 baseball iloveyou 12345678 dragon abc123 password
Password Best Practices Best practice #4 password non-reuse What’s your Facebook password? What’s your Twitter password? What’s your Adobe.com password? …oh…no…
Password Best Practices Examples: password uY8nn*[Qv9@ghr1 Mississippi cat@Hat{993} KEEP-SAFE=g00d
Password Best Practices How do you remember fine passwords like: uY8nn*[Qv9@ghr1 and blueROOSTER=932 Write them down!
Password Best Practices Old school: paper High-tech: password managers LastPass.com KeePass.info
Password Best Practices Special topic: Look for https://
Password Best Practices Special topic: E-Mail is not secure …it can be made secure with encryption, like Mailvelope. http://www.mailvelope.com/
Password Best Practices Special Topic: Two-factor authentication “something you know” and “something you have” https://www.eff.org/deeplinks/2013/05/howto-two-factor-authentication-twitter-and-around-web
Password Best Practices Special topic: Password Recovery Password Hints If you forget your password, you can recover it with a hint. But so can the bad guy…
Password Best Practices Special topic: Social Engineering
Password Best Practices Special topic: The NSA But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved the NSA.
Password Best Practices Handout and Questions Your Money Your Reputation