1 / 19

Too Many Passwords!

Too Many Passwords!. Security Awareness Day Sept 29 th , 2009 Jack Schmidt. Agenda. Passwords Today Upcoming Improvements Password Requirements Kerberos Fermi Domain Services IMAP VPN Password Recommendations/Help Creating your password Setting your password

meryle
Download Presentation

Too Many Passwords!

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Too Many Passwords! Security Awareness Day Sept 29th, 2009 Jack Schmidt

  2. Agenda • Passwords Today • Upcoming Improvements • Password Requirements • Kerberos • Fermi Domain • Services • IMAP • VPN • Password Recommendations/Help • Creating your password • Setting your password • Remembering your passwords • Forgot your Fermilab password? • References • Questions?

  3. Fermilab Passwords Today Fermi Domain IMAP Listserv SMTP VPN kerberos Exchange FTL Services Meeting Maker Service Desk

  4. Fermilab Passwords Soon Services Kerberos/Fermi Domain • Exchange • Outlook • IMAP • Listserv • SMTP • FTL • Meeting Maker • Service Desk • VPN

  5. Upcoming Improvements • Update Application Authentication • Identify and configure as many applications as possible to use KCA certificates • Identify and configure as many applications as possible to use Services account • Identity Management/Self Service • Provide one place to set passwords across applications

  6. Fermilab Password Requirements

  7. Kerberos Password Requirements • Minimum of 10 characters • Two of the four character groups must be used. These groups include: • English uppercase characters (A through Z) • English lowercase characters (a through z) • Base 10 digits (0 through 9) • Non-alphabetic characters (for example ! @ # $ ^ & * % - . , ) • This password can be the same as your Fermi Windows domain password • This password expires every 400 days

  8. Fermi Domain Password Requirements • Minimum of 10 characters • Three of the four character groups must be used. These groups include: • English uppercase characters (A through Z) • English lowercase characters (a through z) • Base 10 digits (0 through 9) • Non-alphabetic characters (for example ! @ # $ ^ & * % - . , ) • The password can not contain three or more consecutive characters from your username • You cannot repeat your last 6 passwords • Your password cannot contain your username or real name • This password can be the same as your Kerberos password • This password expires every 6 months

  9. Services Password Requirements • Minimum of 10 characters • Three of the four character groups must be used. These groups include: • English uppercase characters (A through Z) • English lowercase characters (a through z) • Base 10 digits (0 through 9) • Non-alphabetic characters (for example ! @ # $ ^ & * % - . , ) Note: in most cases you could also use various quotes, brackets and parenthesis, but the self service web form does not support them. • The password can not contain three or more consecutive characters from your username • You cannot repeat your last 6 passwords • Your password cannot contain your username or real name • This password should be different from your Fermi Windows domain or Kerberos password • This password expires every 6 months

  10. IMAP Password Requirements • Minimum of 10 characters • This password should be different from your Services, Fermi Windows domain or Kerberos password • The IMAP service will be moved to Exchange and use your Services password soon!

  11. VPN Password Requirements • Minimum of 8 characters • Three of the four character groups must be used. These groups include: • English uppercase characters (A through Z) • English lowercase characters (a through z) • Base 10 digits (0 through 9) • Non-alphabetic characters (for example ! @ # $ ^ & * % - . , ) • This password should be different from your Services, Fermi Windows domain or Kerberos password • The VPN service is changing Oct 1st with a new web client that uses your Services password!

  12. Password Recommendations/Help

  13. Setting Your Password • How Do I change My Password? • Kerberos V5 (UNIX, FNAL.GOV realm) • Kerberos V5 (Windows, FERMI.WIN.FNAL.GOV realm) • Services Account (This also changes your Exchange email password) • Mail server • IMAP Email Password • Taken from: http://computing.fnal.gov/xms/Services/Getting_Services/Accounts_and_Passwords

  14. Creating Your Password • Use a cipher to build your passwords • Wikipedia defines a cipher as: A cipher (or cypher) is an algorithm for performing encryption or decryption — a series of well-defined steps that can be followed as a procedure. • Follow the password requirements for length and character groups

  15. Creating Your Password • Simple Cipher Example • First three letters in caps • First and last digits of ID (i.e. 41) • Last three letters, lowercase • Two odd characters • Services password: • SER • 41 • ces • ;) SER41ces;)

  16. Remembering Your Passwords • Commit passwords to memory • Use the cipher method to create passwords • This is the best way to prevent your passwords from being stolen • Keep Them Safe! • If you must write down passwords, store them in a secure place such as a locked drawer or in your wallet next to your credit card. • Recommended tools • A variety of password storage applications are available for your computer or smart phone. Look for products that support AES-256 encryption. • CD does not recommend or support any specific products.

  17. Forgot Your Fermilab password? • Service Desk • Call 2345, 8-4:30 M-F. • Reset kerberos, Fermi Windows Domain, Services and VPN account passwords • Self Service: • Self "Services Account" Password Reset tool • Works for Services password • Requires KCA

  18. References • Useful Reference Pages • CD Account and Password Services Page: http://computing.fnal.gov/xms/Services/Getting_Services/Accounts_and_Passwords • Tune IT Up Page http://www.fnal.gov/tuneitup/ • Password management tips under Helpful Links • Questions & Answers section • This talk: https://cd-docdb.fnal.gov:440/cgi-bin/ShowDocument?docid=3415

  19. Questions?

More Related