1 / 27

Authentication and Constructing Strong Passwords

Learn about information security, authentication, and the importance of strong passwords in protecting personal information. Discover the risks of identity theft and ways to prevent it.

pridgway
Download Presentation

Authentication and Constructing Strong Passwords

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication and Constructing Strong Passwords

  2. Why are we here? • Current students in an Information Systems Security class at UNM. • To reach out to younger generations to inform about the importance of protecting our personal information. • Realize the dangers and risks. • Present opportunities in education and careers.

  3. What Are We Going To Discuss? • What is information security? • What is information assurance? • Types of authentication • Strong focus on passwords • How authentication protects you from identity theft

  4. Celebrity Hacking Quiz Q: Which Hollywood starlet had nude photos leaked as a result of their account being hacked?

  5. Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...) Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.

  6. Identity Theft The fraudulent acquisition and use of a person's private identifying information, usually for financial gain. Forms of Identity Theft: • Financial • Social Security • Driver’s License • Insurance • Child Identity

  7. Identity Theft Statistics • One incident of identity theft occurs every 3 seconds. • About 7% of persons age 16 or older were victims of identity theft in 2012. Approximately 17 million people, resulting in losses of $50 Billion. • The majority of identity theft incidents (85%) involved the fraudulent use of existing account information, such as credit card or bank account information. • Average loss per victim is $3,500 • 29% of victims spent a month or more resolving problems. • Close to 100 million additional Americans have their personal identifying information placed at risk of identity theft each year when records maintained in government and corporate databases are lost or stolen. • One third of victims personally know the identity thief.

  8. Authentication A is For Authentication

  9. Celebrity Hacking Quiz Q: Which celeb had their Twitter account hacked and tweeted “Oh yeh, Justin Bieber Sucks!!!”?

  10. Why Focus on Passwords? • Threat of data breaches • 740 million records in 2013 • Weak or stolen passwords • IT IS AVOIDABLE!!!!!!!

  11. Brute Force Attacks • Definition • Relies on computing power • Time consuming

  12. Dictionary Attacks • Definition • More efficient than brute force • Common words • 81 percent

  13. Custom Dictionaries • RockYou.com • 32 million passwords • More than one of every 100 users selected “12345″ or “123456″ • One of three chose a password of six or fewer characters • 60% used only alpha-numeric characters • Nearly half used names, slang words, dictionary words or other trivial passwords such as consecutive numbers

  14. Worst Passwords 2013 Your password sucks • 123456 • password • 12345678 • qwerty • abc123 • 123456789 • 111111 • 1234567 • iloveyou • 123123 • admin • letmein • 1234 • monkey • shadow • sunshine • password1 • princess • azerty • trustno1 • 0000

  15. Character Length • At least 8 characters • 1/3 have passwords that are not 8 characters long Based on 26 character set, 30,000MIPS

  16. 8.3 Rule • At least 8 characters (upper and lower) • At least one letter • At least one number • At least one non-alphanumeric number Based on 82 character set, 30,000MIPS

  17. Do Not Use • Spouses • Girlfriend/Boyfriend • Children • Phone numbers • Social Security Numbers • Birthdays • Names of pets • Same word as login • Dictionary Words • Slang words

  18. Passphrase • 81 percent • Hard to guess, easy to remember I’m gonna make him an offer he can’t refuse 1Gmh@ohCr

  19. Duplicate Passwords • 56 percent use unique passwords • Access sensitive info • Time consuming, but worthwhile

  20. Frequently Change Password • 23 percent – every six weeks • 42 percent – every six months • 35 percent – never • Change every 30 – 90 days

  21. Never Write Down Password • 69 percent of class • They can be stolen! • Destroy ASAP

  22. Never Share Passwords • Asking is easier than hacking • Social Engineering • Most prevalent is by phone

  23. Password Manager • The average person has 26 online accounts • How do I remember all these complicated passwords? • LastPass, RoboForm, KeePass, 1Password

  24. Two-Factor Authentication • Something you have • Something you know • Extra layer of security • Intro to Two-Factor Authentication

  25. Celebrity Hacking Quiz Q: Who had their financial and personal information, including social security numbers, bank accounts, mortgages, and credit card details posted to a website as a result of being hacked?

  26. Questions?

  27. References • https://www.allclearid.com/blog/credit-card-theft-increasing-for-banks-retailers • http://www.eweek.com/security/targeted-attacks-weak-passwords-top-it-security-risks-in-2013/ • http://www.webopedia.com/TERM/D/dictionary_attack.html • http://blog.codinghorror.com/dictionary-attacks-101/ • http://secureidnews.com/news-item/anatomy-of-a-password-hack-2/ • http://www.oxforddictionaries.com/us/words/how-many-words-are-there-in-the-english-language • http://www.microsoft.com/business/en-us/resources/technology/security/5-tips-for-top-notch-password-security.aspx?fbid=EMcZBTrMlGh • https://itservices.uchicago.edu/page/good-password-practices • http://blogs.computerworld.com/security/21057/paranoid-users-guide-password-protection • https://www.silverpop.com/blog/6-Password-Best-Practices • http://technet.microsoft.com/en-us/library/cc784090(v=ws.10).aspx#BKMK_UserBP • https://www.staysafeonline.org/blog/futurex-guest-blog-best-practices-for-password-management • http://splashdata.com/press/worstpasswords2013.htm • http://www.techradar.com/us/news/internet/online-fraud-too-many-accounts-too-few-passwords-1089283 • http://searchsecurity.techtarget.com/definition/authentication • http://www.wetpaint.com/news/gallery/10-celebrities-who-have-been-hacked-from-nude-photo-leaks-to-raunchy-tweets#11 • http://www.huffingtonpost.com/2013/03/12/michelle-obama-hacked-first-lady-doxxing_n_2859700.html

More Related