1 / 13

Becoming More Secure Online: Passwords & Social networking

Becoming More Secure Online: Passwords & Social networking. Walid Al-Saqaf For the Workshop: Secure Information Gathering, Storing, and Sharing Istanbul, Turkey 23-25 January, 2011. Passwords are your first line of defense.

yitro
Download Presentation

Becoming More Secure Online: Passwords & Social networking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Becoming More Secure Online: Passwords & Social networking Walid Al-Saqaf For the Workshop: Secure Information Gathering, Storing, and Sharing Istanbul, Turkey 23-25 January, 2011

  2. Passwords are your first line of defense • Every password is a vulnerability due to keyloggers, phishing, etc. • Exposure of passwords of email accounts could be devastating • Victims of password theft could be unaware for some time that their password is compromised (identity theft, spamming, hoaxes, etc.) • Brute-force password crackers available for free and can be planted by trojans The top 25 stolen passwords* password 123456 12345678 qwerty abc123 monkey 1234567 letmein trustno1 dragon baseball 111111 iloveyou master sunshine ashley bailey passw0rd shadow 123123 654321 superman qazwsx michael football *(SplashData study Nov 2011) Another study by ZoneAlarm

  3. Technology makes password hacking easier

  4. No one is immune from password hacking!

  5. Best practices and useful tips • should be changed regularly • should be long enough, yet easy to remember for the user • should include UPPER and lower cases plus non-alphanumeric characters • can be stored through Password managers if memorizing is not possible • should be long & tough to guess (for others) [no dictionary words] • should never be transmitted through unencrypted channels • should not be used in public cafes unless you verify security settings • should be different for different platforms/applications • should normally not be stored on servers (do not use ‘remember me’) • should not be allowed to be stored in your browser/client application • should never be shared

  6. Securing passwords • Securing passwords is extremely important (can’t be emphasized enough) • Using password management is possible if you have too many to remember: • offline (e.g., KeePass, RoboForm, Sxipper [FF add-on]) • online (e.g., Passpack, Clipperz) • alternatives to multiple passwords (e.g., OpenID) • You need to weigh the risks to reward ratio before proceeding

  7. Social networking: Risk vs. Reward • Despite many advantages, social networking is insecure because: • They require that you give up some information publicly • The only secure method of access is a username and password • They may be accessible through browsers that have vulnerabilities • Misunderstanding/misinterpreting privacy terms could be devastating • You cannot control what information about you posted by your friends • You need to read the EULA, Privacy Agreement and Terms of Use • You have to Understand the privacy settings carefully • You should be cautious when installing software recommended by them • Think before you post anything to the public (e.g., CNN’s Nasr) • Assess risk of using social networking websites at cafes & public places

  8. The dark side of social networking • The longer you communicate, the more likely that you would reveal information about yourself • The more data/pictures you put online, the more you endanger your privacy • The more friends you have, the easier you could be tracked, exploited • Bullying, abuse, exploitation, threats, intimidation, etc. are on the rise • “Facebook seems to be a place where people aren't being cautious enough” - DeDomenico-Payne (The dark side of social media)

  9. Social Network addiction is no joke

  10. Social networking could cause liability

  11. Social networks not suitable for sensitive data • Social networks are public and aim at exposing information • Sensitive data needs to be encrypted, protected with multiple methods, which are not available in networks • Website transmission encryption (HTTPS) needs to be used for social networking websites when possible • Proxy/tunneling encryption (e.g., Tor) could be useful

  12. The dark side of social networking • The longer you communicate, the more likely that you would reveal information about yourself • The more data/pictures you put online, the more you endanger your privacy • The more friends you have, the easier you could be tracked, exploited • Bullying, abuse, exploitation, threats, intimidation, etc. are on the rise • “Facebook seems to be a place where people aren't being cautious enough” - DeDomenico-Payne (The dark side of social media)

  13. Exercise 1- Review all your passwords and find which ones do not meet the security requirements based on good practice mentioned here 2- Change those passwords and ensure that the new ones meet those criteria 3- Read the privacy-related instructions of the two major social networking sites that you use (e.g., Facebook, Twitter) 4- Mark the points that you think could be of potential concern for activists in your country or region 5- Discuss how those points could prevent users in your country to register with fake/anonymous identities and what that would mean to activists in your country and the risk associated with revealing their identities and their private chatting messages.

More Related