password management
TRANSCRIPT
Passwords Problems• Too Simple
• Passwords are Reused
• Too Many Passwords/Sites to Maintain
• Too Complicated
• Sometimes Passwords Expire and Must Be Changed
Passwords Threats• You (are too trusting and don’t believe it will happen to you)
• Easier to Guess than Expected
• Brute Force
• Hacking / Keyboard Loggers / Sniffing / Nosy People
• Social Engineering
• Use Familiar “Tricks”
• Transformations and substitutions (f00tb@ll or sdrawkcab)
• Keyboard patterns (qwertyasdf)
• Padding (Montana12&*-&*-&*-)
Password Security
• Passwords need to be mathematically complex
• Passwords are more guessable than you think
• “Complex” is not the same as “Complicated”
• Passwords need to be memorable
Complexity Components• Length
• Character Set (letters, numbers, symbols)
• Randomness (absence of a discernible pattern)
• Ladnomics (not a word but follows a pattern)
• 8vgz2N'A (no discernable pattern)8 visa golf zip 2 NUT ' APPLE
Password Length Flaws• possibilities - 13 characters long
• Readable
• Dictionary word
• Not complex
• iYb48zJ# - 8 characters long
• Short but complex
• Not memorable
Can You Crack This? (Answer 1)
• RickChin - shift one character in the alphabet
• A computer will crack this in under 1 second
Can You Crack This? (Answer 2)
• RickChin - shift 1x(character position) characters in the alphabet, character by character
• R =1, shift one to S
• i = 2, shift two to k
• c = 3, shift 3 to f
• etc.
• A computer will crack this quickly
Why Your PasswordsNeed Help
• A computer will crack over 2 billion password combinations in less than 1 second
• If a human could crack 1 password combination per second continuously (but we can’t), it would take 3.8 years to crack 2 billion
Password Cracking
• There are many free and commercially available password crackers and recovery tools
• Rainbow tables and more
• Databases of pre-cracked (i.e., no computational delay) lists of password combinations
Ways People Keep Their Passwords
• Post It Notes
• Taped to the bottom of their keyboard
• Text, Word, or Excel file on their desktop (password protected or not)
• No place, I use (one, two, three) main passwords and rotate between them
What Happens When a Password is Compromised
• Passwords are often entered into a program/database that tries to access every major bank, credit card company, payment system, retail stores, email systems, and more at blistering speed
• They will cross-match with public information records for addresses and other information to answer security questions
• Information gathered from one system (like email addresses or mother’s maiden name) will be used in attacks on other systems
• For this reason, reusing passwords is one of the most dangerous practices you can do
Password Strategy• There are a few key passwords you must know
• Generally these are passwords you might need often or in an emergency to get access to everything else. Common examples:
• Master password for a password manager
• Computer login password
• Your Apple ID password
• Dropbox or cloud storage password
• Create strong but memorable passwords for these
• Practice and memorize them
• Use a Password Manager for everything else
Password Managers• A software vault that stores your passwords encrypted
• Has a master password that grants access to all the other passwords
• Can generate and store random complex passwords that you can use instead of less complex passwords
• Syncs your passwords and makes them available on the devices you use, wherever you are, even without Internet access
Suggested Features• Works in a browser, preferably also on your phone and
tablet
• Autofills most places (occasionally you’ll need to copy and paste)
• Syncs via Dropbox, iCloud, or their own cloud service
• Preferably syncs automatically, not just when you manually initiate a sync
• Allows you to share certain logins securely with other people (like family members)
Example Password Managers
• 1Password - www.agilebits.com
• LastPass - www.lastpass.com
• Dashlane - www.dashlane.com
• Roboform - www.roboform.com
• iCloud Keychain - availability began in OS X 10.9 and iOS 7