password management for you
TRANSCRIPT
Welcome again UCSY 2015
“ Password Management for you “
Chit Ko Ko Win
Introduction
●Everyone has an account for Google, Facebook, Twitter, LinkedIn, Outlook/Hotmail, Dropbox... the list goes on. ●Unfortunately, most of us use either one password or a group of passwords for all of our major accounts.
That’s dangerous !!!
Why Password ?
● Passwords are the keys to accessing your computer, bank account and almost everything you do online .
● In other words passwords are the primary means of authenticating a user (authentication being the process of verifying who somebody is)
Attacking
Brute Force Attack Dictionary Attack
use every possible password combination of characters to retrieve the
password
use every word in a dictionary of common words to
identify the password
large number of password combination certain number of common keys
time of cracking depends on the password strength
(length and complexity)
time of cracking is depends on the number of common
passwords, so it’s a bit faster than a brute force attack
Common Mistakes
Mistake Example Risk Evaluation
Using a Common Password
123456 12345123456789passwordiloveyouthe six letters on any row of a keyboard. For example, the first six letters on the top row of the keyboard “qwerty”
Too risky. These are most criminal’s
first guesses, so don’t use them.
Common Mistakes
Mistake Example Risk Evaluation
Using a Password that is based on personal data (often called an easy-to-guess password). Basing a password on your social security number, nicknames, family members’ names, the names of your favorite books or movies or football team are all bad ideas. Don’t.
Gladiator“SaiSai” “ kokoye”“Jenny” “ ethan ”“Sh” Real Madraid or RealMadraid
Too risky: anyone who knows you caneasily guess this information.
Common Mistakes
Mistake Example Risk Evaluation
Using a Short Password
John12Jim2345Kokoye2007Yuki123ye50351
The shorter a password, the moreopportunities for observing, guessing,and cracking it
Common Mistakes
Mistake Example Risk Evaluation
Using the same password everywhere
Using one password on every siteor online service
Too risky: it’s a single point of failure.If this password is compromised, orsomeone finds it, the rest of your accounts including your sensitive information are at risk.
Common Mistakes
Mistake Example Risk Evaluation
Writing your password(s) down.
Writing your password down on a post it note stuck to your monitor, keyboard or anywhere.
Very high risk, especially in corporate
environments. Anyone who physically
gets the piece of paper or sticky note
that contains your password can log
into your account.
Useful Tips
● IMPORTANT: your password should be at least 8 characters long, and it is highly recommended that it’s 12 characters or more.
● Select a password that contains letters (both uppercase and lowercase), numbers and symbols.
Category Example
Uppercase letters A, B, C, D
Lowercase letters a, b, c, d
Numbers 0, 1, 2, 3, 4, 5, 6, 7, 8, 9
Symbols ! @ # $ & * : ; . ? /
● You don’t want to use the same password with all of your on-line accounts, but it is also impossible for you to remember hundreds of passwords.
● So what should you do?
● While generating a password you should follow two rules; ● Length and Complexity. ● Let’s start by using the following sentence:
● “I like to read Ubuntu blog everyday”● Let’s turn this phrase into a password.● Take the first letter from each word: “ Iltrubed “● Now increase its strength by adding symbols and numbers
20*Iltr_bed*14●
For Gmail 20*Iltr_bed*14GmailFor FB FB20*Iltr_bed*14For Twitter Tw20*Iltr_bed*14For LinkedIn 20*Iltr_bed*14LinkFor Yahoo Ya20*Iltr_bed*14hoo
Password Management Tools
● Password management tools are really good solutions for reducing the likelihood that passwords will be compromised,but don’t rely on a single source.
● There are many tools in Google search:● But I prefer Keepassx
http://www.keepassx.org/
KeePassX is an application for people with extremly high demands on secure personal data management. It has a light interface, is cross platform and published under the terms of the GNU General Public License.
KeepassX
Database စတငငရနင
KeepassX
သငင ၏Master password ကကကရကကကင
KeepassX
သငင ၏ Master password ကကကကပနငရကကကင
KeepassX
သငင ၏ account အတတကင password ဖနငတတရနငAdd New Entry
KeepassX
သငငင Account အခခကငအလကင
KeepassX
Generate ကကက press
KeepassX
Save your database !!
Stronger security for your Google Account
●With 2-Step Verification, you’ll protect your account with both your password and your phone
●http://www.google.com/landing/2step/features.html
Click on the Get Started
Step by step
Fill up your password
Security checkup & verify Ph
Chit Ko Ko Win
chitkokowin(at)globalwave(dot)com(dot)mm
saintjohn769(at)ubuntu.com
https://chitkoko.ubuntu-mm.net
https://launchpad.net/~saintjohn769
http://fb.com/ChitKoKoWin
https://twitter.com/Chitkokowin