password securitya16cat.sirinc2.org/2018_presentations/jul 2018 passwords.pdf · if you are only...

Password Security

Don’t be a victim

Do you really need to know why?

AdultFriendFinder network hack

exposes 412 million accounts

“In a recent survey it was

reported that 90 percent of all

businesses suffered some sort of

computer hack over the past 12

months and 77 percent of these

companies felt that they were

successfully attacked several

times over the same period of

time.”

This is where I scare you with statistics

Nearly three quarters, 73%,

of all Americans have fallen

victim to some type of cyber

crime.

This is where I scare you with statistics

“Over 27 million

Americans have fallen

victim to identity

theft over the past

five years. 9 million

of them found their

identities stolen in

the last year alone.”

This is where I scare you with statistics

Still doubt me?https://haveibeenpwned.com/

See if your email address is on the list of

accounts that have been offered for sale on

the black market.

Bottom line:● You must have good

passwords!● You need to be ready

to change them quickly

● You should also consider additional measures

1. They hacked one of your service providers

How did they get my password?

How did they get my password?

2. They cracked your lousy password (2 in 5 people)Splashdata’s Top 25 Worst Passwords 2017

123456 monkey trustno1

password login

12345678 abc123

qwerty starwars

12345 123123

123456789 dragon

letmein passw0rd

1234567 master

football hello

iloveyou freedom

admin whatever

welcome qazwsx

How did they get my password?

3. You Gave it to them - social engineering

How did they get my password?

4. They got it (see 1-3) and then used it for other accounts

https://haveibeenpwned.com/Passwords

What makes a good password?Length

● 12 characters or more

● If you are only alphanumeric -

longer

● Consider passphrases -

sentences with spaces

Complexity

● Letters - lowercase and caps

● Numbers

● Special characters

● No words

● No names

If you are only using numbers in your password, it has to be twice as long as

a password that uses the complex character set (96 possible characters) in

order to have the same level of security.

In other words, a 12 character password that uses only numbers is very

weak.

What makes a good password?According to Stopthehacker.com “it takes only 10

minutes to crack a lowercase password that is 6

characters long.

Add two extra letters and a few uppercase letters

and that number jumps to 3 years.

Add just one more character and some numbers and

symbols and it will take 44,530 years to crack.”

Some Examples

Michael just called my f!*$#-()g phone 925-291-0810

Michael just called my phone 925-291-0810

Michael just called my phone

Michael433

michael💩

👎

👍

💪

👽

Exactly how does one achieve the impossible?Good

Record them in an app that you keep on your phone

BetterPassword vaults on your browser

BestDual Authentication or Multi-factor authentication (MFA)

Note Taking Apps● Available anywhere - computer, tablet and phone

● Can be password protected

Password protection is important!

Password Vaults● Connected to your browser

● Works on all devices

● One good password to log in to the vault and it remembers

all of your passwords

● If you don’t have to remember your passwords, then all of

your passwords can be:

✓ Very long

✓ Very complex

✓ Different for every account

Password Keepers

Password Keepers

Dual Authentication or Multi-Factor AuthenticationUsing more than one authenticating factor to log in (MFA)

PasswordSomething you know

PhoneSomething you have

Fingerprint or faceSomeone you are

Existing tech that you probably don’t useAuthenticator apps on your phone

Your register the website that you

want to log into.

The authenticator gives you a

unique code on your phone, instead

of texting it to you.

Google, Microsoft, and Apple have

one “authenticator” apps

New TrendsPhysical keys, like a car.

Contain an encrypted code on a

chip.