Upload File

don't forget your (virtual) keys: creating, using, and maintaining strong passwords

  • Home
  • Technology
  • Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords
35
APPY HOUR DON'T FORGET YOUR (VIRTUAL) KEYS: CREATING, USING, AND MAINTAINING STRONG PASSWORDS September 2014

Upload: rmortiz66

Post on 19-Nov-2014

93 views

Category:

Technology


0 download

Report

Tags:

DESCRIPTION

Presentation for the RWU Law Library Appy Hour Series, September 2014

TRANSCRIPT

Page 1: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

APPY HOURDON'T FORGET YOUR (VIRTUAL) KEYS:

CREATING, USING, AND MAINTAINING STRONG

PASSWORDS

September 2014

Page 2: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

2

“Up to 70 million individuals may be affected”

“33 P.F. Chang’s China Bistro branded restaurant locations”

“Nearly all U.S. Home Depot Stores Hit”

December 2013

April or May 2014

June 2014

Page 3: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

3Source: http://www.insecpro.com/index.php/articles/cyber-crime-statistics

http://www.insecpro.com/index.php/articles/cyber-crime-statistics
Page 4: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

4

TODAY’S MENU

• CREATING STRONG PASSWORDS

• MONITORING YOUR PASSWORDS

• REMEMBERING YOUR PASSWORDS

• RECOVERING FROM A STOLEN PASSWORD

• MORE INFORMATION

Page 5: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

5

ARE YOU USING STRONG PASSWORDS?

• HOW SECURE IS MY PASSWORD?

https://howsecureismypassword.net/
https://howsecureismypassword.net/
Page 6: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

6

AVOID COMMON PASSWORDS

Source: http://splashdata.com/press/WorstPasswords-

2013.jpg

Page 7: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

7

THINK BIG!

http://upload.wikimedia.org/wikipedia/commons/9/90/Magic8ball.jpg
Page 8: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

8

SOME TIPS:DO

• STARTING POINT:

• SENTENCE (ABBREVIATED)

• PASSPHRASE

• MISPELLED LONGER WORD

• ADD UPPER AND LOWER CASE

• ADD SOME NUMBERS

• ADD SOME SYMBOLS

DON’T

• REPEAT PART OF YOUR USER NAME

• USE SOMETHING OTHERS KNOW ABOUT YOU

• USE REAL WORDS ONLY

• REPLACE LETTERS WITH SYMBOLS TO MAKE COMMON WORDS MORE “SECURE”

• USE SOMETHING YOU CAN’T EASILY REMEMBER

Page 9: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

9

EXAMPLES

START WITH

• ABBREVIATED SENTENCE:

• THE FIRST PRESIDENT WAS GEORGE WASHINGTON TFPWGW

• PASSPHRASE:

• ABELINCOLNPS347URIRWULAW

• MISPELLED WORD:

• EXOSKELETON EKSOSCHELATUN

Page 10: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

10

EXAMPLES (CONT’D)

ADD

• UPPER AND LOWER CASE

• TFPWGW TfpwGW

• ABELINCOLNPS347URIRWULAW AbeLincolnPS347RWULaw

• EKSOSCHELATUN EksoSchelatun

• NUMBERS & SYMBOLS:

• TfpwGW 17TfpwGW89 17Tfp#wGW89!

• AbeLincolnPS347RogerWilliams Ab3Lin(olnPS347RWUL@w

• EksoSchelatun Eks0Sch3latun Eks0Sch3l@tun!

See Resources on Appy Hour page for more ideas on creating strong passwords.

Page 11: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

11

CHANGE YOUR PASSWORDS OFTEN

Page 12: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

12

AVOID USING THE SAME PASSWORD REPEATEDLY

Page 13: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

13

USE A PASSWORD MANAGER

See the list at http://lawguides.rwu.edu/appyhour/passwords

http://lawguides.rwu.edu/appyhour/passwords
Page 14: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

14

PASSWORD MANAGER KEY FEATURES

• OPERATING SYSTEMS

• BROWSER INTEGRATION/FORM FILLING

• MOBILE PLATFORMS

• SECURE SHARING

• PASSWORD GENERATION

• PRICE: FREE, FREEMIUM, PAID, EDUCATIONAL DISCOUNTS

• BONUS! SECURITY ALERTS

• BONUS! TWO FACTOR AUTHENTICATION

Page 15: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

15

HOW ELSE CAN YOU PROTECT YOURSELF?• DON’T SHARE PASSWORDS WITH ANYONE!

• DON’T REUSE PASSWORDS

• IF YOU DO SHARE A PASSWORD, DON’T SEND IT VIA EMAIL.

• MONITOR YOUR EMAIL ADDRESSES

• USE MULTIFACTOR AUTHENTICATION, IF AVAILABLE

• ADD PASSWORD RECOVERY FEATURES TO YOUR ACCOUNTS

Page 16: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

16

Page 17: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

17

MONITOR YOUR EMAIL• SHOULD I CHANGE MY PASSWORD?

• PWNEDLIST

https://shouldichangemypassword.com/
https://pwnedlist.com/query
Page 18: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

18

USE MULTI-FACTOR AUTHENTICATION

Page 19: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

19

WHAT YOU KNOW

What is your mother’s maiden

name?

Page 20: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

20

WHAT YOU HAVE

Page 21: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

21

WHO YOU ARE

Source: http://en.wikipedia.org/wiki/Multi-factor_authentication#Background

Page 22: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

22

ADD PASSWORD RECOVERY FEATURES

• CHOOSE YOUR QUESTIONS WISELY!

• SAFE

• STABLE

• MEMORABLE

• SIMPLE

• MANY

• CHOOSE QUESTIONS THAT SATISFY ONE OR MORE OF THESE CRITERIA.

Source: http://goodsecurityquestions.com/examples

Page 23: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

23

RECOVERING FROM A STOLEN PASSWORD

• CHANGE THE PASSWORD

• ASSESS & REPAIR THE DAMAGE

• SCAN & PROTECT YOUR SYSTEMS FOR VULNERABILITES

Page 24: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

24

ASSESS & REPAIR THE DAMAGE: EMAIL & SOCIAL MEDIA• FACEBOOK: HACKED ACCOUNTS

• TWITTER: MY ACCOUNT HAS BEEN HACKED

• INSTAGRAM: REPORT A HACKED ACCOUNT

• GOOGLE: COMPROMISED GMAIL ACCOUNT

• RWU EMAIL: 401-254-6363 (MEDIA•TECH SUPPORT CENTER)

https://www.facebook.com/hacked
https://support.twitter.com/articles/185703-my-account-has-been-hacked
https://help.instagram.com/contact/470866676325859
https://support.google.com/mail/answer/50270?hl=en
Page 25: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

25

ASIDE: SOCIAL MEDIA SAVVY

• KNOW AND USE THE SECURITY FEATURES OF YOUR SOCIAL MEDIA SITES

• BE CAREFUL WHO “FRIENDS”, “FOLLOWS”, “LINKS”, ETC. TO YOU.

• KEEP YOUR PERSONAL INFORMATION PRIVATE

• REVIEW REGULARLY APPS AND OTHER TOOLS THAT LINK TO YOUR SOCIAL MEDIA ACCOUNTS!

Page 26: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

26

ASSESS THE DAMAGE: FINANCES

• FEDERAL TRADE COMMISSION: PLACE A FRAUD ALERT

• CREDIT BUREAUS

• EQUIFAX: REQUEST A 90 DAY FRAUD ALERT

• EXPERIAN: HOW TO RESPOND TO IDENTITY THEFT

• TRANSUNION: FRAUD ALERTS

http://www.consumer.ftc.gov/articles/0275-place-fraud-alert
https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp
http://www.experian.com/help/identity-theft-victim-assistance.html#idtheft_victimYes
http://www.transunion.com/personal-credit/credit-disputes/fraud-alerts.page
Page 27: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

27

PROTECT YOUR SYSTEMS!

• COMPUTERS, ANTIVIRUS:

• AVAST! (W/M)

• MICROSOFT SECURITY ESSENTIALS (W)

• SOPHOS (M)

• COMPUTERS, MALWARE:

• MALWARE BYTES (W)

• SOPHOS (M)

• TABLETS/PHONES:

• ADD SECURITY LOCK

• FIND MY IPAD/IPHONE

• LOOKOUT MOBILE SECURITY

Page 28: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

28

BREAKING NEWS!

Page 29: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

29

QUESTIONS?

• LET ME KNOW!

[email protected]

OR

401-254-4547

•CLASS WEBPAGE: HTTP://LAWGUIDES.RWU.EDU/APPYHOUR/PASSWORDS

mailto:[email protected]
Page 30: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

30

CREDITS (SLIDES 2, 7 & 11)• SLIDE 2: “HOME DEPOT” BY MIKE MOZART, “TARGET” BY

KEVIN DOOLEY, AND “P.F. CHANG’S” BY DAVE DUGDALE ARE LICENSED UNDER CC BY 2.0, CC BY 2.0 AND CC BY SA 2.0, RESPECTIVELY.

• SLIDE 7: “MAGIC 8 BALL” BY “CHRISTIAN HELDT”.

• SLIDE 11: FALL SCENE: “HAPGOOD POND” BY U.S. DEPARTMENT OF AGRICULTURE LICENSED UNDER CC BY 2.0; “SPRING” BY MOYAN BRENN LICENSED UNDER CC BY ND 2.0; “2015” BY FREE WIDE WALLPAPERS; “ALL FOUR SEASONS – OUTSIDE MY WINDOW” BY SUNDAR M LICENSED UNDER CC BY SA 2.0

https://www.flickr.com/photos/jeepersmedia/11199472286/in/photolist-3R2Gd-mXs1n4-nDKf9G-nwzRkv-9R1hP-i5rFEz-62qyGZ-mXrXkc-mXrZRe-mXtRJu-mXtPQQ-mXtRb5-i4EdVL-mXrWnn-nwzR2V-mXrX1M-i4Evga-nuQ8cu-nwBG77-nfofT1-nHzhfZ-mXs3ti-zHARb-nFA95E-jauAoE-mjFaHq-o1zJf9-mfRMek-mfSvU8-mjDyvz-mjCNcV-5HiqFP-bS4gc-mfTG6Q-mfRKED-oP56AW-9U6RwW-nU7qoB-nU7qtA-obsrb7-mjDGRF-mjDkvK-onrv64-nU71jL-nfocJp-nfomV9-nfo9vk-owBxz5-o9yrCm-nwBFcw/
https://www.flickr.com/photos/jeepersmedia/11199472286/in/photolist-3R2Gd-mXs1n4-nDKf9G-nwzRkv-9R1hP-i5rFEz-62qyGZ-mXrXkc-mXrZRe-mXtRJu-mXtPQQ-mXtRb5-i4EdVL-mXrWnn-nwzR2V-mXrX1M-i4Evga-nuQ8cu-nwBG77-nfofT1-nHzhfZ-mXs3ti-zHARb-nFA95E-jauAoE-mjFaHq-o1zJf9-mfRMek-mfSvU8-mjDyvz-mjCNcV-5HiqFP-bS4gc-mfTG6Q-mfRKED-oP56AW-9U6RwW-nU7qoB-nU7qtA-obsrb7-mjDGRF-mjDkvK-onrv64-nU71jL-nfocJp-nfomV9-nfo9vk-owBxz5-o9yrCm-nwBFcw/
https://www.flickr.com/photos/jeepersmedia/
https://flic.kr/p/96vCN1
https://www.flickr.com/photos/pagedooley/5313218644/in/photolist-4CoKAv-6L2Xji-n87HSk-7BN7ky-7uZahi-63hBdu-bXZFam-p3Kc9s-ndQEmA-ejPxj8-ojM7ad-96vCN1-fcJYgg-5HsyJH-ks7QzP-5smnjs-gDRaj-5xPJVf-6823n2-akLjz-6h3M1T-apvSiR-4ftKFp-3kYdg7-k8iBhk-bQmRVH-ntJvX8-5EtvoU-91uQPm-dL3UmP-81eeaJ-mXbG4S-aFU9Ke-dAdtYy-fzauHB-b7BhHz-4HjhPS-kGhdKR-an9Poh-dAo3YX-4Xt3DV-5evsSo-59UsLr-aaichg-2RxCau-nvT5yr-e1KQLe-j1TrTc-dAG9As-52joBn
https://flic.kr/p/7PJNHd
https://www.flickr.com/photos/davedugdale/
https://www.flickr.com/photos/davedugdale/
https://creativecommons.org/licenses/by/2.0/
https://creativecommons.org/licenses/by/2.0/
https://creativecommons.org/licenses/by-sa/2.0/
http://commons.wikimedia.org/wiki/File:Magic8ball.jpg
http://de.wikipedia.org/wiki/Benutzer:ChristianHeldt
http://de.wikipedia.org/wiki/Benutzer:ChristianHeldt
https://flic.kr/p/avw9wd
https://flic.kr/p/avw9wd
https://flic.kr/p/avw9wd
https://flic.kr/p/avw9wd
https://www.flickr.com/photos/usdagov/
https://creativecommons.org/licenses/by/2.0/
https://www.flickr.com/photos/aigle_dore/
https://www.flickr.com/photos/aigle_dore/
https://www.flickr.com/photos/aigle_dore/
https://creativecommons.org/licenses/by-nd/2.0/
http://www.freewidewallpapers.com/happy-new-year-2015/2015-new-year-celebration/
https://creativecommons.org/licenses/by-sa/2.0/
https://creativecommons.org/licenses/by-sa/2.0/
Page 31: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

31

CREDITS (SLIDES 12 & 16)

• SLIDE 12: “MONEYCASH” BY 2BGR8STOCK , LICENSED UNDER CC BY 3.0; “INSTAGRAM AND OTHER SOCIAL MEDIA APPS” BY JASON HOWIE, LICENSED UNDER CC BY 2.0. OTHER IMAGES COURTESY OF RWULAW, MICROSOFT.

• SLIDE 16: “YOU’LL NEVER FORGET YOUR PASSWORD EVER AGAIN” BY MEME BINGE, LICENSED UNDER CC BY 2.0.

http://commons.wikimedia.org/wiki/File:Money_Cash.jpg
http://2bgr8stock.deviantart.com/
http://creativecommons.org/licenses/by/3.0/deed.en
https://flic.kr/p/d41HES
https://www.flickr.com/photos/jasonahowie/
https://creativecommons.org/licenses/by/2.0/
https://flic.kr/p/noVhKg
https://www.flickr.com/photos/memebinge/
https://creativecommons.org/licenses/by/2.0/
Page 32: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

32

CREDITS (SLIDES 18-19)

• “STEP 1: READY YOUR ATM CARD” BY COLIN MCCLOSKEY, LICENSED UNDER CC BY NC-SA 2.0.

• KEYPAD: “ATM KEYPAD 2/4” BY REDSPOTTED, LICENSED UNDER CC BY 2.0

https://flic.kr/p/z4vyU
https://www.flickr.com/photos/mccolin/
https://creativecommons.org/licenses/by-nc-sa/2.0/
https://creativecommons.org/licenses/by-nc-sa/2.0/
https://flic.kr/p/2oTx
https://www.flickr.com/photos/redspotted/
https://creativecommons.org/licenses/by/2.0/
https://creativecommons.org/licenses/by/2.0/
Page 33: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

33

CREDITS (SLIDE 20)

• ATM CARD: “PHOTO365 DAY 4” BY ALLAN DONQUE, LICENSED UNDER CC BY 2.0

• SECURITY KEYS: “RSA TOKENS” BY EDWIN SARMIENTO, LICENSED UNDER CC BY SA 2.0

• MOBILE PHONE: “SONY EXPERIA NEO MT15I MOBILE PHONE” BY MATT KLEFFER, LICENSED UNDER CC BY SA 2.0

https://flic.kr/p/7AADC1
https://www.flickr.com/photos/allandonque/
https://www.flickr.com/photos/allandonque/
https://creativecommons.org/licenses/by/2.0/
https://flic.kr/p/avUznU
https://www.flickr.com/photos/bassplayerdoc/
https://creativecommons.org/licenses/by-sa/2.0/
https://flic.kr/p/9Z4Ary
https://flic.kr/p/9Z4Ary
https://flic.kr/p/9Z4Ary
https://www.flickr.com/photos/mattkieffer/
https://www.flickr.com/photos/mattkieffer/
https://creativecommons.org/licenses/by-sa/2.0/
Page 34: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

34

CREDITS (SLIDE 21)

• FINGERPRINT: “FINGERPRINT” BY JOSE LUIS AGAPITO, LICENSED UNDER CC BY ND 2.0

• EYE SCAN: IROBOT EYE V2.O, BY TC MORGAN, LICENSED UNDER CC BY NC SA 2.0

• FACE RECOGNITION: “MYHERITAGE.COM FACE RECOGNITION” BY MYHERITAGE.COM

https://flic.kr/p/4xGCiY
https://www.flickr.com/photos/blvesboy/
https://www.flickr.com/photos/blvesboy/
https://creativecommons.org/licenses/by-nd/2.0/
https://creativecommons.org/licenses/by-nd/2.0/
https://creativecommons.org/licenses/by-nd/2.0/
https://creativecommons.org/licenses/by-nd/2.0/
https://flic.kr/p/dieMY4
https://www.flickr.com/photos/tcmorgan/
https://creativecommons.org/licenses/by-nc-sa/2.0/
http://www.myheritage.com/facial-recognition-technology
http://www.myheritage.com/
Page 35: Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

35

CREDITS (SLIDE 27)

• ALL YOU MAGAZINE ON FACEBOOK (POSTED 9/9/2014)

https://www.facebook.com/allyoumagazine

Don't Forget About the Real World

Reality Based Learning - don't forget the ball

Don't Forget About All of America's Families!

Don't Forget, We All Grow Old

Don't forget

NSI 2014: Hey Colleges! Don't Forget the Parents

Don't Forget It - App

Don't forget us

DON'T YOU (FORGET ABOUT MEANS)

BIOMETRICS By Lt Cdr V Pravin 05IT6019. BIOMETRICS Forget passwords... Forget pin numbers... Forget all your security concerns

Don't forget the back office peps!

PVA: Don't Forget About Me

In a world of API's don't forget WebDav !

Don't Forget This!

Don't forget the audience

Ukash Mdays - Don't forget about cash!

October Horoscope Don't Forget!

Don't Forget You're A Coach Too

Don't Forget About All of America's Families!

Don't Forget Your Audience!

Don't Forget Son-English Booklet

When Managing Expatriate Adjustment, Don't Forget the Spouse

Don't Forget The Third Sector

3: Don't forget voice! (Tim Panton)

PROFESIONALISME GURU- DON'T FORGET ABOUT INTRINSIC MOTIVATION

Quocirca & Networks First, Don't Forget the Network

BENEFITS Forget passwords. Secure SSO.€¦ · Forget passwords. Secure SSO. PASSWORDLESS Together, Veridium and Okta support passwordless authentication for ... including SAML and

Don't forget the strategy!

Don't Forget Viscosity

Don't You Forget About UX

Sgarf - don't forget, collect

Auto-pilot for all your passwords. · Remembers your passwords so you don’t have to. Auto-pilot for all your passwords. Remembers your passwords so you don’t have to. Forget forgotten

Don't Forget to Remember Me

BIOMETRICS. BIOMETRICS BIOMETRICS Forget passwords... Forget pin numbers... Forget all your security concerns

Don't Forget the Stuffing! Revisiting the Security Impact