fordham tech. innovators - password management presentation
DESCRIPTION
Presentation for the Fordham Technology Innovator's Council on password management strategies.TRANSCRIPT
Password Management in the Web 2.0 Age
Challenges and Solutions
Jim Behnke and Jose DeLeon
Accessing Apps in the “Cloud”
…when does too many passwords become a hindrance to instructors?
Key question: How important is your information? Student records? Financial information? Photos of family / friends? Instructional materials? Research / doctoral thesis? Confidential survey data? Given that user names and
passwords are the norm… Why do people use weak passwords,
or no passwords at all, by preference?
Problem Outline
Too many passwords May prevent or discourage use of
technology Difficult to track and organize
efficiently Differing password complexity
requirements
Challenges
Creating quality passwords Password Recall Password uniqueness Multifactor Authentication Secure storage Portability (ability to access on
multiple computers / devices)
Tips for Creating Quality Passwords
Mixed Case Alphanumeric Special Characters
(!@#$%^&*()_+/*-+ Unambiguous characters
Il Password Length
94x possibilities ( Z^U5yCeQ7k )
Hint: its not that easy!
Methods of Password Recall
Memory (unreliable, impractical esp. with decent passwords)
Written Down (insecure) Stored in a plain text file (still
insecure) Store in specialized Password
Management Software
Two Potential Solutions
http://keepass.info
http://lastpass.com
Overview: “ KeyPass” Open-source password management database
James Behnke
What is KeyPass?
Database for secure storage of user accounts and passwords
FREE, “open-source”
Cross-platform
Available on many platforms…
Key Features (DEMO)
DEMO SUMMARY:
Stores data needed to access Web-based applications
Tools for securely generating and evaluating passwords
Makes using passwords convenient Encrypted data files
Dilemma:
What happens if someone steals your database file?
Regarding Encryption
Wikipedia definition: “encryption”
“In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.”
http://en.wikipedia.org/wiki/Encryption
KeyPass encryption options
DO NOT LOOSE YOUR PASSWORD OR KEY FILE!
Regarding portability
Problem: How do I carry my password database from device to device?
Possible Paths to Portability
USB Flash Drives (for data files) MyFilesw/ “Xythos Drive” or OSX “DropBox” (www.dropbox.com) or similar “data synchronization” service
“Portable apps” (DEMO) (http://portableapps.com/) or similar application
A widely used, open-source application…
Final Thoughts…
KeyPass Pros KeyPass Cons•Relatively easy to use•Free•Cross-platform inc. mobile options•Relatively secure•Widespread use, many “plugins”• e.g. synchronize databases
between computers, automatically enter information instead of copying and pasting
•Currently, requires additional effort / knowhow to make it portable
•”Plugins” must be sought out, installed, and toyed with
Last Pass Features
Browser Based IE, Chrome, Safari, Firefox
Portable Iphone, BlackBerry, Windows Phone, Symbian, Android USB Flash Drive Cloud
Security SSL encryption on all traffic to Last Pass servers Database encrypted/decrypted at the client side with
256-bit AES before transmission to servers Master password stored on servers as a hash. Screen Keyboard Phishing Protection
Last Pass Features
Multifactor Authentication OTP – (One Time Passwords) YUBIKEY – token based authentication
Usability One Master Password Automatic Form Filling One Click Login Synchronized Across Browsers Securely Share Login Credentials Automatic Backup Password Generator
Alternative solutions:
Firefox 4 Beta: New Firefox provides service to
synchronize passwords between computers (.MP4 video)
Google Chrome: