SlideShare uma empresa Scribd logo

„The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups

Transferir como ODP, PDF
Kaido Kikkas
Kaido Kikkas

A presentation at the HCII 2013 conference in Las Vegas, July 25, 2013 (co-authored with Birgy Lorenz and Aare Klooster).

EducaçãoTecnologia
1 de 17
„The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups Kaido Kikkas Birgy Lorenz Aare Klooster Estonian IT College Tallinn University Tallinn University & Tallinn University c Kaido Kikkas 2013. This document is distributed under the Creative Commons Attribution-ShareAlike 3.0 Estonia license.
This thing's got a beard ● The first widespread notion about password security (or lack thereof) – The Stockings Were Hung by the Chimney with Care by Bob Metcalfe from 1973 (RFC602) ● An even earlier case described by Richard M. Stallman from the MIT AI Lab in the 60s ● The quote with four common passwords comes from the movie Hackers from 1990 (yes, the one with geeky Angelina Jolie)
The Infamous Dumbuser (a.k.a. Ordinary Joe/Jane) ● A typical scenario: – Jane/Joe has to choose a password, picks something easy and obvious – Bad Guys guess it, resulting in SHTF – Jane/Joe gets a good thrashing from a local BOFH, followed by a long and grumpy lecture about password security – Jane/Joe gets a secure password – alas, it is impossible to remember and needs to be written down (to some obvious place) – Bad Guys intercept it with even more SHTF
The obligatory piece of geekiness http://imgs.xkcd.com/comics/authorization.png
Mitnick says ● Security = – Policies – People – Processes – Technology ● In password security, technology is often the least important
The study ● Stage I: password usage in Estonian schools among different user groups – Students (high school, vocational school, university) – Teachers/trainers – ICT specialists at schools – A large comparison group of 'average users' (convenience sample based on personal contacts)
... ● Stage II – e-safety training with different groups, based on the Stage I results – Password models – Strength testing – Safe storage options – General tips on e-safety ● This stage is still ongoing
Some results ● Stage I revealed the overall lack of security awareness – and especially among 'those who should know better' ● The behavioral patterns in different user groups were more similar than predicted
Examples ● Most respondents only use 4 or less different passwords (incl 54% of the ICT specialists) ● More than a half of the respondents use short passwords with 9 or less characters ● The only remarkable redeeming quality among ICT specialists was including special characters in passwords ● Teachers actually ranked below students
... ● Apparent lack of creativity – both in password and 'secret question' choices ● Password sharing among friends/family is widespread ● Overall awareness of computer security varies with some worrisome findings (e.g. 26% of the ICT specialists did not update their systems)
A parable of two tools... ● Cugnot's fardier à vapeur, 1771 ● Speed 2.25 mph ● Bugatti Veyron, 2010 ● Speed 250 mph Note: the pictures on this and next slide come from Wikimedia Commons
… and SHTFs ● 1771 ● 2010 ● What did break and what did survive?
e-stonia ● Among top countries in Internet freedom ● E-banking (used by ~70% of the population) ● E-declaration of income (~70%) ● E-voting (Riigikogu 2011 – 24.3%) ● National ID-card infrastructure with large and growing online application base ... ● BUGATTI VEYRON....??
Main things to do ● Quote Mitnick: technology is the least one – Promote the least bad choice for passwords – long passphrases that ● are in native language (if other than English; also applies to usernames) ● make sense as words, not as phrase (e.g. “TheViolinDoesNotComputeMacaroni”) ● contain some 1337 and punctuation – Train good password storage practices – Password security is just a part of the whole ● Lack of knowledge is curable, stupidity is not
No fool like an old fool ● Start young! ● Caution – the concept of secrecy can be hard to grasp for young children (and can contradict some other principles) ● Curiosity can be dangerous but is vital – especially when dealing with adolescents ● Overconfidence kills - “experienced users” are notably hard to (re)train – but “putting the nose into it” can help
Instead of conclusion http://imgs.xkcd.com/comics/security.png
Thank you These slides @ Slideshare (CC BY-SA): http://slideshare.net/UncleOwl The (upcoming) Digital Safety Lab @ Tallinn University: http://www.tlu.ee/dsl Contact: {first.last}@tlu.ee The research was supported by the European Social Fund’s Doctoral Studies and Internationalisation Programme DoRa (governed by the Archimedes Foundation) and by the Estonian Information Technology Foundation http://www.spreadshirt.net

Recomendados

"If I Don't Like Your Online Profile, I Will Not Hire You!"
"If I Don't Like Your Online Profile, I Will Not Hire You!""If I Don't Like Your Online Profile, I Will Not Hire You!"
"If I Don't Like Your Online Profile, I Will Not Hire You!"Kaido Kikkas
 
Student Environment Powerpoint[2]
Student Environment Powerpoint[2]Student Environment Powerpoint[2]
Student Environment Powerpoint[2]Maryam_A_T
 
Shannon Morris PDLM presentation
Shannon Morris PDLM presentationShannon Morris PDLM presentation
Shannon Morris PDLM presentationshannoncmorris
 
Power point presentation digital citizenship
Power point presentation digital citizenshipPower point presentation digital citizenship
Power point presentation digital citizenshipSharda Mohamed
 
Star Kamal 9 B
Star Kamal 9 BStar Kamal 9 B
Star Kamal 9 Bjboulanger
 
Social and legal issues in i
Social and legal issues in iSocial and legal issues in i
Social and legal issues in iHassan Nasir
 
Everyone's a Coder Now: Reading and Writing Technical Code
Everyone's a Coder Now: Reading and Writing Technical CodeEveryone's a Coder Now: Reading and Writing Technical Code
Everyone's a Coder Now: Reading and Writing Technical CodeJulie Meloni
 
The Top Five Legal Pitfalls of Social Media for School Districts
The Top Five Legal Pitfalls of Social Media for School DistrictsThe Top Five Legal Pitfalls of Social Media for School Districts
The Top Five Legal Pitfalls of Social Media for School DistrictsDiana Benner
 

Recomendados

"If I Don't Like Your Online Profile, I Will Not Hire You!"
"If I Don't Like Your Online Profile, I Will Not Hire You!""If I Don't Like Your Online Profile, I Will Not Hire You!"
"If I Don't Like Your Online Profile, I Will Not Hire You!"Kaido Kikkas
 
Student Environment Powerpoint[2]
Student Environment Powerpoint[2]Student Environment Powerpoint[2]
Student Environment Powerpoint[2]Maryam_A_T
 
Shannon Morris PDLM presentation
Shannon Morris PDLM presentationShannon Morris PDLM presentation
Shannon Morris PDLM presentationshannoncmorris
 
Power point presentation digital citizenship
Power point presentation digital citizenshipPower point presentation digital citizenship
Power point presentation digital citizenshipSharda Mohamed
 
Star Kamal 9 B
Star Kamal 9 BStar Kamal 9 B
Star Kamal 9 Bjboulanger
 
Social and legal issues in i
Social and legal issues in iSocial and legal issues in i
Social and legal issues in iHassan Nasir
 
Everyone's a Coder Now: Reading and Writing Technical Code
Everyone's a Coder Now: Reading and Writing Technical CodeEveryone's a Coder Now: Reading and Writing Technical Code
Everyone's a Coder Now: Reading and Writing Technical CodeJulie Meloni
 
The Top Five Legal Pitfalls of Social Media for School Districts
The Top Five Legal Pitfalls of Social Media for School DistrictsThe Top Five Legal Pitfalls of Social Media for School Districts
The Top Five Legal Pitfalls of Social Media for School DistrictsDiana Benner
 
Geo
GeoGeo
GeoMariella Azzato
 
EeNET: development and lessons
EeNET: development and lessonsEeNET: development and lessons
EeNET: development and lessonsKaido Kikkas
 
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäOpettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäKaido Kikkas
 
Kaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaido Kikkas
 
T2
T2T2
T2Mariella Azzato
 
Innovation Parkour TEDIndia
Innovation Parkour TEDIndiaInnovation Parkour TEDIndia
Innovation Parkour TEDIndiaMichael Dila
 
PR43 Advertisement
PR43 AdvertisementPR43 Advertisement
PR43 Advertisementpublicrelations43
 
T1 Expresion
T1 ExpresionT1 Expresion
T1 ExpresionMariella Azzato
 
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Kaido Kikkas
 
Rss Creative
Rss CreativeRss Creative
Rss CreativeMariella Azzato
 
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusSotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusKaido Kikkas
 
J.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmJ.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmKaido Kikkas
 
Vecchietti a spasso
Vecchietti a spassoVecchietti a spasso
Vecchietti a spassofranceo
 
Necessary freedoms for information society
Necessary freedoms for information societyNecessary freedoms for information society
Necessary freedoms for information societyKaido Kikkas
 
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Michael Dila
 
Eesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisEesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisKaido Kikkas
 
Code of Ethics in E-learning
Code of Ethics in E-learningCode of Ethics in E-learning
Code of Ethics in E-learningKaido Kikkas
 
Vabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidVabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidKaido Kikkas
 
Religious Symbols
Religious SymbolsReligious Symbols
Religious Symbolsashie22
 
Etl523 pres jj jarick
Etl523 pres jj jarickEtl523 pres jj jarick
Etl523 pres jj jarickjamesjarick
 
The birth of an online module about privacy - Schoutsen & van Putten
The birth of an online module about privacy - Schoutsen & van PuttenThe birth of an online module about privacy - Schoutsen & van Putten
The birth of an online module about privacy - Schoutsen & van PuttenIL Group (CILIP Information Literacy Group)
 
Cybersafety
Cybersafety Cybersafety
Cybersafety Sue Noor
 

Mais conteúdo relacionado

Destaque

EeNET: development and lessons
EeNET: development and lessonsEeNET: development and lessons
EeNET: development and lessonsKaido Kikkas
 
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäOpettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäKaido Kikkas
 
Kaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaido Kikkas
 
Innovation Parkour TEDIndia
Innovation Parkour TEDIndiaInnovation Parkour TEDIndia
Innovation Parkour TEDIndiaMichael Dila
 
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Kaido Kikkas
 
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusSotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusKaido Kikkas
 
J.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmJ.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmKaido Kikkas
 
Vecchietti a spasso
Vecchietti a spassoVecchietti a spasso
Vecchietti a spassofranceo
 
Necessary freedoms for information society
Necessary freedoms for information societyNecessary freedoms for information society
Necessary freedoms for information societyKaido Kikkas
 
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Michael Dila
 
Eesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisEesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisKaido Kikkas
 
Code of Ethics in E-learning
Code of Ethics in E-learningCode of Ethics in E-learning
Code of Ethics in E-learningKaido Kikkas
 
Vabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidVabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidKaido Kikkas
 
Religious Symbols
Religious SymbolsReligious Symbols
Religious Symbolsashie22
 

Destaque (19)

Geo
GeoGeo
Geo
 
EeNET: development and lessons
EeNET: development and lessonsEeNET: development and lessons
EeNET: development and lessons
 
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäOpettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestä
 
Kaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaks teistmoodi e-õpet
Kaks teistmoodi e-õpet
 
T2
T2T2
T2
 
Innovation Parkour TEDIndia
Innovation Parkour TEDIndiaInnovation Parkour TEDIndia
Innovation Parkour TEDIndia
 
PR43 Advertisement
PR43 AdvertisementPR43 Advertisement
PR43 Advertisement
 
T1 Expresion
T1 ExpresionT1 Expresion
T1 Expresion
 
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
 
Rss Creative
Rss CreativeRss Creative
Rss Creative
 
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusSotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
 
J.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmJ.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailm
 
Vecchietti a spasso
Vecchietti a spassoVecchietti a spasso
Vecchietti a spasso
 
Necessary freedoms for information society
Necessary freedoms for information societyNecessary freedoms for information society
Necessary freedoms for information society
 
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
 
Eesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisEesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest Eestis
 
Code of Ethics in E-learning
Code of Ethics in E-learningCode of Ethics in E-learning
Code of Ethics in E-learning
 
Vabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidVabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelid
 
Religious Symbols
Religious SymbolsReligious Symbols
Religious Symbols
 

Semelhante a „The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups

Etl523 pres jj jarick
Etl523 pres jj jarickEtl523 pres jj jarick
Etl523 pres jj jarickjamesjarick
 
Cybersafety
Cybersafety Cybersafety
Cybersafety Sue Noor
 
Tech integration
Tech integrationTech integration
Tech integrationSümeyye Ak
 
Prof Ed 10- Lesson 5.pptx
Prof Ed 10- Lesson 5.pptxProf Ed 10- Lesson 5.pptx
Prof Ed 10- Lesson 5.pptxJumairaSharief
 
Internet Awareness October 2013
Internet Awareness October 2013Internet Awareness October 2013
Internet Awareness October 2013Julie Esanu
 
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011Jason Hong
 
Digital security -mariamustelier
Digital security -mariamustelierDigital security -mariamustelier
Digital security -mariamustelierFrank Gilbert
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Use of PLEs by security and investigation professionals
Use of PLEs by security and investigation professionalsUse of PLEs by security and investigation professionals
Use of PLEs by security and investigation professionalsTony Ratcliffe
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
 
Lessons Learned from the Safer Internet Program in Estonia
Lessons Learned from the Safer Internet Program in EstoniaLessons Learned from the Safer Internet Program in Estonia
Lessons Learned from the Safer Internet Program in EstoniaeLearning Papers
 
Five Reasons Not to Use EdTech
Five Reasons Not to Use EdTechFive Reasons Not to Use EdTech
Five Reasons Not to Use EdTechAndrew Campbell
 

Semelhante a „The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups (20)

Etl523 pres jj jarick
Etl523 pres jj jarickEtl523 pres jj jarick
Etl523 pres jj jarick
 
The birth of an online module about privacy - Schoutsen & van Putten
The birth of an online module about privacy - Schoutsen & van PuttenThe birth of an online module about privacy - Schoutsen & van Putten
The birth of an online module about privacy - Schoutsen & van Putten
 
Cybersafety
Cybersafety Cybersafety
Cybersafety
 
Tech integration
Tech integrationTech integration
Tech integration
 
Prof Ed 10- Lesson 5.pptx
Prof Ed 10- Lesson 5.pptxProf Ed 10- Lesson 5.pptx
Prof Ed 10- Lesson 5.pptx
 
Ethics andtel
Ethics andtelEthics andtel
Ethics andtel
 
Learning to use and sustaining use of ICTs by older people' Prof Leela Damod...
Learning to use and sustaining use of ICTs by older people' Prof Leela Damod...Learning to use and sustaining use of ICTs by older people' Prof Leela Damod...
Learning to use and sustaining use of ICTs by older people' Prof Leela Damod...
 
ICT and Citizenship
ICT and CitizenshipICT and Citizenship
ICT and Citizenship
 
Presentation
PresentationPresentation
Presentation
 
Internet Awareness October 2013
Internet Awareness October 2013Internet Awareness October 2013
Internet Awareness October 2013
 
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
 
Digital security -mariamustelier
Digital security -mariamustelierDigital security -mariamustelier
Digital security -mariamustelier
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
Use of PLEs by security and investigation professionals
Use of PLEs by security and investigation professionalsUse of PLEs by security and investigation professionals
Use of PLEs by security and investigation professionals
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2
 
DistanceEducation
DistanceEducationDistanceEducation
DistanceEducation
 
Lessons Learned from the Safer Internet Program in Estonia
Lessons Learned from the Safer Internet Program in EstoniaLessons Learned from the Safer Internet Program in Estonia
Lessons Learned from the Safer Internet Program in Estonia
 
Five Reasons Not to Use EdTech
Five Reasons Not to Use EdTechFive Reasons Not to Use EdTech
Five Reasons Not to Use EdTech
 
SAFETY ISSUES NOTES.docx
SAFETY ISSUES NOTES.docxSAFETY ISSUES NOTES.docx
SAFETY ISSUES NOTES.docx
 

Mais de Kaido Kikkas

Alustav ettevõtja ja tarkvaralitsentsid 190522.pdf
Alustav ettevõtja ja tarkvaralitsentsid 190522.pdfAlustav ettevõtja ja tarkvaralitsentsid 190522.pdf
Alustav ettevõtja ja tarkvaralitsentsid 190522.pdfKaido Kikkas
 
Avatud e-kursuse kogemusi COVID-19 ajastul
Avatud e-kursuse kogemusi COVID-19 ajastulAvatud e-kursuse kogemusi COVID-19 ajastul
Avatud e-kursuse kogemusi COVID-19 ajastulKaido Kikkas
 
"Loll saab Internetis kah peksa"
"Loll saab Internetis kah peksa""Loll saab Internetis kah peksa"
"Loll saab Internetis kah peksa"Kaido Kikkas
 
Tants intellektuaalomandi ümber
Tants intellektuaalomandi ümberTants intellektuaalomandi ümber
Tants intellektuaalomandi ümberKaido Kikkas
 
Digital Survival Skills: A Course for TalTech Employees
Digital Survival Skills: A Course for TalTech EmployeesDigital Survival Skills: A Course for TalTech Employees
Digital Survival Skills: A Course for TalTech EmployeesKaido Kikkas
 
A Different Kind of E-Learning
A Different Kind of E-LearningA Different Kind of E-Learning
A Different Kind of E-LearningKaido Kikkas
 
Itti püsti & pikali
Itti püsti & pikaliItti püsti & pikali
Itti püsti & pikaliKaido Kikkas
 
One Flew Over the Hackers' Nest...
One Flew Over the Hackers' Nest...One Flew Over the Hackers' Nest...
One Flew Over the Hackers' Nest...Kaido Kikkas
 
Garage48 accessibility talk 261114
Garage48 accessibility talk 261114Garage48 accessibility talk 261114
Garage48 accessibility talk 261114Kaido Kikkas
 
Vaba ja tasuta...?
Vaba ja tasuta...?Vaba ja tasuta...?
Vaba ja tasuta...?Kaido Kikkas
 
Turvalise Interneti päev 11. veebruaril 2014
Turvalise Interneti päev 11. veebruaril 2014Turvalise Interneti päev 11. veebruaril 2014
Turvalise Interneti päev 11. veebruaril 2014Kaido Kikkas
 
Of Hobbits, Amish, Hackers and Technology 2014
Of Hobbits, Amish, Hackers and Technology 2014Of Hobbits, Amish, Hackers and Technology 2014
Of Hobbits, Amish, Hackers and Technology 2014Kaido Kikkas
 
Hüüru Teabetoa arvutikoolitus 16.02.13
Hüüru Teabetoa arvutikoolitus 16.02.13Hüüru Teabetoa arvutikoolitus 16.02.13
Hüüru Teabetoa arvutikoolitus 16.02.13Kaido Kikkas
 
Võrgustikuseminar 260412 wikiversity
Võrgustikuseminar 260412 wikiversityVõrgustikuseminar 260412 wikiversity
Võrgustikuseminar 260412 wikiversityKaido Kikkas
 
Teeme ise muinasjuttu - Wesnothi õpituba
Teeme ise muinasjuttu - Wesnothi õpitubaTeeme ise muinasjuttu - Wesnothi õpituba
Teeme ise muinasjuttu - Wesnothi õpitubaKaido Kikkas
 
Open Courses: The Next Big Thing in E-Learning?
Open Courses: The Next Big Thing in E-Learning?Open Courses: The Next Big Thing in E-Learning?
Open Courses: The Next Big Thing in E-Learning?Kaido Kikkas
 
IT Kolledži uudishimupäev 2011
IT Kolledži uudishimupäev 2011IT Kolledži uudishimupäev 2011
IT Kolledži uudishimupäev 2011Kaido Kikkas
 
Võrgumaailm kui kõverpeegel
Võrgumaailm kui kõverpeegelVõrgumaailm kui kõverpeegel
Võrgumaailm kui kõverpeegelKaido Kikkas
 
Mis ma andsin, see mul on
Mis ma andsin, see mul onMis ma andsin, see mul on
Mis ma andsin, see mul onKaido Kikkas
 
Creative Commons: väiteid ja näiteid
Creative Commons: väiteid ja näiteidCreative Commons: väiteid ja näiteid
Creative Commons: väiteid ja näiteidKaido Kikkas
 

Mais de Kaido Kikkas (20)

Alustav ettevõtja ja tarkvaralitsentsid 190522.pdf
Alustav ettevõtja ja tarkvaralitsentsid 190522.pdfAlustav ettevõtja ja tarkvaralitsentsid 190522.pdf
Alustav ettevõtja ja tarkvaralitsentsid 190522.pdf
 
Avatud e-kursuse kogemusi COVID-19 ajastul
Avatud e-kursuse kogemusi COVID-19 ajastulAvatud e-kursuse kogemusi COVID-19 ajastul
Avatud e-kursuse kogemusi COVID-19 ajastul
 
"Loll saab Internetis kah peksa"
"Loll saab Internetis kah peksa""Loll saab Internetis kah peksa"
"Loll saab Internetis kah peksa"
 
Tants intellektuaalomandi ümber
Tants intellektuaalomandi ümberTants intellektuaalomandi ümber
Tants intellektuaalomandi ümber
 
Digital Survival Skills: A Course for TalTech Employees
Digital Survival Skills: A Course for TalTech EmployeesDigital Survival Skills: A Course for TalTech Employees
Digital Survival Skills: A Course for TalTech Employees
 
A Different Kind of E-Learning
A Different Kind of E-LearningA Different Kind of E-Learning
A Different Kind of E-Learning
 
Itti püsti & pikali
Itti püsti & pikaliItti püsti & pikali
Itti püsti & pikali
 
One Flew Over the Hackers' Nest...
One Flew Over the Hackers' Nest...One Flew Over the Hackers' Nest...
One Flew Over the Hackers' Nest...
 
Garage48 accessibility talk 261114
Garage48 accessibility talk 261114Garage48 accessibility talk 261114
Garage48 accessibility talk 261114
 
Vaba ja tasuta...?
Vaba ja tasuta...?Vaba ja tasuta...?
Vaba ja tasuta...?
 
Turvalise Interneti päev 11. veebruaril 2014
Turvalise Interneti päev 11. veebruaril 2014Turvalise Interneti päev 11. veebruaril 2014
Turvalise Interneti päev 11. veebruaril 2014
 
Of Hobbits, Amish, Hackers and Technology 2014
Of Hobbits, Amish, Hackers and Technology 2014Of Hobbits, Amish, Hackers and Technology 2014
Of Hobbits, Amish, Hackers and Technology 2014
 
Hüüru Teabetoa arvutikoolitus 16.02.13
Hüüru Teabetoa arvutikoolitus 16.02.13Hüüru Teabetoa arvutikoolitus 16.02.13
Hüüru Teabetoa arvutikoolitus 16.02.13
 
Võrgustikuseminar 260412 wikiversity
Võrgustikuseminar 260412 wikiversityVõrgustikuseminar 260412 wikiversity
Võrgustikuseminar 260412 wikiversity
 
Teeme ise muinasjuttu - Wesnothi õpituba
Teeme ise muinasjuttu - Wesnothi õpitubaTeeme ise muinasjuttu - Wesnothi õpituba
Teeme ise muinasjuttu - Wesnothi õpituba
 
Open Courses: The Next Big Thing in E-Learning?
Open Courses: The Next Big Thing in E-Learning?Open Courses: The Next Big Thing in E-Learning?
Open Courses: The Next Big Thing in E-Learning?
 
IT Kolledži uudishimupäev 2011
IT Kolledži uudishimupäev 2011IT Kolledži uudishimupäev 2011
IT Kolledži uudishimupäev 2011
 
Võrgumaailm kui kõverpeegel
Võrgumaailm kui kõverpeegelVõrgumaailm kui kõverpeegel
Võrgumaailm kui kõverpeegel
 
Mis ma andsin, see mul on
Mis ma andsin, see mul onMis ma andsin, see mul on
Mis ma andsin, see mul on
 
Creative Commons: väiteid ja näiteid
Creative Commons: väiteid ja näiteidCreative Commons: väiteid ja näiteid
Creative Commons: väiteid ja näiteid
 

Último

Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 

Último (20)

Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 

„The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups

  • 1. „The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups Kaido Kikkas Birgy Lorenz Aare Klooster Estonian IT College Tallinn University Tallinn University & Tallinn University c Kaido Kikkas 2013. This document is distributed under the Creative Commons Attribution-ShareAlike 3.0 Estonia license.
  • 2. This thing's got a beard ● The first widespread notion about password security (or lack thereof) – The Stockings Were Hung by the Chimney with Care by Bob Metcalfe from 1973 (RFC602) ● An even earlier case described by Richard M. Stallman from the MIT AI Lab in the 60s ● The quote with four common passwords comes from the movie Hackers from 1990 (yes, the one with geeky Angelina Jolie)
  • 3. The Infamous Dumbuser (a.k.a. Ordinary Joe/Jane) ● A typical scenario: – Jane/Joe has to choose a password, picks something easy and obvious – Bad Guys guess it, resulting in SHTF – Jane/Joe gets a good thrashing from a local BOFH, followed by a long and grumpy lecture about password security – Jane/Joe gets a secure password – alas, it is impossible to remember and needs to be written down (to some obvious place) – Bad Guys intercept it with even more SHTF
  • 4. The obligatory piece of geekiness http://imgs.xkcd.com/comics/authorization.png
  • 5. Mitnick says ● Security = – Policies – People – Processes – Technology ● In password security, technology is often the least important
  • 6. The study ● Stage I: password usage in Estonian schools among different user groups – Students (high school, vocational school, university) – Teachers/trainers – ICT specialists at schools – A large comparison group of 'average users' (convenience sample based on personal contacts)
  • 7. ... ● Stage II – e-safety training with different groups, based on the Stage I results – Password models – Strength testing – Safe storage options – General tips on e-safety ● This stage is still ongoing
  • 8. Some results ● Stage I revealed the overall lack of security awareness – and especially among 'those who should know better' ● The behavioral patterns in different user groups were more similar than predicted
  • 9. Examples ● Most respondents only use 4 or less different passwords (incl 54% of the ICT specialists) ● More than a half of the respondents use short passwords with 9 or less characters ● The only remarkable redeeming quality among ICT specialists was including special characters in passwords ● Teachers actually ranked below students
  • 10. ... ● Apparent lack of creativity – both in password and 'secret question' choices ● Password sharing among friends/family is widespread ● Overall awareness of computer security varies with some worrisome findings (e.g. 26% of the ICT specialists did not update their systems)
  • 11. A parable of two tools... ● Cugnot's fardier à vapeur, 1771 ● Speed 2.25 mph ● Bugatti Veyron, 2010 ● Speed 250 mph Note: the pictures on this and next slide come from Wikimedia Commons
  • 12. … and SHTFs ● 1771 ● 2010 ● What did break and what did survive?
  • 13. e-stonia ● Among top countries in Internet freedom ● E-banking (used by ~70% of the population) ● E-declaration of income (~70%) ● E-voting (Riigikogu 2011 – 24.3%) ● National ID-card infrastructure with large and growing online application base ... ● BUGATTI VEYRON....??
  • 14. Main things to do ● Quote Mitnick: technology is the least one – Promote the least bad choice for passwords – long passphrases that ● are in native language (if other than English; also applies to usernames) ● make sense as words, not as phrase (e.g. “TheViolinDoesNotComputeMacaroni”) ● contain some 1337 and punctuation – Train good password storage practices – Password security is just a part of the whole ● Lack of knowledge is curable, stupidity is not
  • 15. No fool like an old fool ● Start young! ● Caution – the concept of secrecy can be hard to grasp for young children (and can contradict some other principles) ● Curiosity can be dangerous but is vital – especially when dealing with adolescents ● Overconfidence kills - “experienced users” are notably hard to (re)train – but “putting the nose into it” can help
  • 17. Thank you These slides @ Slideshare (CC BY-SA): http://slideshare.net/UncleOwl The (upcoming) Digital Safety Lab @ Tallinn University: http://www.tlu.ee/dsl Contact: {first.last}@tlu.ee The research was supported by the European Social Fund’s Doctoral Studies and Internationalisation Programme DoRa (governed by the Archimedes Foundation) and by the Estonian Information Technology Foundation http://www.spreadshirt.net