SlideShare uma empresa Scribd logo

Online Self Defense - Passwords

Transferir como PPTX, PDF
Barry Caplin
Barry Caplin

Passwords are the main authentication method used for internet sites and applications. But passwords get stolen and have many weaknesses Here are tips you can use at home and at work to protect your information.

Tecnologia
1 de 14
Online Self-Defense: Passwords bcaplin1@fairview.org bc@bjb.org @bcaplin http://about.me/barrycaplin http://securityandcoffee.blogspot.com Barry Caplin Chief Information Security Official Fairview Health Services
Passwords Why Are They A Problem? • Hard to remember • Hard to enter • Need too many • Inconsistent Rules • Changes
How Passwords Work • Site saves encrypted pw • At login – enter pw – it’s encrypted and compared to stored value • Some sites: Don’t encrypt well Don’t encrypt at all!
And Passwords Get Stolen It was a busy year
And Bad Choices Are Made
How Passwords Get Stolen • Phishing or… • Site attacked – many methods • Encrypted pw file downloaded (should be more difficult!) • Over time, attackers crack the file • What does that get them?
• Avg. web user has: 25 separate accounts but 6.5 unique passwords  password reuse – not good • So… Passwords
Password Self-Defense Tips for Home: 1. Choose good (long) passwords 2. Don’t reuse passwords 3. Use a Password Vault 4. Only enter on secure sites
Password Self-Defense 5. Care with “secret” questions 6. Care with linking accounts 7. Login notifications 8. 2-step authentication 9. Use separate email addresses
Password Self-Defense Tips for the Office: 1. No one will ask for your password 2. Choose a good (long) password 3. Follow the policy 4. Don’t use a work password on a non-work system
Handouts • Password Self-Defense tips and resources Password Self-Defense
Tips 1. Don’t reuse passwords The average online user needs passwords for 25 different websites and services, but uses only 6.5 different passwords. If one site gets compromised it can expose your password for another (perhaps more important) site. 2. Only enter on secure sites Look for https:// in the address bar and a lock symbol to assure your passwords are kept confidential when traveling across the Internet. 3. Login notifications Some sites will let you know when you last logged in, or if it looks like your account was logged in to from another country. Some sites allow you to block this. 4. Choose good (long) passwords Length is more important than complexity! Choose 16-20 or longer length passwords if available. You can use all letters (upper and lower) if you are using 20 or more characters.
Tips 5. Vault it Password vaults are a great way to store all your passwords. Make sure you choose a good long master password and don’t forget it! Some great password vaults include: LastPass, 1Password, PasswordSafe and KeePass. 6. Care with “secret” questions Many sites use “secret” questions to help identify you if you forget your password. Choose questions and answers that people can’t just look up on Facebook! Your place of birth, high school mascot, and other common information are not good choices. Or… you could provide fake answers to common questions. Just be sure you know what answers you give! 7. Care with linking accounts Don’t just log into every site using your Facebook or Twitter logins (when available). If either of those accounts get compromised you could lose a lot more than just the one (or two) accounts).
Tips8. Write down your passwords What??? You were always told to not do that! Well, you’re best option is using a password vault, but you can write down your passwords. Here are the “rules”: don’t write down what they’re for; keep them with your money (you already know how to protect that!), and; for extra credit – insert “fake” characters into the password – these are extra characters you know aren’t really part of the password but someone else would not. 9. 2-step authentication Google (google authenticator), ebay, paypal, dropbox, facebook and other sites now allow 2-factor or 2-step authentication. It’s a bit more complicated to set up but definitely worth it. See the individual sites for info. 10. Use separate email addresses If you use the same email account to associate with all your online accounts, then a hacker can own you online by compromising that email account. For instance, most online sites will send a confirmation email to your associated address if a change is made or to process a password change. If you can use different email addresses, then having one compromised won’t affect all your other online accounts.

Recomendados

What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
Safety social media for positive social change
Safety social media for positive social changeSafety social media for positive social change
Safety social media for positive social changeMoses Ngeth
 
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...Start Pad
 
CC DMCA for IMT550
CC DMCA for IMT550CC DMCA for IMT550
CC DMCA for IMT550Brian Rowe
 
Cyber Security for Everybody
Cyber Security for EverybodyCyber Security for Everybody
Cyber Security for Everybodyavahe
 
Social engineering final
Social engineering finalSocial engineering final
Social engineering finalSheikhMohammadRafay
 
Btc autopilot | Bitcoin hack | Automatic BTC generator
Btc autopilot | Bitcoin hack | Automatic BTC generatorBtc autopilot | Bitcoin hack | Automatic BTC generator
Btc autopilot | Bitcoin hack | Automatic BTC generatorArhaam
 
Web security for app developers
Web security for app developersWeb security for app developers
Web security for app developersPablo Gazmuri
 

Recomendados

What Is A Web Browser
What Is A Web BrowserWhat Is A Web Browser
What Is A Web Browserkevpatel
 
Safety social media for positive social change
Safety social media for positive social changeSafety social media for positive social change
Safety social media for positive social changeMoses Ngeth
 
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...
StartPad Countdown 2 - Startup Security: Hacking and Compliance in a Web 2.0 ...Start Pad
 
CC DMCA for IMT550
CC DMCA for IMT550CC DMCA for IMT550
CC DMCA for IMT550Brian Rowe
 
Cyber Security for Everybody
Cyber Security for EverybodyCyber Security for Everybody
Cyber Security for Everybodyavahe
 
Social engineering final
Social engineering finalSocial engineering final
Social engineering finalSheikhMohammadRafay
 
Btc autopilot | Bitcoin hack | Automatic BTC generator
Btc autopilot | Bitcoin hack | Automatic BTC generatorBtc autopilot | Bitcoin hack | Automatic BTC generator
Btc autopilot | Bitcoin hack | Automatic BTC generatorArhaam
 
Web security for app developers
Web security for app developersWeb security for app developers
Web security for app developersPablo Gazmuri
 
Password management
Password managementPassword management
Password managementWilmington University
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawConnectSafely
 
How to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsHow to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsConnectSafely
 
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong PasswordsDon't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwordsrmortiz66
 
Getting authentication right
Getting authentication rightGetting authentication right
Getting authentication rightAndre N. Klingsheim
 
W make107
W make107W make107
W make107Greg in SD
 
Honeywords - BSides London 2014
Honeywords - BSides London 2014Honeywords - BSides London 2014
Honeywords - BSides London 2014Gavin Holt
 
Protect Your Business With Web Security
Protect Your Business With Web SecurityProtect Your Business With Web Security
Protect Your Business With Web SecurityHarrison Kenyon Marketing
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
Defensive programing 101
Defensive programing 101Defensive programing 101
Defensive programing 101Niall Merrigan
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self DefenseBarry Caplin
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)David Herrington
 
S01.L07 - Creating Strong Passwords
S01.L07 - Creating Strong PasswordsS01.L07 - Creating Strong Passwords
S01.L07 - Creating Strong Passwordsselcukca84
 
Cyber security
Cyber securityCyber security
Cyber securityJennie Sherkness
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 
Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare securityBarry Caplin
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503Barry Caplin
 

Mais conteúdo relacionado

Semelhante a Online Self Defense - Passwords

How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawConnectSafely
 
How to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsHow to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsConnectSafely
 
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong PasswordsDon't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwordsrmortiz66
 
Honeywords - BSides London 2014
Honeywords - BSides London 2014Honeywords - BSides London 2014
Honeywords - BSides London 2014Gavin Holt
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewSTO STRATEGY
 
Defensive programing 101
Defensive programing 101Defensive programing 101
Defensive programing 101Niall Merrigan
 
Password Management
Password ManagementPassword Management
Password ManagementDavon Smart
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self DefenseBarry Caplin
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crackKlaus Drosch
 
Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)David Herrington
 
S01.L07 - Creating Strong Passwords
S01.L07 - Creating Strong PasswordsS01.L07 - Creating Strong Passwords
S01.L07 - Creating Strong Passwordsselcukca84
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness TrainingJen Ruhman
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Kimberley Dray
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewYury Chemerkin
 

Semelhante a Online Self Defense - Passwords (20)

Password management
Password managementPassword management
Password management
 
How to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security FlawHow to Protect Yourself From Heartbleed Security Flaw
How to Protect Yourself From Heartbleed Security Flaw
 
How to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique PasswordsHow to Create (use use) Strong & Unique Passwords
How to Create (use use) Strong & Unique Passwords
 
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong PasswordsDon't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
 
Getting authentication right
Getting authentication rightGetting authentication right
Getting authentication right
 
W make107
W make107W make107
W make107
 
Honeywords - BSides London 2014
Honeywords - BSides London 2014Honeywords - BSides London 2014
Honeywords - BSides London 2014
 
Protect Your Business With Web Security
Protect Your Business With Web SecurityProtect Your Business With Web Security
Protect Your Business With Web Security
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 
Defensive programing 101
Defensive programing 101Defensive programing 101
Defensive programing 101
 
Password Management
Password ManagementPassword Management
Password Management
 
Online Self Defense
Online Self DefenseOnline Self Defense
Online Self Defense
 
How to choose a password that’s hard to crack
How to choose a password that’s hard to crackHow to choose a password that’s hard to crack
How to choose a password that’s hard to crack
 
Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)Be Cyber Smart! (DLH 10/25/2019)
Be Cyber Smart! (DLH 10/25/2019)
 
S01.L07 - Creating Strong Passwords
S01.L07 - Creating Strong PasswordsS01.L07 - Creating Strong Passwords
S01.L07 - Creating Strong Passwords
 
Cyber security
Cyber securityCyber security
Cyber security
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Hyphenet Security Awareness Training
Hyphenet Security Awareness TrainingHyphenet Security Awareness Training
Hyphenet Security Awareness Training
 
Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019Password and Account Management Strategies - April 2019
Password and Account Management Strategies - April 2019
 
Why is password protection a fallacy a point of view
Why is password protection a fallacy a point of viewWhy is password protection a fallacy a point of view
Why is password protection a fallacy a point of view
 

Mais de Barry Caplin

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare securityBarry Caplin
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503Barry Caplin
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Barry Caplin
 
It’s not if but when 20160503
It’s not if but when 20160503It’s not if but when 20160503
It’s not if but when 20160503Barry Caplin
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Barry Caplin
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusBarry Caplin
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?Barry Caplin
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and CyberbullyingBarry Caplin
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13Barry Caplin
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Barry Caplin
 
Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveBarry Caplin
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso saysBarry Caplin
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?Barry Caplin
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11Barry Caplin
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental InsiderBarry Caplin
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksBarry Caplin
 
Laws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsLaws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsBarry Caplin
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsLaws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsBarry Caplin
 

Mais de Barry Caplin (20)

Healing healthcare security
Healing healthcare securityHealing healthcare security
Healing healthcare security
 
It’s not If but When 20160503
It’s not If but When 20160503It’s not If but When 20160503
It’s not If but When 20160503
 
Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16Dreaded Embedded sec360 5-17-16
Dreaded Embedded sec360 5-17-16
 
It’s not if but when 20160503
It’s not if but when 20160503It’s not if but when 20160503
It’s not if but when 20160503
 
Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!Wearing Your Heart On Your Sleeve - Literally!
Wearing Your Heart On Your Sleeve - Literally!
 
CISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from VenusCISOs are from Mars, CIOs are from Venus
CISOs are from Mars, CIOs are from Venus
 
The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?The CISO Guide – How Do You Spell CISO?
The CISO Guide – How Do You Spell CISO?
 
Bullying and Cyberbullying
Bullying and CyberbullyingBullying and Cyberbullying
Bullying and Cyberbullying
 
3 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-133 factors of fail sec360 5-15-13
3 factors of fail sec360 5-15-13
 
Tech smart preschool parent 2 13
Tech smart preschool parent 2 13Tech smart preschool parent 2 13
Tech smart preschool parent 2 13
 
Embracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG SecurityEmbracing the IT Consumerization Imperative NG Security
Embracing the IT Consumerization Imperative NG Security
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Embracing the IT Consumerization Imperitive
Embracing the IT Consumerization ImperitiveEmbracing the IT Consumerization Imperitive
Embracing the IT Consumerization Imperitive
 
Stuff my ciso says
Stuff my ciso saysStuff my ciso says
Stuff my ciso says
 
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?IT Consumerization – iPad’ing the Enterprise or BYO Malware?
IT Consumerization – iPad’ing the Enterprise or BYO Malware?
 
Toys in the office 11
Toys in the office 11Toys in the office 11
Toys in the office 11
 
Accidental Insider
Accidental InsiderAccidental Insider
Accidental Insider
 
Teens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social NetworksTeens 2.0 - Teens and Social Networks
Teens 2.0 - Teens and Social Networks
 
Laws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refsLaws of the Game For Valley United Soccer Club travel soccer refs
Laws of the Game For Valley United Soccer Club travel soccer refs
 
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refsLaws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
Laws of the Game for Valley Athletic Assn (VAA) Community Soccer refs
 

Último

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Último (20)

[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

Online Self Defense - Passwords

  • 2. Passwords Why Are They A Problem? • Hard to remember • Hard to enter • Need too many • Inconsistent Rules • Changes
  • 3. How Passwords Work • Site saves encrypted pw • At login – enter pw – it’s encrypted and compared to stored value • Some sites: Don’t encrypt well Don’t encrypt at all!
  • 4. And Passwords Get Stolen It was a busy year
  • 5. And Bad Choices Are Made
  • 6. How Passwords Get Stolen • Phishing or… • Site attacked – many methods • Encrypted pw file downloaded (should be more difficult!) • Over time, attackers crack the file • What does that get them?
  • 7. • Avg. web user has: 25 separate accounts but 6.5 unique passwords  password reuse – not good • So… Passwords
  • 8. Password Self-Defense Tips for Home: 1. Choose good (long) passwords 2. Don’t reuse passwords 3. Use a Password Vault 4. Only enter on secure sites
  • 9. Password Self-Defense 5. Care with “secret” questions 6. Care with linking accounts 7. Login notifications 8. 2-step authentication 9. Use separate email addresses
  • 10. Password Self-Defense Tips for the Office: 1. No one will ask for your password 2. Choose a good (long) password 3. Follow the policy 4. Don’t use a work password on a non-work system
  • 11. Handouts • Password Self-Defense tips and resources Password Self-Defense
  • 12. Tips 1. Don’t reuse passwords The average online user needs passwords for 25 different websites and services, but uses only 6.5 different passwords. If one site gets compromised it can expose your password for another (perhaps more important) site. 2. Only enter on secure sites Look for https:// in the address bar and a lock symbol to assure your passwords are kept confidential when traveling across the Internet. 3. Login notifications Some sites will let you know when you last logged in, or if it looks like your account was logged in to from another country. Some sites allow you to block this. 4. Choose good (long) passwords Length is more important than complexity! Choose 16-20 or longer length passwords if available. You can use all letters (upper and lower) if you are using 20 or more characters.
  • 13. Tips 5. Vault it Password vaults are a great way to store all your passwords. Make sure you choose a good long master password and don’t forget it! Some great password vaults include: LastPass, 1Password, PasswordSafe and KeePass. 6. Care with “secret” questions Many sites use “secret” questions to help identify you if you forget your password. Choose questions and answers that people can’t just look up on Facebook! Your place of birth, high school mascot, and other common information are not good choices. Or… you could provide fake answers to common questions. Just be sure you know what answers you give! 7. Care with linking accounts Don’t just log into every site using your Facebook or Twitter logins (when available). If either of those accounts get compromised you could lose a lot more than just the one (or two) accounts).
  • 14. Tips8. Write down your passwords What??? You were always told to not do that! Well, you’re best option is using a password vault, but you can write down your passwords. Here are the “rules”: don’t write down what they’re for; keep them with your money (you already know how to protect that!), and; for extra credit – insert “fake” characters into the password – these are extra characters you know aren’t really part of the password but someone else would not. 9. 2-step authentication Google (google authenticator), ebay, paypal, dropbox, facebook and other sites now allow 2-factor or 2-step authentication. It’s a bit more complicated to set up but definitely worth it. See the individual sites for info. 10. Use separate email addresses If you use the same email account to associate with all your online accounts, then a hacker can own you online by compromising that email account. For instance, most online sites will send a confirmation email to your associated address if a change is made or to process a password change. If you can use different email addresses, then having one compromised won’t affect all your other online accounts.