![Page 1: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/1.jpg)
Password Management in the Web 2.0 Age
Challenges and Solutions
Jim Behnke and Jose DeLeon
![Page 2: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/2.jpg)
Accessing Apps in the “Cloud”
…when does too many passwords become a hindrance to instructors?
![Page 3: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/3.jpg)
Key question: How important is your information? Student records? Financial information? Photos of family / friends? Instructional materials? Research / doctoral thesis? Confidential survey data? Given that user names and
passwords are the norm… Why do people use weak passwords,
or no passwords at all, by preference?
![Page 4: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/4.jpg)
Problem Outline
Too many passwords May prevent or discourage use of
technology Difficult to track and organize
efficiently Differing password complexity
requirements
![Page 5: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/5.jpg)
Challenges
Creating quality passwords Password Recall Password uniqueness Multifactor Authentication Secure storage Portability (ability to access on
multiple computers / devices)
![Page 6: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/6.jpg)
Tips for Creating Quality Passwords
Mixed Case Alphanumeric Special Characters
(!@#$%^&*()_+/*-+ Unambiguous characters
Il Password Length
94x possibilities ( Z^U5yCeQ7k )
Hint: its not that easy!
![Page 7: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/7.jpg)
Methods of Password Recall
Memory (unreliable, impractical esp. with decent passwords)
Written Down (insecure) Stored in a plain text file (still
insecure) Store in specialized Password
Management Software
![Page 8: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/8.jpg)
Two Potential Solutions
http://keepass.info
http://lastpass.com
![Page 9: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/9.jpg)
Overview: “ KeyPass” Open-source password management database
James Behnke
![Page 10: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/10.jpg)
What is KeyPass?
Database for secure storage of user accounts and passwords
FREE, “open-source”
Cross-platform
![Page 11: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/11.jpg)
Available on many platforms…
![Page 12: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/12.jpg)
Key Features (DEMO)
DEMO SUMMARY:
Stores data needed to access Web-based applications
Tools for securely generating and evaluating passwords
Makes using passwords convenient Encrypted data files
![Page 13: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/13.jpg)
Dilemma:
What happens if someone steals your database file?
![Page 14: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/14.jpg)
Regarding Encryption
Wikipedia definition: “encryption”
“In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.”
http://en.wikipedia.org/wiki/Encryption
![Page 15: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/15.jpg)
KeyPass encryption options
DO NOT LOOSE YOUR PASSWORD OR KEY FILE!
![Page 16: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/16.jpg)
Regarding portability
Problem: How do I carry my password database from device to device?
![Page 17: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/17.jpg)
Possible Paths to Portability
USB Flash Drives (for data files) MyFilesw/ “Xythos Drive” or OSX “DropBox” (www.dropbox.com) or similar “data synchronization” service
“Portable apps” (DEMO) (http://portableapps.com/) or similar application
![Page 18: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/18.jpg)
A widely used, open-source application…
![Page 19: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/19.jpg)
Final Thoughts…
KeyPass Pros KeyPass Cons•Relatively easy to use•Free•Cross-platform inc. mobile options•Relatively secure•Widespread use, many “plugins”• e.g. synchronize databases
between computers, automatically enter information instead of copying and pasting
•Currently, requires additional effort / knowhow to make it portable
•”Plugins” must be sought out, installed, and toyed with
![Page 20: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/20.jpg)
Last Pass Features
Browser Based IE, Chrome, Safari, Firefox
Portable Iphone, BlackBerry, Windows Phone, Symbian, Android USB Flash Drive Cloud
Security SSL encryption on all traffic to Last Pass servers Database encrypted/decrypted at the client side with
256-bit AES before transmission to servers Master password stored on servers as a hash. Screen Keyboard Phishing Protection
![Page 21: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/21.jpg)
Last Pass Features
Multifactor Authentication OTP – (One Time Passwords) YUBIKEY – token based authentication
Usability One Master Password Automatic Form Filling One Click Login Synchronized Across Browsers Securely Share Login Credentials Automatic Backup Password Generator
![Page 22: Fordham Tech. Innovators - Password Management Presentation](https://reader036.vdocuments.mx/reader036/viewer/2022062703/55514280b4c905f2288b4a77/html5/thumbnails/22.jpg)
Alternative solutions:
Firefox 4 Beta: New Firefox provides service to
synchronize passwords between computers (.MP4 video)
Google Chrome: