Slide 1

MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE)

Slide 2

Slide 3

BUT PASSWORD MANAGEMENT IS HARD

Slide 4

WHY CANT WE USE EASY PASSWORDS?

Slide 5

THIS IS A GRAPHICS CARD Its cheap and good at playing video games. About every teenager has access to one. Its also very good at hacking your password.

Slide 6

A $1000 computer can process 3.3 billion passwords per second a professional can make thousands of dollars a day selling your information on the black market. (PCPro.com)

Slide 7

Dictionary Attacks: GoBuffs! a couple minutes P@$$w0rd1 a couple hours Brute Force: fjR8n in 24 seconds %fjR8nQNUc5GPj9 would take over ten years *Extra credit: 15 characters or more forces windows to store passwords differently which breaks certain attacks. ITS JUST A MATTER OF TIME

Slide 8

Slide 9

HACKING IS BIG BUSINESS 2011 = 12.5 billion in reported losses Some estimates put that number closer to 10 times as much. www.hotforsecurity.com

Slide 10

HOW DO HACKERS GET YOUR PASSWORD? Physical access to your office or computer Social Engineering/Phishing (asking nicely) Hacking commonly used sites Malware Infections Network based attacks

Slide 11

LOSING YOUR PASSWORDS SINCE 1978

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

SECURING YOUR PASSWORD DOESNT MEAN USING TAPE

Slide 17

Under Keyboard In a Rolodex Top desk drawer Under desk calendar In the planter Wallet/Purse/Gym Bag

Slide 18

NOW THAT YOU KNOW WHERE PEOPLE HIDE THEIR PASSWORDS

Slide 19

DONT DO IT

Slide 20

SURE, LONG PASSWORDS ARE SECURE BUT I CANT REMEMBER THEM.

Slide 21

MAKING MEMORABLE PASSWORD REQUIRES THOUGHT

Slide 22

ABBREVIATE I like taking the bus, but I ended up 20 minutes late! Becomes: Ilttb,bIeu20ml! (15 characters)

Slide 23

LETTER SUBSTITUTION Create a long word or phrase: I Like To Eat Tacos Remove spaces: ILikeToEatTacos Replace letters with symbols: IL!k3T0e@tT@c0$

Slide 24

A FEW SUBSTITUTION SUGGESTIONS LetterBecomes A@ E3 S$ I! O0 K|< C(

Slide 25

Take two words: Bot & Kneecap Scramble a few letters: Bocat_&_Kneep Add Complexity: 54 Bocat_&_Kne54ep WORD JUMBLE

Slide 26

KEYBOARD PATTERNS Use the Shift Key to Add Complexity Becomes: 5^YghjkmnbVCX Use with caution, easy ones are in dictionary attacks!

Slide 27

OK, SO IVE GOT A GREAT PASSWORD, ILL JUST KEEP USING THAT ONE RIGHT?

Slide 28

REUSED PASSWORDS ARE DANGEROUS

Slide 29

Slide 30

LINKEDIN LOST 6.4 MILLION USERS PASSWORDS Hackers can use those passwords to commit identity fraud including: Hack into corporate accounts Break into bank accounts Spam email accounts Gather more info for offline use (Credit Cards) LinkedIn is now facing $5 million class action lawsuit due to the loss.

Slide 31

PRO TIP: MAKING PASSWORDS UNIQUE TO EACH SITE Have a secure base password: 5^YghjkbVCX Select two letters from the site or program: usbank.com (2nd & 4th in this case) Add those letters to your password: 5^YghjsakbVCX

Slide 32

WAIT A MINUTE THIS SITE WANTS ME TO CHANGE IT NOW Todays Date: 1/11/13 Pick a couple characters of the date: 11 Shift the numbers (+3 in this case): 44 Add those numbers to your password 5^Yghjsak becomes 5^Yghjsak44 Write down when you last change the password

Slide 33

INSTANT, UNIQUE AND SECURE PASSWORDS FOR ALL USES

Slide 34

A FEW TOOLS TO HELP

Slide 35

PASSWORD GENERATORS Many free ones, but be careful! We suggest changing the results before using them. http://www.pctools.com/guid es/password/

Slide 36

PASSWORD MANAGERS

Slide 37

TWO FACTOR AUTHENTICATION

Slide 38

QUESTIONS? Joe Kuster IT Projects Manager Joe.Kuster@colorado.edu

Slide 39

IDENTIKEY Your username is the Identikey assigned to you by the University. Keep private Commit to memory Do not use Username or Password for any other purpose!

Slide 40

HR IDENTIKEY REQUIREMENTS 15 characters or longer Avoid repeating characters No words that can be found in a dictionary (in any language) Not be easily guessable (e.g., your birthday, age, anniversary) All four character sets: capital, lowercase, numerical and symbol (e.g., A,a,1,!)