Online Self Defense - Passwords

Uploaded on

Passwords are the main authentication method used for internet sites and applications. But passwords get stolen and have many weaknesses Here are tips you can use at home and at work to protect your …

Passwords are the main authentication method used for internet sites and applications. But passwords get stolen and have many weaknesses Here are tips you can use at home and at work to protect your information.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Online Self-Defense: Passwords @bcaplin Barry Caplin Chief Information Security Official Fairview Health Services
  • 2. Passwords Why Are They A Problem? • Hard to remember • Hard to enter • Need too many • Inconsistent Rules • Changes
  • 3. How Passwords Work • Site saves encrypted pw • At login – enter pw – it’s encrypted and compared to stored value • Some sites: Don’t encrypt well Don’t encrypt at all!
  • 4. And Passwords Get Stolen It was a busy year
  • 5. And Bad Choices Are Made
  • 6. How Passwords Get Stolen • Phishing or… • Site attacked – many methods • Encrypted pw file downloaded (should be more difficult!) • Over time, attackers crack the file • What does that get them?
  • 7. • Avg. web user has: 25 separate accounts but 6.5 unique passwords  password reuse – not good • So… Passwords
  • 8. Password Self-Defense Tips for Home: 1. Choose good (long) passwords 2. Don’t reuse passwords 3. Use a Password Vault 4. Only enter on secure sites
  • 9. Password Self-Defense 5. Care with “secret” questions 6. Care with linking accounts 7. Login notifications 8. 2-step authentication 9. Use separate email addresses
  • 10. Password Self-Defense Tips for the Office: 1. No one will ask for your password 2. Choose a good (long) password 3. Follow the policy 4. Don’t use a work password on a non-work system
  • 11. Handouts • Password Self-Defense tips and resources Password Self-Defense
  • 12. Tips 1. Don’t reuse passwords The average online user needs passwords for 25 different websites and services, but uses only 6.5 different passwords. If one site gets compromised it can expose your password for another (perhaps more important) site. 2. Only enter on secure sites Look for https:// in the address bar and a lock symbol to assure your passwords are kept confidential when traveling across the Internet. 3. Login notifications Some sites will let you know when you last logged in, or if it looks like your account was logged in to from another country. Some sites allow you to block this. 4. Choose good (long) passwords Length is more important than complexity! Choose 16-20 or longer length passwords if available. You can use all letters (upper and lower) if you are using 20 or more characters.
  • 13. Tips 5. Vault it Password vaults are a great way to store all your passwords. Make sure you choose a good long master password and don’t forget it! Some great password vaults include: LastPass, 1Password, PasswordSafe and KeePass. 6. Care with “secret” questions Many sites use “secret” questions to help identify you if you forget your password. Choose questions and answers that people can’t just look up on Facebook! Your place of birth, high school mascot, and other common information are not good choices. Or… you could provide fake answers to common questions. Just be sure you know what answers you give! 7. Care with linking accounts Don’t just log into every site using your Facebook or Twitter logins (when available). If either of those accounts get compromised you could lose a lot more than just the one (or two) accounts).
  • 14. Tips8. Write down your passwords What??? You were always told to not do that! Well, you’re best option is using a password vault, but you can write down your passwords. Here are the “rules”: don’t write down what they’re for; keep them with your money (you already know how to protect that!), and; for extra credit – insert “fake” characters into the password – these are extra characters you know aren’t really part of the password but someone else would not. 9. 2-step authentication Google (google authenticator), ebay, paypal, dropbox, facebook and other sites now allow 2-factor or 2-step authentication. It’s a bit more complicated to set up but definitely worth it. See the individual sites for info. 10. Use separate email addresses If you use the same email account to associate with all your online accounts, then a hacker can own you online by compromising that email account. For instance, most online sites will send a confirmation email to your associated address if a change is made or to process a password change. If you can use different email addresses, then having one compromised won’t affect all your other online accounts.