NCompass Live: Password Management & Security

607 views

Published on

NCompass Live - March 12, 2014
http://nlc.nebraska.gov/ncompasslive/

How many passwords do you have to remember for your library? How many are for your own library accounts? How many are for the library’s databases or materials accounts? For social networking? Are these passwords secure? Safe? How many of those passwords must be shared with your coworkers? Libraries everywhere struggle with passwords every day, and security is always a concern. Attend this session to learn how to ensure your passwords are safe, secure, and easily managed.

Presenter: Jezmynne Dene, Director, Portneuf District Library, Chubbuck, Idaho.

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
607
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

NCompass Live: Password Management & Security

  1. 1. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Password Security & Management Jezmynne Dene, MLIS Portneuf District Library Chubbuck, Idaho jezmynne.dene@portneuflibrary.org
  2. 2. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Why Be Worried? • Hacks happen. To everyone.
  3. 3. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Who Hacks? • Overseas syndicates • Bored kids
  4. 4. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org General Security Tips • It’s gonna happen – not a matter of “if” but “when” • Bad guys chase the path of least resistance –Make it just difficult enough to make it not worth their time
  5. 5. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org General Security Tips • Update and patch everything –Especially Flash and Java • Remove what you don’t use • Change your passwords frequently
  6. 6. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org General Security Tips • Redundant backups –Local hard drives –Remote service, like Carbonite or similar • Be careful with remote wipe options –Hackers can wipe out all your stuff if they access your devices remotely
  7. 7. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Social Engineering • By far the easiest way to hack • Using your info against you • A good guess will get a hacker into your stuff
  8. 8. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Social Engineering • Use false personal data for security questions • Guard your data on websites and social networking
  9. 9. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Social Engineering • Daisy chaining accounts –Avoid having everything point to one email account for resets • Usernames across services –Vary usernames for important accounts, like banking or credit cards
  10. 10. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org 2 Factor ID • Uses your login and something you have on you, like your phone, a biometric, a smart card, or a USB device
  11. 11. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • “Sorry, but your password must contain an uppercase letter, a number, a punctuation mark, a gang sign, an extinct mammal and a hieroglyph” -- @StephBWright
  12. 12. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • At least eight characters long • Combination of numbers & letters
  13. 13. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • Contains special characters
  14. 14. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • No names
  15. 15. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • No words found in the dictionary
  16. 16. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • Avoid common styles –Replacing numbers for vowels –Capitalizing the first letter –Putting a special character at the end • If you’ve thought of a pattern, someone else has, too.
  17. 17. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • Long Passwords –A five letter password has 10 billion combinations and can be brute force cracked in five seconds • 9 letters can’t be brute forced, but they’re vulnerable to rainbow tables
  18. 18. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • Change them often. More often than you’d think. –Set a calendar reminder –Change one every day when it’s time to change
  19. 19. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • Combination of numbers & letters • Contains special characters • No names • No words found in the dictionary • Never reused by other sites
  20. 20. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Good Passwords • NEVER REUSED BY OTHER SITES. • NEVER REUSED BY OTHER SITES. !!!!!!!! • !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!
  21. 21. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org That’s eleventy billion different passwords I have to remember!!!!
  22. 22. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Password Managers • Software that manages multiple passwords • Encrypted and secure • Passwords are always with you • Can auto log into websites • Many work with tablets and mobile devices • Keeps a record of accounts
  23. 23. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Password Managers • How do they work? –Secured data file, usually on your device or computer –Some are web based –Some require a token
  24. 24. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Password Managers • Pros –Creates & manages complex and unique passwords –Only one password to remember –Bypasses keylogging software –Helps against phishing, because it’ll spot fake URLs
  25. 25. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Password Managers • Cons –If someone gets your one password, all is lost. –If you don’t have your key or app, you’ll have to reset your password to get into your accounts.
  26. 26. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Password Managers • Good for you, and good for your library
  27. 27. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org
  28. 28. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org
  29. 29. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org
  30. 30. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org
  31. 31. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org
  32. 32. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org
  33. 33. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org
  34. 34. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Password Management Security • Specify logins by country • Disallow Tor network logins • Track logins and shares • Drill down master password prompts –Every login? Every change? You decide
  35. 35. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Other Features • Support for multiple profiles • Supports multiple identities –Work, personal, school • Saves credit card information • Saves bank information • Last Pass offers credit monitoring
  36. 36. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Other Password Managers • RoboForm • Iron Key Personal • Splash ID • Dashline • Msecure (Security Everywhere) • KeePass • Direct Pass • Norton Identity Safe • MyLok+
  37. 37. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org KeePass Roboform 1 Password SplashID
  38. 38. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Business Solutions • Some offer business options perfect for libraries • Last Pass - $24 per employee per year
  39. 39. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org To Sum: • General Security –Make it hard enough to make it not worth their time –Remove apps/programs and kill accounts you don’t use –Change your passwords frequently
  40. 40. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org To Sum: • General Security –Run your updates and patches –Redundant back ups –Be cautious and don’t leave your stuff lying around, physical or digital
  41. 41. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org To Sum: • Social engineering –Use fake personal data –Vary usernames –Don’t link everything to one email address –Be very mindful of sharing your personal data
  42. 42. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org To Sum: • 2 factor ID –Turn it on if it’s an option, and it’s a high target site like Facebook , Twitter, or Gmail
  43. 43. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org To Sum: • Good passwords –Numbers, letters, and caps –Special characters –Make ‘em long –Change ‘em often –NEVER REUSE THEM. EVER.
  44. 44. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org To Sum: • Try password managing tools –Decide which meets your personal and library needs –Ask how they maintain security of your data –Use trials to get the best fit
  45. 45. Jezmynne Dene Portneuf District Library jezmynne.dene@portneuflibrary.org Be Safe Out There! Thank you! Jezmynne Dene, MLIS Portneuf District Library Chubbuck, Idaho Jezmynne.dene@portneuflibrary.org

×