Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Managing Your Risks – The Problem of Passwords


Published on

We all use passwords; for our banking cards, for our emails, to log into our work environment, to access our computers and mobile devices and for all the various apps on those devices, for our social media account, and more. They have become commonplace in our society, yet provide us with a false sense of security. This presentation will discuss the inherent failures when using passwords, how they are now being used against us to commit cyber-crimes, what we need to be doing currently to protect ourselves, and what the future of passwords may hold.

Main points covered:

• How criminals are using our passwords to commit cyber-crimes
• Managing passwords and current ways to protect your data
• What the future may hold for our passwords


Ryan Duquette is passionate about digital forensic investigations and with keeping others from being victimized. He's a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He founded Hexigent Consulting which is a firm focusing on digital investigations, cyber security consulting services and litigation support. Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches He is a sessional lecturer at the University of Toronto teaching digital forensics, holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications. Ryan is a director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide.

Recorded webinar:

Published in: Education
  • Be the first to comment

  • Be the first to like this

Managing Your Risks – The Problem of Passwords

  1. 1. Rank 2011 2012 2013 2014 2015 2016 2017 1 password password 123456 123456 123456 123456 123456 2 123456 123456 password password password password password 3 12345678 12345678 12345678 12345 12345678 12345 12345678 4 qwerty abc123 qwerty 12345678 qwerty 12345678 qwerty 5 abc123 qwerty abc123 qwerty 12345 football 12345
  2. 2. NIST Special Publication 800-63A
  3. 3. P@ssw0rdJan18 P@ssw0rdDec18
  4. 4. NIST Special Publication 800-63B
  5. 5. • Default Passwords • How criminals are using breach data • How our emails and passwords can be used to find our personal information • Steps to mitigate those risks.
  6. 6. Breach Data
  7. 7. • Average Business User Has 191 Passwords • The average 250-employee company has 47,750 passwords in use • 61% of people to use the same or a similar password everywhere, despite knowing that it's not a secure practice
  8. 8. From: Paton Reiner <jrrein*****> Date: July 20, 2018 at 12:32:24 PM EDT To: "__________________ (redacted)" Subject: (redacted - this was the recipients "username" and "password")
  9. 9. Current Landscape
  10. 10. (-1i3Zp9lNF6JhK^Ffg- &CZ1xc4b=S.+bZUfV v51g?M6v2BB`T
  11. 11. Two-Factor Authentication Something you know: Password Something you have: One Time Password Token, or OTP app
  12. 12. Two Factor Authentication
  13. 13. The Password is dead, Long live the ?
  14. 14. Three-Factor Authentication Something you know Something you have Something you are: biometrics, iris scan, Voice/facial recognition
  15. 15. Four-Factor Authentication Something you know Something you have Something you are Somewhere you are: IP address, MAC address, Geo location
  16. 16. Five-Factor Authentication Something you know Something you have Something you are Somewhere you are Something you do: gestures, eye movement, breathing patterns
  17. 17. ISO/IEC 27032 Training Courses • ISO/IEC 27032 Introduction 1 Day Course • ISO/IEC 27032 Foundation 2 Days Course • ISO/IEC 27032 Lead Cybersecurity Manager 5 Days Course Exam and certification fees are included in the training price.
  18. 18. THANK YOU ?