5. Account Take-Over / Compromise
• We have so many online accounts
• Attackers want to have access!
oAccess private & personal information
oPretend to be us (Identify Theft)
oAccess other accounts
• Password may be the only thing between attacker and your
online account
• It is hard to have unique & secure password for all accounts
and remember them all.
6. Passwords
Related Risks
1. Weak Passwords (Guessable)
2. Leaked passwords (or Stolen)
3. Password reuse (same passwords for different online
accounts)
7. Remember
Those who collect your data may
not (know how to) secure it Users
should
asked how
their
information
is secured
Who has
access to
our Personal
Data?
8. Securing Passwords – Password Manager
• Let The Password Manager remember your password
• Unique, random, long password or passphrase for every
accounts
• 1 (secure) password to Unlock The Password Manager
• Auto-Generate Passwords & Passphrase
• Cloud based so can use in different devices
• Browser Plugin
• Password Managers – Choose One!
1Password, Bitwarden, Lastpass, Keepass
9. If you are sysadmin or app developer – please allow let users have long
passwords or passphrases
Guide users to have secure passwords
10. Managing The Risk - Preventing Account
Compromise / Take Over
• Password may not be enough
• So we strengthened the security with
Multi-Factor Authentication
oMulti-Factor Authentication (MFA) is
the process of signing in to an account
using two pieces of information.
oEnable MFA for your Password Manager
• Also – Two Step Authentication*
Enable
MFA/2FA
NOW**
List all of
your online
accounts
If not
available?
11. Different Ways of MFAs
APP on Mobile
TOTP
Authy, Duo, Google Authenticator,
Password Managers
Hardware Security Key
Security Code
via SMS
Push
Notification –
apple.id
12. MFA is good but, we need to
• Secure our device (physically) and hardware
keys
• Secure our number (SIM Hijacking / SIM
Swapping)
• Secure our email accounts*
• Secure Back-up Codes if lose all of the above
• Be vigilant – check login histories, alerts
Request
Platform /
Account
Provider to
enable MFA or
2FA
It’s a hassle
but reduces
the risk!