Fordham Tech. Innovators - Password Management Presentation

1,129 views

Published on

Presentation for the Fordham Technology Innovator's Council on password management strategies.

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,129
On SlideShare
0
From Embeds
0
Number of Embeds
16
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Small database program that is specifically designed to store and manage user accounts and passwords.

    It is free, “open source”; not supported by a large company, maintained by volunteers / communities of developers

    Versions exist for multiple platforms.

  • Demo of key features:
    Materials: Sample database running “Portable Apps”

    Password entries organized by “Groups”

    Main features of a record:
    Descriptive title
    Username
    URL: Web site associated with the account
    Password
    “Quality” of the password” -Bar indicates quality - harder passwords have a larger bar
    “Comments” Allow you to write additional information regarding the account
    “Attachment” Word docs, PDF’s...relevant information

    Using the database to enter usernames and passwords into a Web page
    Using the database to enter passwords Simple method to enter passwords Button, “Copy Username to Clipboard” Button “Copy password toclipboard”

    Creating a new Record:
    Choose a group, choose an icon
    Password generation
    -Get to define complexity of the password
    -Often determined by the service that you want to sign on to
    -Can assist you in generating secure passwords

    Sorting Records
    -”View” > “Auto Sort password list”

    Searching Records
    -Search by title, content



  • -Withkeypass on multiple computers, carry a “keyfile” on an external hard drive

    -MyFiles : connect to MyFiles share using “Xythos Drive” or through Mac OSX finder

    -”Dropbox”: Sync between multiple computers, may also work to sync with blackberry, iphone, etc.

    -”Portable Apps” (DEMO): run the program carry data on a USB drive; works with Windows (e.g. Smart Classroom) computers
  • Firefox for iPhone coming out.

  • Fordham Tech. Innovators - Password Management Presentation

    1. 1. Challenges and Solutions Jim Behnke and Jose DeLeon
    2. 2. …when does too many passwords become a hindrance to instructors?
    3. 3.  Student records?  Financial information?  Photos of family / friends?  Instructional materials?  Research / doctoral thesis?  Confidential survey data?  Given that user names and passwords are the norm…  Why do people use weak passwords, or no passwords at all, by preference?
    4. 4.  Too many passwords  May prevent or discourage use of technology  Difficult to track and organize efficiently  Differing password complexity requirements
    5. 5.  Creating quality passwords  Password Recall  Password uniqueness  MultifactorAuthentication  Secure storage  Portability (ability to access on multiple computers / devices)
    6. 6.  Mixed Case  Alphanumeric  SpecialCharacters  (!@#$%^&*()_+/*-+  Unambiguous characters  Il  Password Length  94x possibilities ( Z^U5yCeQ7k ) Hint: its not that easy!
    7. 7.  Memory (unreliable, impractical esp. with decent passwords)  Written Down (insecure)  Stored in a plain text file (still insecure)  Store in specialized Password Management Software
    8. 8. http://keepass.info http://lastpass.com
    9. 9. Open-source password management database James Behnke
    10. 10.  Database for secure storage of user accounts and passwords  FREE, “open- source”  Cross-platform
    11. 11.  DEMO SUMMARY:  Stores data needed to accessWeb-based applications  Tools for securely generating and evaluating passwords  Makes using passwords convenient  Encrypted data files
    12. 12.  What happens if someone steals your database file?
    13. 13.  Wikipedia definition: “encryption” “In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.” http://en.wikipedia.org/wiki/Encryption
    14. 14. DO NOT LOOSEYOUR PASSWORD OR KEY FILE!
    15. 15.  Problem: How do I carry my password database from device to device?
    16. 16.  USB Flash Drives (for data files)  MyFilesw/ “Xythos Drive” or OSX  “DropBox” (www.dropbox.com) or similar “data synchronization” service  “Portable apps” (DEMO) (http://portableapps.com/) or similar application
    17. 17. KeyPass Pros KeyPass Cons •Relatively easy to use •Free •Cross-platform inc. mobile options •Relatively secure •Widespread use, many “plugins” •e.g. synchronize databases between computers, automatically enter information instead of copying and pasting •Currently, requires additional effort / knowhow to make it portable •”Plugins” must be sought out, installed, and toyed with
    18. 18.  Browser Based  IE, Chrome, Safari, Firefox  Portable  Iphone, BlackBerry, Windows Phone, Symbian, Android  USB Flash Drive  Cloud  Security  SSL encryption on all traffic to Last Pass servers  Database encrypted/decrypted at the client side with 256-bit AES before transmission to servers  Master password stored on servers as a hash.  Screen Keyboard  Phishing Protection
    19. 19.  Multifactor Authentication  OTP – (OneTime Passwords)  YUBIKEY – token based authentication  Usability  One Master Password  Automatic Form Filling  One Click Login  SynchronizedAcross Browsers  Securely Share Login Credentials  Automatic Backup  Password Generator
    20. 20.  Firefox 4 Beta:  New Firefox provides service to synchronize passwords between computers (.MP4 video)  Google Chrome:

    ×