Digital security
•Download as PPTX, PDF•
1 like•462 views
There are always tradeoffs between security & convenience… The secret to digital security: lies, random characters, and a password manager!
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Digital security
Similar to Digital security (20)
Recently uploaded
Recently uploaded (20)
Digital security
- 1. DefendingYour Accounts, Devices, & Anonymity
- 2. Information is power! Tech is very good today… even for hackers John the Ripper & GPUs Hacking effected 48% of Americans in 2014 & cost businesses nearly $500mil in losses 3.1 million Americans had their phones stolen in 2013 (1.4 million lost their phones) Not all hackers are evil (black hat) White hats find and help fix problems Nations are also in the game Stuxnet worm PRISM program Bugs (Heartbleed)
- 3. Brute force hacking John the Ripper Social engineering Con men Packet sniffing WireShark Robbery 3.1 million Viruses/worms Bugs
- 4. PGP AES RSA PBKDF2: Password-Based Key Derivation Function 2 WPA 2 (WiFi Protected Access) WiFi encryption TLS (https) Internet communication encryption
- 5. Print scan (Touch ID / hand) Mostly safe from everyone but the police Eye scan (retina / iris) Odor sensor (breath) Voice recognition Face recognition
- 6. The best password is a semisensical passphrase th3Qu!ckBr0wnf0XjumP3d. Minimum 9 characters including both upper & lowercase letters, numbers, and specials Here’s a strong/unique passcode: !sWt^%vTR]/9 Two-factor authentication (2FA) can also be used for additional security Sadly, some sites restrict passcodes to 15 characters and/or do not allow specials
- 7. Something you know & something you have Apple Google Microsoft Facebook Yahoo Evernote Cloud storage (Tresorit) E*Trade,Vanguard, PayPal, etc… Many more!
- 8. 80% of top security experts use one! 1Password LastPass Dashlane KeePass Norton Identity Safe iCloud Keychain Google Synch Browsers Computer / Device specific
- 9. Change the router nameASAP Change the admin password ASAP Change the gateway’s IP address UseWPA2 withAES encryption!
- 10. Quantum computing Massively parallel Current passwords snap like a twig Quantum encryption Unbreakable The act of intercepting it breaks it
- 11. VPNs Route users through multiple IPs masking their identity and location TOR Browser based Uses proxies
- 12. Always use HTTPS for commerce & utilize the EFF’s HTTPS Everywhere extension Use 2FA on password recovery email accounts Do not underestimate the physical security of your computers & mobile devices (use a PIN) Social engineering is a powerful tool ▪ As is dumpster diving Encrypt your PC’s hard drive (VeraCrypt) Use PayPal – Keep payment info. in one place If you’re not using a password manager, write your passcodes down and keep them in a safe place. That said, use a password manager!
Editor's Notes
- There are always tradeoffs between security & convenience…
- ashleymadison.com hack – 37 million users (10% of U.S.) Identity theft effects about 15 million Americans each year
- JtR = password cracker / can run through thousands/sec (potentially billions) Kevin Mitnick, king of hackers (con man) Cell industry: Only 47% of users use PINs to secure their phones Device kill switch was killed by Congress (Find My iPhone – find, lock, wipe / Send Last Location) Ransomware has even targeted police Firewall all routers and PCs, use virus protection (Avast), & keep your software updated!
- Pretty Good Privacy (PGP) Advanced Encryption Standard (AES) Rivest, Shamir, Adleman (RSA) Transport Layer Security (TLS)
- Not as secure as passcodes, but way more convenient. Hopefully more people will lock their devices now With Touch ID, turn phone off before dealing with police as iPhones require PIN on restart
- “Diceware” is the most effective (random) method to generate strong/unique passcodes without using a password manager 16 character+ passcodes are mostly secure from brute force attempts LIE for the answers to security questions & note the lies in your password manager! *Usernames can also be varied from site to site and changed like passwords if allowed
- REQUIRES cell phone. The “real” way is to use a 2nd phone… Authorize least two different devices & store backup codes someplace safe! Evernote can also encrypt notes internally via desktop client Tresorit : Only you hold key & servers operate under Swiss law Amazon is a holdout – Boo! Mention Vanguard’s device specific login option
- The ONLY easy way to implement both strong & unique passcodes 1Password can backup to iCloud, Dropbox, or Wifi & never stores your master key! Change password for Google Synch Recommend 2FA if backing-up to the cloud for extra security
- Default brand names, passwords, and gateway IPs are online so don’t use them! For extra security limit admin acess to Ethernet only or by MAC address
- From hundreds of millions/sec to thousands of trillions/sec
- Bonus! While you’re at it, why not browse the Internet anonymously too? Mention EFF’s new Privacy Badger extension for blocking unwanted tracking cookies
- Lock your devices with passcodes! iPhones can be set to wipe after 10 failed attempts Windows Vista+ can auto encrypt hard drive (BitLocker) Using 2FA on PayPal isn't a bad idea either... Be cautious around (unknown) open & ad hoc networks / Disable Java extension when unnecessary / Don’t use IE / Tape over webcams when not in use Apple users should also change their iCloud security key! *The secret to digital security is random characters, lies, and a password manager!