Recommended
More Related Content
What's hot
What's hot (20)
Similar to Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
Similar to Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords (20)
More from rmortiz66
Recently uploaded
Recently uploaded (20)
Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
- 1. PREPARE FOR PRACTICE Don't Forget Your (Virtual) Keys: Creating and Using Strong Passwords
- 2. Source: http://www.informationisbeautiful.net/visualizations/ worlds-biggest-data-breaches-hacks/
- 4. TODAY’S AGENDA • Creating strong passwords • Monitoring your passwords • Remembering your passwords • Recovering from a stolen password • More information
- 5. ARE YOU USING STRONG PASSWORDS? • How secure is my password? (sponsored by Dashlane) • The Password Meter
- 6. AVOID BAD PASSWORDS Source: https://www.teamsid.com/worst-passwords-2016/
- 7. THINK BIG!
- 8. SOME TIPS: Do • Start with: • Sentence (abbreviated) • Passphrase • Misspelled longer words • Unrelated words string • Add upper and lower case • Add some numbers • Add some symbols Don’t • Repeat part of your user name • Use something others know about You • Use real words only • Only replace letters with symbols to make common words more “secure” • Write down your passwords (use a password manager)
- 9. EXAMPLES Starting Points • Abbreviated sentence: • The first President was George Washington TfPwGeoWash • Passphrase: • President Barack Obama attended Columbia and Harvard Law • BarackObamaColumbiaHarvardLaw
- 10. EXAMPLES Starting Points (cont’d) • Misspelled Words: • crustacean exoskeleton crostescien eksoschelatun • Unrelated words string: • Newporthippogreenpopcorn
- 11. EXAMPLES (CONT’D) Add: Upper and Lower Case • TfPwGeoWash TfPwGeOWasH • BarackObamaColumbiaHarvardLaw BaracKObamAColumbiAHarvarDLaw • crostescien eksoschelatun CrosTeScienEksoScheLaTun • Newporthippogreenpopcorn NewPortHipPoGrEenPopCorn
- 12. EXAMPLES (CONT’D) Add: Numbers & Symbols • TfPwGeOWasH 17TfPwGeOWasH99 17TfPwG$OW@sH99* • BaracKObamAColumbiAHarvarDLaw 61BaracKObamA83ColumbiA91HarvarDLaw 61B@racKOb@mA83Co!umbiA91H@rvarDLaw# • CrosTeScienEksoScheLaTun Cr0sT3ScienEks0Sch3LaTun Cr0sT3Sc!enEks0Sch3L@Tun • N3wP8r+H!pP0GrE#nP@pCorn Learn More: See Resources: Creating Strong Passwords on the class page for more ideas on creating strong passwords.
- 13. AVOID USING THE SAME PASSWORD REPEATEDLY
- 15. USE A PASSWORD MANAGER See: Use a Password Manager on the class page for links to these products.
- 16. PASSWORD MANAGER KEY FEATURES • Operating systems • Browser integration/Form Filling • Mobile Platforms • Secure sharing • Password generation • Price: Free, Freemium, Paid, Educational discounts • BONUS! Security Alerts • BONUS! Two factor authentication
- 17. “Lastpass, a company that offers users a way to centrally manage all of their passwords online with a single master password, disclosed Monday that intruders had broken into its databases and made off with user email addresses and password reminders, among other data.” – Posted June 16, 2015 Source: http://krebsonsecurity.com/2015/06/password-manager-lastpass-warns- of-breach/ BUT KEEP IN MIND…
- 18. HOW ELSE CAN YOU PROTECT YOURSELF? • Don’t share passwords with anyone! • Don’t reuse passwords on important sites. • If you do share a password, share WISELY via email. • Monitor your email addresses. • Use multi-factor authentication, when available. • Add password recovery features to your accounts.
- 20. MONITOR YOUR EMAIL • BreachAlarm • ‘;--have I been pwned
- 21. USE MULTI-FACTOR AUTHENTICATION WHEN AVAILABLE
- 22. FACTOR: WHAT YOU KNOW What is your mother’s maiden name?
- 23. FACTOR: WHAT YOU HAVE
- 24. FACTOR: WHO YOU ARE Source: http://en.wikipedia.org/wiki/Multi-factor_authentication#Background
- 25. ADD PASSWORD RECOVERY FEATURES • Choose your reminders and questions wisely! • Safe • Stable • Memorable • Simple • Many • Choose questions that satisfy one or more of these criteria. Source: http://goodsecurityquestions.com/examples
- 26. RECOVERING FROM A STOLEN PASSWORD • Change the password • Assess & repair the damage • Scan & protect your systems for vulnerabilities
- 27. ASSESS & REPAIR THE DAMAGE: EMAIL & SOCIAL MEDIA • Facebook: Hacked Accounts • Twitter: My Account has been hacked • Instagram: Hacked account • Snapchat: My account is hacked • Google: You think someone else is using your account • RWU Email: 401-254-6363 (Media•Tech Support Center)
- 28. ASIDE: SOCIAL MEDIA SAVVY • Know and use the security features of your social media sites. • Be careful who “friends”, “follows”, or “links” to you. • Keep your personal information private. • Review regularly “apps” and other tools that link to your social media accounts!
- 29. ASSESS THE DAMAGE: FINANCES • Check your credit report: annualcreditreport.com • Monitor your accounts • Know the difference between your options: fraud alert, lock, security freeze • Federal Trade Commission: Place a Fraud Alert • Contact the credit bureaus: • Equifax, Experian, Transunion
- 30. PROTECT YOUR SYSTEMS! • Computers, Antivirus: • Avast! (W/M) • Microsoft Security Essentials (W) • Sophos (M) • Computers, Malware: • Malwarebytes (W) • Sophos (M) • Tablets/phones: • Add security lock • Find my iPad/iPhone • Lookout Mobile Security (Android/iOS)
- 31. PROTECT YOUR SYSTEMS! • IoT/”Smart” devices (e.g. Amazon Echo, Fitbit, Webcams)* • Change default passwords • Update the “firmware” regularly • Use encryption • Set up a private network for the devices • Limit connections to “updates only” • BitDefender Box * See How To Protect Your IoT Devices
- 32. IMAGE CREDITS • Think big: “Magic 8 Ball” by “Christian Heldt”. • Change your passwords often: “All four seasons – Outside my window” by Sundar M licensed under CC by SA 2.0
- 33. IMAGE CREDITS • Avoid Using the Same Password Repeatedly: “MoneyCash” by 2bgr8STOCK , licensed under CC by 3.0; “Instagram and other Social Media Apps” by Jason Howie, licensed under CC by 2.0. Other images courtesy of RWULaw, Microsoft. • I changed all my passwords to “incorrect”: “You’ll never forget your password ever again” by Meme Binge, licensed under CC by 2.0.
- 34. IMAGE CREDITS • Use Multi-Factor Authentication when Available: “Step 1: Ready your ATM card” by Colin McCloskey, licensed under CC by NC-SA 2.0. • Factor: What you Know: “ATM keypad 2/4” by redspotted, licensed under CC by 2.0.
- 35. IMAGE CREDITS • Factor: What You Have: • ATM card: “PHOTO365 DAY 4” by Allan Donque, licensed under CC by 2.0 • Security keys: “RSA Tokens” by Edwin Sarmiento, licensed under CC by SA 2.0 • Mobile phone: “Sony Experia Neo MT15i Mobile Phone” by Matt Kleffer, licensed under CC by SA 2.0
- 36. IMAGE CREDITS • Factor: Who You Are: • Fingerprint: “Fingerprint” by Jose Luis Agapito, licensed under CC by ND 2.0 • Eye Scan: iRobot Eye v2.o, by Tc Morgan, licensed under CC by NC SA 2.0 • Face recognition: “MyHeritage.com Face Recognition” by MyHeritage.com
- 37. QUESTIONS? • Let us know! lawlibraryhelp@rwu.edu or 401-254-4547 • Class Webpage: http://lawguides.rwu.edu/appyhour/passwords
Editor's Notes
- Redsox = Instantly Redsox2004 = 6 years Thebostonredsoxrule = 3 quadrillionyears Th3B@st0nr3ds@Ru13 = 71 Quadrillion years
- Note that while some systems will require symbols, sometimes the symbols you may use are restricted. Follow these basic principles with whatever you are allowed to use.
- Select a sentence, phrase, or words that are meaningful to you. History buff? Use a historical fact as a base sentence. Creating a login for a school page? Use multiple facts about yourself as the passphrase.
- Bio major? Use terms from your field as a starting point. String a few favorite things of unrelated things: town, animal, color, snack
- Use “systems” to add to your base password. In the first two examples, since I already had some upper case where it would normally be used, I added it at the end of words, consistently. For the last example, I used uppercase for each syllable.
- If possible, use related numbers to add to your password, but use them unexpectedly. For example, while many may remember that George Washington was president from 1789 to 1797, it might be harder for some to guess that he died in 1799. For Barack Obama, the years would normally appear after the related fact, but here we put the years of birth and graduations before the names. For misspelled words that don’t have a number easily associated with them, you can use common replacement symbols for letters. Misspelled longer words are unlikely to be in a hacker dictionary. Use a system, however. Here, the first o and e that are not the first letter of the syllable were replaced with zero and three, respectively. Add symbols unexpectedly. Many people use an exclamation mark at the end of a password. Add it to replace ones, ells, or eyes. The @ symbol is frequently used for the letter a, so that is an easy substitution as long as you have changed enough other characters ---The three passwords created here passed “How Secure is My Password” with flying colors, and would take trillions or more years to be cracked by a computer.
- But use some common sense. Hackers want your personal/financial/health info, not your research (at least while you’re in law school). All of my passwords for research related sites are the same or a variation of a word that I use, if the site requires a more secure password. Hackers will not be trying to hack my HeinOnline or EBSCO password, they want my American Express password! As a rule of thumb, if a site has financial, health or personal information about you that could be used to hack your other accounts, then you need a unique password for that site.
- While some systems will force you to change passwords every semester or every x number of days, many will not. Schedule password changes for sensitive accounts according to the seasons, at least once a year. You don’t have to change all of them at once. For example, you could change school related ones in the fall, money related ones in the spring, passwords for fun things in the summer, and work related ones in the winter.
- If you are using longer and complex passwords, writing them down may defeat the purpose of creating them! A password manager can help!
- The moral here is that even password managers are vulnerable. So use something memorable that only you and a trusted relative will know. Pick reminder questions that others can't answer by using Google or Facebook. Use an intricate fact as your passphrase. For example, something from your childhood or something memorable from a TV show or movie that you like. It could be something like “My brother’s sport in high school was track and field” or “Dexter called his brother Biney when he was a kid” (both true). My passphrase for my password manager is a favorite childhood memory that is not on social media or the web and very few people know.
- I've aor easy discussed the first three, now let's look at others.
- BUT SEE LASTPASS BREACH
- Fraud alert: A fraud alert allows creditors to get a copy of your credit report as long as they take steps to verify your identity. Placing a fraud alert is free. The initial fraud alert stays on your credit report for 90 days. Be sure the credit reporting companies have your current contact information so they can get in touch with you. Lock: Ability to lock and unlock your credit report. Free to $24.99 per month. Freeze: The credit bureau restricts access to your credit report, to prevent open new accounts in your name. There may be a fee, depending on state law.