Rick Chin, profile picture
Uploaded byRick Chin
PDF, PPTX5,921 views

Password Management

The document discusses the challenges and strategies related to password management, including the importance of creating complex yet memorable passwords and the dangers of reusing passwords. It emphasizes the use of password managers as a secure way to store and manage passwords, highlighting their features and providing examples of popular tools. Overall, it offers insights into enhancing password security to protect against hacking and other threats.

Embed presentation

Download as PDF, PPTX
Password Management by Rick Chin May 14, 2015
Topics • Password Problems • Password Security • Password Strategies • Password Managers
Passwords Problems • Too Simple • Passwords are Reused • Too Many Passwords/Sites to Maintain • Too Complicated • Sometimes Passwords Expire and Must Be Changed
Passwords Threats • You (are too trusting and don’t believe it will happen to you) • Easier to Guess than Expected • Brute Force • Hacking / Keyboard Loggers / Sniffing / Nosy People • Social Engineering • Use Familiar “Tricks” • Transformations and substitutions (f00tb@ll or sdrawkcab) • Keyboard patterns (qwertyasdf) • Padding (Montana12&*-&*-&*-)
Password Security • Passwords need to be mathematically complex • Passwords are more guessable than you think • “Complex” is not the same as “Complicated” • Passwords need to be memorable
Complexity Components • Length • Character Set (letters, numbers, symbols) • Randomness (absence of a discernible pattern) • Ladnomics (not a word but follows a pattern) • 8vgz2N'A (no discernable pattern)
 8 visa golf zip 2 NUT ' APPLE
Password Length Flaws • possibilities - 13 characters long • Readable • Dictionary word • Not complex • iYb48zJ# - 8 characters long • Short but complex • Not memorable

Character Set Flaws • P@ssw0rd • Multiple character sets • Easily broken by a computer
Complexity:
 human vs. computer
Can You Crack This? (Test 1) Password: SjdlDijo <— what’s my pattern?
Can You Crack This? (Answer 1) • RickChin - shift one character in the alphabet • A computer will crack this in under 1 second
Can You Crack This? (Test 2) Password: SkfoHnpw <— what’s my pattern?
Can You Crack This? (Answer 2) • RickChin - shift 1x(character position) characters in the alphabet, character by character • R =1, shift one to S • i = 2, shift two to k • c = 3, shift 3 to f • etc. • A computer will crack this quickly
Why Your Passwords
 Need Help • A computer will crack over 2 billion password combinations in less than 1 second • If a human could crack 1 password combination per second continuously (but we can’t), it would take 3.8 years to crack 2 billion
Password Cracking • There are many free and commercially available password crackers and recovery tools • Rainbow tables and more • Databases of pre-cracked (i.e., no computational delay) lists of password combinations
Ways People Keep Their Passwords • Post It Notes • Taped to the bottom of their keyboard • Text, Word, or Excel file on their desktop (password protected or not) • No place, I use (one, two, three) main passwords and rotate between them
What Happens When a Password is Compromised • Passwords are often entered into a program/database that tries to access every major bank, credit card company, payment system, retail stores, email systems, and more at blistering speed • They will cross-match with public information records for addresses and other information to answer security questions • Information gathered from one system (like email addresses or mother’s maiden name) will be used in attacks on other systems • For this reason, reusing passwords is one of the most dangerous practices you can do
Password Strategy • There are a few key passwords you must know • Generally these are passwords you might need often or in an emergency to get access to everything else. Common examples: • Master password for a password manager • Computer login password • Your Apple ID password • Dropbox or cloud storage password • Create strong but memorable passwords for these • Practice and memorize them • Use a Password Manager for everything else
Password Managers • A software vault that stores your passwords encrypted • Has a master password that grants access to all the other passwords • Can generate and store random complex passwords that you can use instead of less complex passwords • Syncs your passwords and makes them available on the devices you use, wherever you are, even without Internet access
Suggested Features • Works in a browser, preferably also on your phone and tablet • Autofills most places (occasionally you’ll need to copy and paste) • Syncs via Dropbox, iCloud, or their own cloud service • Preferably syncs automatically, not just when you manually initiate a sync • Allows you to share certain logins securely with other people (like family members)
Example Password Managers • 1Password - www.agilebits.com • LastPass - www.lastpass.com • Dashlane - www.dashlane.com • Roboform - www.roboform.com • iCloud Keychain - availability began in OS X 10.9 and iOS 7

More Related Content

PPTX
Cybersecurity Strategies for Effective Attack Surface Reduction
bySecPod
 
PPTX
Password Attack
bySina Manavi
 
PPTX
Cyber security
byAkdu095
 
PPTX
Brute force-attack presentation
byMahmoud Ibra
 
PPTX
Password management
byWilmington University
 
PPTX
Brute Force Attack and Its Prevention.pptx
byhamzajawad10
 
PPTX
Email Security Awareness
byDale Rapp
 
PPTX
Cyber Security(Password Cracking Presentation).pptx
byVASUOFFICIAL
 
Cybersecurity Strategies for Effective Attack Surface Reduction
bySecPod
 
Password Attack
bySina Manavi
 
Cyber security
byAkdu095
 
Brute force-attack presentation
byMahmoud Ibra
 
Password management
byWilmington University
 
Brute Force Attack and Its Prevention.pptx
byhamzajawad10
 
Email Security Awareness
byDale Rapp
 
Cyber Security(Password Cracking Presentation).pptx
byVASUOFFICIAL
 

What's hot

PDF
14 tips to increase cybersecurity awareness
byMichel Bitter
 
PDF
Password management
byPortalGuard dba PistolStar, Inc.
 
PPTX
Encryption ppt
byAnil Neupane
 
PPTX
Access Control authentication and authorization .pptx
bybirhanugirmay559
 
PDF
Network security - OSI Security Architecture
byBharathiKrishna6
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
PPT
Information Security & Cryptography
byArun ACE
 
PPTX
Network security
byEstiak Khan
 
PDF
Cloud Security And Privacy
bytmather
 
PPTX
Strong Passwords
byNorth Carolina State University
 
PPTX
Password cracking and brute force
byvishalgohel12195
 
PPT
Password Management
byDavon Smart
 
PPTX
One time pad Encryption:
byAsad Ali
 
PPTX
Hyphenet Security Awareness Training
byJen Ruhman
 
PDF
Cyber Security Awareness
byRamiro Cid
 
PDF
Public key Infrastructure (PKI)
byVenkatesh Jambulingam
 
PDF
Hunting: Defense Against The Dark Arts
bySpyglass Security
 
PPTX
public key infrastructure
byvimal kumar
 
PPTX
Ethical hacking - Footprinting.pptx
byNargis Parveen
 
ODP
Cyber security awareness
byJason Murray
 
14 tips to increase cybersecurity awareness
byMichel Bitter
 
Password management
byPortalGuard dba PistolStar, Inc.
 
Encryption ppt
byAnil Neupane
 
Access Control authentication and authorization .pptx
bybirhanugirmay559
 
Network security - OSI Security Architecture
byBharathiKrishna6
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
Information Security & Cryptography
byArun ACE
 
Network security
byEstiak Khan
 
Cloud Security And Privacy
bytmather
 
Strong Passwords
byNorth Carolina State University
 
Password cracking and brute force
byvishalgohel12195
 
Password Management
byDavon Smart
 
One time pad Encryption:
byAsad Ali
 
Hyphenet Security Awareness Training
byJen Ruhman
 
Cyber Security Awareness
byRamiro Cid
 
Public key Infrastructure (PKI)
byVenkatesh Jambulingam
 
Hunting: Defense Against The Dark Arts
bySpyglass Security
 
public key infrastructure
byvimal kumar
 
Ethical hacking - Footprinting.pptx
byNargis Parveen
 
Cyber security awareness
byJason Murray
 

Viewers also liked

PDF
Password Manager: Detailed presentation
byHitachi ID Systems, Inc.
 
PPTX
Viruses & security threats
bywardjo
 
DOCX
Lyons Document Storage Corporation: Bond Accounting
byVijay Somu
 
PPT
Counter Measures Of Virus
byshusrusha
 
PPTX
roberts portfolio
byrobertpettigrew
 
PPTX
Tech Ed 2011 Preso
byPAUL CONROY
 
PPT
Voice Biometrics automated password_reset
byKunal Grover
 
PPTX
Authentication(pswrd,token,certificate,biometric)
byAli Raw
 
PPT
Intruders
bytechn
 
PPTX
Intrusion detection
byUmesh Dhital
 
PPT
Intruders and Viruses in Network Security NS9
bykoolkampus
 
DOC
Mass User Password Reset Using Lsmw
byDitto S Perumalsami
 
PPT
Firewalls
byRam Dutt Shukla
 
PPT
Intrusion detection system ppt
bySheetal Verma
 
PPSX
Intrusion detection system
bygaurav koriya
 
PPT
Step by step lsmw tutorial
byraonivaz
 
Password Manager: Detailed presentation
byHitachi ID Systems, Inc.
 
Viruses & security threats
bywardjo
 
Lyons Document Storage Corporation: Bond Accounting
byVijay Somu
 
Counter Measures Of Virus
byshusrusha
 
roberts portfolio
byrobertpettigrew
 
Tech Ed 2011 Preso
byPAUL CONROY
 
Voice Biometrics automated password_reset
byKunal Grover
 
Authentication(pswrd,token,certificate,biometric)
byAli Raw
 
Intruders
bytechn
 
Intrusion detection
byUmesh Dhital
 
Intruders and Viruses in Network Security NS9
bykoolkampus
 
Mass User Password Reset Using Lsmw
byDitto S Perumalsami
 
Firewalls
byRam Dutt Shukla
 
Intrusion detection system ppt
bySheetal Verma
 
Intrusion detection system
bygaurav koriya
 
Step by step lsmw tutorial
byraonivaz
 

Similar to Password Management

PDF
Why is password protection a fallacy a point of view
bySTO STRATEGY
 
PDF
W make107
byGreg in SD
 
PDF
OlgerHoxha_Thesis_Final
byOlger Hoxha, CISSP CISM
 
DOCX
Password Cracking
byHajer alriyami
 
PDF
How to Design Passwords
byUniversity of Hertfordshire
 
PPT
Computer Privacy:Passwords-Mike B.
byMike Barker
 
PDF
Password Strength Policy Query
byGloria Stoilova
 
PDF
How to choose a password that’s hard to crack
byKlaus Drosch
 
PDF
W make107
byGreg in SD
 
PPTX
Best Practices for Password Creation
bynFront Security
 
PDF
Why is password protection a fallacy a point of view
byYury Chemerkin
 
PDF
PASSWORD BEST PRACTICES
byRazorpoint Security
 
PDF
Password War Games Webinar
bynCircle - a Tripwire Company
 
DOC
Password Policies
byallengalvan
 
DOCX
Password managers
byMacapple
 
PPTX
The strategies of password
byMohammedAlhamoodi
 
PPTX
Securing password
bysplendorcollege
 
PPTX
Password
byTalesun Solar USA Ltd.
 
PPTX
Sample2
bygueste7ae84e1
 
PPTX
Sample2
byguestb98918d
 
Why is password protection a fallacy a point of view
bySTO STRATEGY
 
W make107
byGreg in SD
 
OlgerHoxha_Thesis_Final
byOlger Hoxha, CISSP CISM
 
Password Cracking
byHajer alriyami
 
How to Design Passwords
byUniversity of Hertfordshire
 
Computer Privacy:Passwords-Mike B.
byMike Barker
 
Password Strength Policy Query
byGloria Stoilova
 
How to choose a password that’s hard to crack
byKlaus Drosch
 
W make107
byGreg in SD
 
Best Practices for Password Creation
bynFront Security
 
Why is password protection a fallacy a point of view
byYury Chemerkin
 
PASSWORD BEST PRACTICES
byRazorpoint Security
 
Password War Games Webinar
bynCircle - a Tripwire Company
 
Password Policies
byallengalvan
 
Password managers
byMacapple
 
The strategies of password
byMohammedAlhamoodi
 
Securing password
bysplendorcollege
 
Password
byTalesun Solar USA Ltd.
 
Sample2
bygueste7ae84e1
 
Sample2
byguestb98918d
 

Recently uploaded

PPT
Telecommunication system introduction to wireless communication
by143irha
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfortable, Stable Mobility for Every...
byTopmate
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PDF
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
PDF
January Patch Tuesday
byIvanti
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
PPTX
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PDF
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
PPTX
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
PPTX
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PDF
Français Patch Tuesday - Janvier
byIvanti
 
PDF
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
PDF
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 
Telecommunication system introduction to wireless communication
by143irha
 
TopMate ES11 3-Wheel Electric Scooter: Comfortable, Stable Mobility for Every...
byTopmate
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
Profiting from Technological Innovation: Managing Intellectual Property to Bu...
byDavid Teece
 
TopMate ES11 3-Wheel Electric Scooter: Comfort, Stability, and Independence f...
byTopmate
 
January Patch Tuesday
byIvanti
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
6 Insights from the Patron Saint of AI Failure
byScott M. Graffius
 
Single Cell Protein from Methane or Methanol - Process development research c...
byJohn Downs
 
CodeMash 2026 - Optimizing Azure App Services
byBrian McKeiver
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
Français Patch Tuesday - Janvier
byIvanti
 
Building Voice Agents with Google Agent Development Kit
bySuresh Peiris
 
Adding Copilot+ PCs with Snapdragon to your HP fleet won’t require IT deploym...
byPrincipled Technologies
 

Password Management

  • 1.
  • 2.
    Topics • Password Problems •Password Security • Password Strategies • Password Managers
  • 3.
    Passwords Problems • TooSimple • Passwords are Reused • Too Many Passwords/Sites to Maintain • Too Complicated • Sometimes Passwords Expire and Must Be Changed
  • 4.
    Passwords Threats • You(are too trusting and don’t believe it will happen to you) • Easier to Guess than Expected • Brute Force • Hacking / Keyboard Loggers / Sniffing / Nosy People • Social Engineering • Use Familiar “Tricks” • Transformations and substitutions (f00tb@ll or sdrawkcab) • Keyboard patterns (qwertyasdf) • Padding (Montana12&*-&*-&*-)
  • 5.
    Password Security • Passwordsneed to be mathematically complex • Passwords are more guessable than you think • “Complex” is not the same as “Complicated” • Passwords need to be memorable
  • 6.
    Complexity Components • Length •Character Set (letters, numbers, symbols) • Randomness (absence of a discernible pattern) • Ladnomics (not a word but follows a pattern) • 8vgz2N'A (no discernable pattern)
 8 visa golf zip 2 NUT ' APPLE
  • 7.
    Password Length Flaws •possibilities - 13 characters long • Readable • Dictionary word • Not complex • iYb48zJ# - 8 characters long • Short but complex • Not memorable

  • 8.
    Character Set Flaws •P@ssw0rd • Multiple character sets • Easily broken by a computer
  • 9.
  • 10.
    Can You CrackThis? (Test 1) Password: SjdlDijo <— what’s my pattern?
  • 11.
    Can You CrackThis? (Answer 1) • RickChin - shift one character in the alphabet • A computer will crack this in under 1 second
  • 12.
    Can You CrackThis? (Test 2) Password: SkfoHnpw <— what’s my pattern?
  • 13.
    Can You CrackThis? (Answer 2) • RickChin - shift 1x(character position) characters in the alphabet, character by character • R =1, shift one to S • i = 2, shift two to k • c = 3, shift 3 to f • etc. • A computer will crack this quickly
  • 14.
    Why Your Passwords
 NeedHelp • A computer will crack over 2 billion password combinations in less than 1 second • If a human could crack 1 password combination per second continuously (but we can’t), it would take 3.8 years to crack 2 billion
  • 15.
    Password Cracking • Thereare many free and commercially available password crackers and recovery tools • Rainbow tables and more • Databases of pre-cracked (i.e., no computational delay) lists of password combinations
  • 16.
    Ways People KeepTheir Passwords • Post It Notes • Taped to the bottom of their keyboard • Text, Word, or Excel file on their desktop (password protected or not) • No place, I use (one, two, three) main passwords and rotate between them
  • 17.
    What Happens Whena Password is Compromised • Passwords are often entered into a program/database that tries to access every major bank, credit card company, payment system, retail stores, email systems, and more at blistering speed • They will cross-match with public information records for addresses and other information to answer security questions • Information gathered from one system (like email addresses or mother’s maiden name) will be used in attacks on other systems • For this reason, reusing passwords is one of the most dangerous practices you can do
  • 18.
    Password Strategy • Thereare a few key passwords you must know • Generally these are passwords you might need often or in an emergency to get access to everything else. Common examples: • Master password for a password manager • Computer login password • Your Apple ID password • Dropbox or cloud storage password • Create strong but memorable passwords for these • Practice and memorize them • Use a Password Manager for everything else
  • 19.
    Password Managers • Asoftware vault that stores your passwords encrypted • Has a master password that grants access to all the other passwords • Can generate and store random complex passwords that you can use instead of less complex passwords • Syncs your passwords and makes them available on the devices you use, wherever you are, even without Internet access
  • 20.
    Suggested Features • Worksin a browser, preferably also on your phone and tablet • Autofills most places (occasionally you’ll need to copy and paste) • Syncs via Dropbox, iCloud, or their own cloud service • Preferably syncs automatically, not just when you manually initiate a sync • Allows you to share certain logins securely with other people (like family members)
  • 21.
    Example Password Managers • 1Password- www.agilebits.com • LastPass - www.lastpass.com • Dashlane - www.dashlane.com • Roboform - www.roboform.com • iCloud Keychain - availability began in OS X 10.9 and iOS 7