Upload
lesley-baldwin-maxwell
View
222
Download
0
Embed Size (px)
Citation preview
Passwords
by The UTHSC Information Security Team
Before we begin…
Google Yourself!
Think Like a Hacker
Ask Yourself…
What information would a hacker need to get into any of your financial, professional, and/or personal online accounts?
Banking and Business services
How many passwords do you have?
Personal Emails
Social media and news
Work related accounts
Password 101
A secret word or phrase that must be used to gain admission to something.
A string of characters that allows access to a computer, interface, or system.
Why do I need a secure password?
Passwords are the key to your digital life.
Passwords secure vital information such as: Date of Birth
Address
Mother’s Maiden Name
Bank details
Social Security Number(s)
Other financial information
Your Entire Identity
How to create a secure password
Use a mixture of the following
CAPITAL and lower cAsE
M1xture 0f l3tt3r5 numb3r$ & $ymb0|$
Do not use your children's names, pets’ names, dates of birth, your address, grandkids names, parents names, etc. Refrain from using any names, including names of past schools/institutions you attended, organizations you have worked for, and names of town/cities/states.
What is a passphrase?
A passphrase is a sequence of words or other text used to control access to a computer system, program or data.
A passphrase is similar to a password in usage, but is generally longer for added security.
Basically, passphrases are combination of random words or sentences.
How to Create a Passphrase
Method #1 Create a sentence that you can remember.
My favorite drink is lemonade 1987!
Method #2 I want a peanut butter and jelly sandwich every Tuesday for the month.
IwaPB&Jet4tm
Use the site name to increase your security of passphrase
Youtube – Myfavoritydrinkislemonade1987!Yt
Twitter – Myfavoritydrinkislemonade1987!Tr
Facebook – Myfavoritedrinkislemonade1987!Fb
Password Hierarchy
1. Banking (These passwords should be their own and not used on sites with lower security)
2. Work and/or Employment Organization (This password should be exclusive to your work logins. Do not use this password elsewhere.)
3.Business (Amazon, iTunes, Netflix, Hulu, Etsy, Apple Pay, Groupon)
4. Email (Used to reset and control all other usernames and passwords. This password should not be used anywhere else.)
5. Social & Entertainment (Facebook, Twitter, Youtube, Internet forums)
Secure Password Tips
Dictionary passwords are easy to crack. Do not use them.
Do not write your password down and stick it to your computer, monitor, under your keyboard.
Use a Mnemonic or a sequential pattern to remember your passwords
So many passwords, so little time…What’s the solution?
Password managers Are great to keep track of passwords
Should be encrypted
Uses a master password to keep your other passwords
Should have a cloud backup
Better than writing them in a “password book” (Never a good option)
Managing Passwords/Passphrases
A password manager is a software application that helps a user store and organize passwords.
Password managers usually store passwords encrypted, requiring the user to create a master password;
a single, ideally very strong password which grants the user access to their entire password database.
Advantages
Password management tools are really good solutions for reducing the likelihood that passwords will be compromised
No more easily lost scraps of paper!
Online or Cloud-based
Access your data from any computer, 24/7
No downloading software
Many password managers to try and choose what best fits your needs
Disadvantages
Because any computer or system is vulnerable to attack, relying on a password management tool creates a single point of potential failure.
If you forget the master password, all your other passwords in the database are lost forever, and there is no way of recovering them. Don’t forget the master password!
Most Common “Password Manager”
Choosing Password Managers
Users must be extra careful in choosing a provider.
Make sure they're a valid and reputable vendor.
TRIAL!!! Try recommended managers.
Recommended Password Managers
Dashlane (f) – keeps your passwords for you. Will go out and change your passwords on your request. It will autofill passwords on sites for you. https://www.dashlane.com
Keeper (p)– keeps your passwords and digital files for you. Encrypted and offers a cloud backup. https://keepersecurity.com/
PasswordBox (f) - keeps your passwords. Offers a digital heir feature if something were to happen to you your information would be obtainable by someone else. https://www.passwordbox.com
Last Pass (f/p) – allows you to save, organize, and access your login data. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. www.lastpass.com
Password Generator
A random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.
LAST RESORT if you cannot create a good, strong password.
Are great for those that need a password to use only once or twice.
Similar to password management but they are hard to guess when you don’t have access to your password manager.
Not heavily recommended for the normal computer user
Summary
Never write your passwords down.
Never insert and save them on an unencrypted Microsoft word document, excel spreadsheet, or any other electronic documents, including Smartphone notepads.
Easy to remember Passphrases or sentences are your best bet when creating a strong, secure password.
Always use two-factor authentication when it is provided, especially with your financial and personal or smartphone app accounts.
Are you considering a password manager and generator? Try them all out and choose which manager best suits your needs.
Still unable to create a strong password or passphrase, use a password generator as your last resort.
Lastly, when in doubt, contact your UTHSC Information Security Team or your UTHSC Helpdesk!
Fun Fact: Most Used Passwords of 2014
• 123456 • password • 12345• 12345678• qwerty• 123456789• 1234 (Up 9)• baseball
• dragon • football• 1234567 • monkey • letmein• abc123• 111111 • mustang
• access • shadow• master• michael • superman • 696969• 123123 • batman • trustno1
Condliffe, Jamie. "The 25 Most Popular Passwords of 2014: We're All Doomed." Gizmodo. N.p., 20 Jan. 2015. Web. 20 Apr. 2015.
THANKS!!!!
UTHSC Information Security Team
L. Kevin Watson
(901) 448-7010
Frank Davison
(901) 448-1260
Jessica McMorris
(901) 448-1579
Ammar Ammar
(901) 448-2163
• Information Security Email: [email protected]
• Website: security.uthsc.edu
• To report phishing and spam email forward it to [email protected]
• UTHSC Help Desk: (901) 448-2222 ext. 1 or [email protected]