Digital SecurityDefending Your Accounts, Devices, & Anonymity

The Current Environment Information is power! Tech is very good today… even for hackers

John the Ripper & GPUs Hacking effected 48% of Americans in 2014 &

cost businesses nearly $500mil in losses 3.1 million Americans had their phones stolen in

2013 (1.4 million lost their phones) Not all hackers are evil (black hat)

White hats find and help fix problems Nations are also in the game

Stuxnet worm PRISM program

Bugs (Heartbleed)

Types of Threats

Brute force hacking John the Ripper

Social engineering Con men

Packet sniffing WireShark

Robbery 3.1 million

Viruses/worms Bugs

Cryptographic Standards

PGP AES RSA

PBKDF2: Password-Based Key Derivation Function 2

WPA 2 (WiFi Protected Access) WiFi encryption

TLS (https) Internet communication encryption

Biometric Authentication

Print scan (Touch ID / hand) Mostly safe from everyone but the police

Eye scan (retina / iris) Odor sensor (breath) Voice recognition Face recognition

Good Passwords (aren’t passwords)

The best password is a semisensical passphrase th3Qu!ckBr0wnf0XjumP3d.

Minimum 9 characters including both upper & lowercase letters, numbers, and specials Here’s a strong/unique passcode: !sWt^

%vTR]/9 Two-factor authentication (2FA) can also be

used for additional security Sadly, some sites restrict passcodes to 15

characters and/or do not allow specials

2-Factor Authentication (2FA) Something you know & something you

have Apple Google Microsoft Facebook Yahoo Evernote Cloud storage (Tresorit) E*Trade, Vanguard, PayPal, etc… Many more!

Password Managers (Vaults) 80% of top security experts use one!

1Password LastPass KeePass Dashlane OneSafe

iOS Keychain Apple devices only

Browsers Computer / Device specific

Routers

Change the router name ASAP Change the admin password ASAP Change the gateway’s IP address Use WPA2 with AES encryption!

The Future

Quantum computing Massively parallel Current passwords snap like a twig

Quantum encryption Unbreakable The act of intercepting it breaks it

Virtual Private Networks (VPNs)

VPNs Route users through multiple IPs

masking their identity and location TOR

Browser based Uses proxies

Closing Thoughts…

Always use HTTPS for commerce & utilize the EFF’s HTTPS Everywhere extension

Use 2FA on password recovery email accounts Do not underestimate the physical security of

your computers & mobile devices (use a PIN) Social engineering is a powerful tool▪ As is dumpster diving

Encrypt your PC’s hard drive (VeraCrypt) Use PayPal – Keep payment info. in one place If you’re not using a password manager, write

your passcodes down and keep them in a safe place. That said, use a password manager!