Presentation on theme: "Authentication and Constructing Strong Passwords."— Presentation transcript:
Authentication and Constructing Strong Passwords
Why are we here? Current students in an Information Systems Security class at UNM. To reach out to younger generations to inform about the importance of protecting our personal information. Realize the dangers and risks. Present opportunities in education and careers.
What Are We Going To Discuss? What is information security? What is information assurance? Types of authentication –Strong focus on passwords How authentication protects you from identity theft
Celebrity Hacking Quiz Q: Which Hollywood starlet had nude photos leaked as a result of their account being hacked?
Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...) Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.
Identity Theft The fraudulent acquisition and use of a person's private identifying information, usually for financial gain. Forms of Identity Theft: Financial Social Security Driver’s License Insurance Child Identity
Identity Theft Statistics One incident of identity theft occurs every 3 seconds. About 7% of persons age 16 or older were victims of identity theft in 2012. Approximately 17 million people, resulting in losses of $50 Billion. The majority of identity theft incidents (85%) involved the fraudulent use of existing account information, such as credit card or bank account information. Average loss per victim is $3,500 29% of victims spent a month or more resolving problems. Close to 100 million additional Americans have their personal identifying information placed at risk of identity theft each year when records maintained in government and corporate databases are lost or stolen. One third of victims personally know the identity thief.
Celebrity Hacking Quiz Q: Which celeb had their Twitter account hacked and tweeted “Oh yeh, Justin Bieber Sucks!!!”?
Why Focus on Passwords? Threat of data breaches 740 million records in 2013 Weak or stolen passwords IT IS AVOIDABLE!!!!!!!
Brute Force Attacks Definition Relies on computing power Time consuming
Dictionary Attacks Definition More efficient than brute force Common words 81 percent
Custom Dictionaries RockYou.com 32 million passwords –More than one of every 100 users selected “12345″ or “123456″ – One of three chose a password of six or fewer characters –60% used only alpha-numeric characters –Nearly half used names, slang words, dictionary words or other trivial passwords such as consecutive numbers
Character Length At least 8 characters 1/3 have passwords that are not 8 characters long Based on 26 character set, 30,000MIPS
8.3 Rule At least 8 characters (upper and lower) At least one letter At least one number At least one non- alphanumeric number Based on 82 character set, 30,000MIPS
Do Not Use Spouses Girlfriend/Boyfriend Children Phone numbers Social Security Numbers Birthdays Names of pets Same word as login Dictionary Words Slang words
Passphrase 81 percent Hard to guess, easy to remember I’m gonna make him an offer he can’t refuse 1Gmh@ohCr
Duplicate Passwords 56 percent use unique passwords Access sensitive info Time consuming, but worthwhile
Frequently Change Password 23 percent – every six weeks 42 percent – every six months 35 percent – never Change every 30 – 90 days
Never Write Down Password 69 percent of class They can be stolen! Destroy ASAP
Never Share Passwords Asking is easier than hacking Social Engineering Most prevalent is by phone
Password Manager The average person has 26 online accounts How do I remember all these complicated passwords? LastPass, RoboForm, KeePass, 1PasswordLastPass
Two-Factor Authentication Something you have Something you know Extra layer of security Intro to Two-Factor Authentication
Celebrity Hacking Quiz Q: Who had their financial and personal information, including social security numbers, bank accounts, mortgages, and credit card details posted to a website as a result of being hacked?