Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication and Constructing Strong Passwords.

Similar presentations


Presentation on theme: "Authentication and Constructing Strong Passwords."— Presentation transcript:

1 Authentication and Constructing Strong Passwords

2 Why are we here? Current students in an Information Systems Security class at UNM. To reach out to younger generations to inform about the importance of protecting our personal information. Realize the dangers and risks. Present opportunities in education and careers.

3 What Are We Going To Discuss? What is information security? What is information assurance? Types of authentication –Strong focus on passwords How authentication protects you from identity theft

4 Celebrity Hacking Quiz Q: Which Hollywood starlet had nude photos leaked as a result of their account being hacked?

5 Information security is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...) Information assurance (IA) is the practice of assuring information and managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes.

6 Identity Theft The fraudulent acquisition and use of a person's private identifying information, usually for financial gain. Forms of Identity Theft: Financial Social Security Driver’s License Insurance Child Identity

7 Identity Theft Statistics One incident of identity theft occurs every 3 seconds. About 7% of persons age 16 or older were victims of identity theft in Approximately 17 million people, resulting in losses of $50 Billion. The majority of identity theft incidents (85%) involved the fraudulent use of existing account information, such as credit card or bank account information. Average loss per victim is $3,500 29% of victims spent a month or more resolving problems. Close to 100 million additional Americans have their personal identifying information placed at risk of identity theft each year when records maintained in government and corporate databases are lost or stolen. One third of victims personally know the identity thief.

8 Authentication

9 Celebrity Hacking Quiz Q: Which celeb had their Twitter account hacked and tweeted “Oh yeh, Justin Bieber Sucks!!!”?

10 Why Focus on Passwords? Threat of data breaches 740 million records in 2013 Weak or stolen passwords IT IS AVOIDABLE!!!!!!!

11 Brute Force Attacks Definition Relies on computing power Time consuming

12 Dictionary Attacks Definition More efficient than brute force Common words 81 percent

13 Custom Dictionaries RockYou.com 32 million passwords –More than one of every 100 users selected “12345″ or “123456″ – One of three chose a password of six or fewer characters –60% used only alpha-numeric characters –Nearly half used names, slang words, dictionary words or other trivial passwords such as consecutive numbers

14 Worst Passwords password qwerty abc iloveyou admin letmein 1234 monkey shadow sunshine password1 princess azerty trustno Your password sucks

15 Character Length At least 8 characters 1/3 have passwords that are not 8 characters long Based on 26 character set, 30,000MIPS

16 8.3 Rule At least 8 characters (upper and lower) At least one letter At least one number At least one non- alphanumeric number Based on 82 character set, 30,000MIPS

17 Do Not Use Spouses Girlfriend/Boyfriend Children Phone numbers Social Security Numbers Birthdays Names of pets Same word as login Dictionary Words Slang words

18 Passphrase 81 percent Hard to guess, easy to remember I’m gonna make him an offer he can’t refuse

19 Duplicate Passwords 56 percent use unique passwords Access sensitive info Time consuming, but worthwhile

20 Frequently Change Password 23 percent – every six weeks 42 percent – every six months 35 percent – never Change every 30 – 90 days

21 Never Write Down Password 69 percent of class They can be stolen! Destroy ASAP

22 Never Share Passwords Asking is easier than hacking Social Engineering Most prevalent is by phone

23 Password Manager The average person has 26 online accounts How do I remember all these complicated passwords? LastPass, RoboForm, KeePass, 1PasswordLastPass

24 Two-Factor Authentication Something you have Something you know Extra layer of security Intro to Two-Factor Authentication

25 Celebrity Hacking Quiz Q: Who had their financial and personal information, including social security numbers, bank accounts, mortgages, and credit card details posted to a website as a result of being hacked?

26 Questions?

27 References 1.https://www.allclearid.com/blog/credit-card-theft-increasing-for-banks-retailers 2.http://www.eweek.com/security/targeted-attacks-weak-passwords-top-it-security-risks-in-2013/http://www.eweek.com/security/targeted-attacks-weak-passwords-top-it-security-risks-in-2013/ 3.http://www.webopedia.com/TERM/D/dictionary_attack.htmlhttp://www.webopedia.com/TERM/D/dictionary_attack.html 4.http://blog.codinghorror.com/dictionary-attacks-101/http://blog.codinghorror.com/dictionary-attacks-101/ 5.http://secureidnews.com/news-item/anatomy-of-a-password-hack-2/http://secureidnews.com/news-item/anatomy-of-a-password-hack-2/ 6.http://www.oxforddictionaries.com/us/words/how-many-words-are-there-in-the-english-languagehttp://www.oxforddictionaries.com/us/words/how-many-words-are-there-in-the-english-language 7.http://www.microsoft.com/business/en-us/resources/technology/security/5-tips-for-top-notch-password- security.aspx?fbid=EMcZBTrMlGhhttp://www.microsoft.com/business/en-us/resources/technology/security/5-tips-for-top-notch-password- security.aspx?fbid=EMcZBTrMlGh 8.https://itservices.uchicago.edu/page/good-password-practiceshttps://itservices.uchicago.edu/page/good-password-practices 9.http://blogs.computerworld.com/security/21057/paranoid-users-guide-password-protectionhttp://blogs.computerworld.com/security/21057/paranoid-users-guide-password-protection 10.https://www.silverpop.com/blog/6-Password-Best-Practiceshttps://www.silverpop.com/blog/6-Password-Best-Practices 11.http://technet.microsoft.com/en-us/library/cc784090(v=ws.10).aspx#BKMK_UserBPhttp://technet.microsoft.com/en-us/library/cc784090(v=ws.10).aspx#BKMK_UserBP 12.https://www.staysafeonline.org/blog/futurex-guest-blog-best-practices-for-password-managementhttps://www.staysafeonline.org/blog/futurex-guest-blog-best-practices-for-password-management 13.http://splashdata.com/press/worstpasswords2013.htmhttp://splashdata.com/press/worstpasswords2013.htm 14.http://www.techradar.com/us/news/internet/online-fraud-too-many-accounts-too-few-passwords http://www.techradar.com/us/news/internet/online-fraud-too-many-accounts-too-few-passwords http://searchsecurity.techtarget.com/definition/authenticationhttp://searchsecurity.techtarget.com/definition/authentication 16.http://www.wetpaint.com/news/gallery/10-celebrities-who-have-been-hacked-from-nude-photo-leaks-to-raunchy- tweets#11http://www.wetpaint.com/news/gallery/10-celebrities-who-have-been-hacked-from-nude-photo-leaks-to-raunchy- tweets#11 17.http://www.huffingtonpost.com/2013/03/12/michelle-obama-hacked-first-lady-doxxing_n_ html


Download ppt "Authentication and Constructing Strong Passwords."

Similar presentations


Ads by Google