Presentation is loading. Please wait.

Presentation is loading. Please wait.

Passwords by The UTHSC Information Security Team.

Published byLesley Baldwin Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Passwords by The UTHSC Information Security Team."— Presentation transcript:

1 Passwords by The UTHSC Information Security Team

2 Before we begin… Google Yourself!

3 Think Like a Hacker Ask Yourself… What information would a hacker need to get into any of your financial, professional, and/or personal online accounts? Ask Yourself… What information would a hacker need to get into any of your financial, professional, and/or personal online accounts?

4 Banking and Business services Banking and Business services How many passwords do you have? Personal Emails Social media and news Work related accounts

5 Password 101  A secret word or phrase that must be used to gain admission to something.  A string of characters that allows access to a computer, interface, or system.  A secret word or phrase that must be used to gain admission to something.  A string of characters that allows access to a computer, interface, or system.

6 Why do I need a secure password?  Passwords are the key to your digital life.  Passwords secure vital information such as:  Date of Birth  Address  Mother’s Maiden Name  Bank details  Social Security Number(s)  Other financial information  Your Entire Identity  Passwords are the key to your digital life.  Passwords secure vital information such as:  Date of Birth  Address  Mother’s Maiden Name  Bank details  Social Security Number(s)  Other financial information  Your Entire Identity

7 How to create a secure password Use a mixture of the following  CAPITAL and lower cAsE  M1xture 0f l3tt3r5 numb3r$ & $ymb0|$  Do not use your children's names, pets’ names, dates of birth, your address, grandkids names, parents names, etc. Refrain from using any names, including names of past schools/institutions you attended, organizations you have worked for, and names of town/cities/states. Use a mixture of the following  CAPITAL and lower cAsE  M1xture 0f l3tt3r5 numb3r$ & $ymb0|$  Do not use your children's names, pets’ names, dates of birth, your address, grandkids names, parents names, etc. Refrain from using any names, including names of past schools/institutions you attended, organizations you have worked for, and names of town/cities/states.

8 What is a passphrase?  A passphrase is a sequence of words or other text used to control access to a computer system, program or data.  A passphrase is similar to a password in usage, but is generally longer for added security.  Basically, passphrases are combination of random words or sentences.  A passphrase is a sequence of words or other text used to control access to a computer system, program or data.  A passphrase is similar to a password in usage, but is generally longer for added security.  Basically, passphrases are combination of random words or sentences.

9 How to Create a Passphrase Method #1  Create a sentence that you can remember.  My favorite drink is lemonade 1987! Method #2  I want a peanut butter and jelly sandwich every Tuesday for the month.  IwaPB&Jet4tm Method #1  Create a sentence that you can remember.  My favorite drink is lemonade 1987! Method #2  I want a peanut butter and jelly sandwich every Tuesday for the month.  IwaPB&Jet4tm

10 Use the site name to increase your security of passphrase  Youtube – Myfavoritydrinkislemonade1987!Yt  Twitter – Myfavoritydrinkislemonade1987!Tr  Facebook – Myfavoritedrinkislemonade1987!Fb  Youtube – Myfavoritydrinkislemonade1987!Yt  Twitter – Myfavoritydrinkislemonade1987!Tr  Facebook – Myfavoritedrinkislemonade1987!Fb

11 Password Hierarchy 1. Banking (These passwords should be their own and not used on sites with lower security) 2. Work and/or Employment Organization (This password should be exclusive to your work logins. Do not use this password elsewhere.) 3. Business (Amazon, iTunes, Netflix, Hulu, Etsy, Apple Pay, Groupon) 4. Email (Used to reset and control all other usernames and passwords. This password should not be used anywhere else.) 5. Social & Entertainment (Facebook, Twitter, Youtube, Internet forums) 1. Banking (These passwords should be their own and not used on sites with lower security) 2. Work and/or Employment Organization (This password should be exclusive to your work logins. Do not use this password elsewhere.) 3. Business (Amazon, iTunes, Netflix, Hulu, Etsy, Apple Pay, Groupon) 4. Email (Used to reset and control all other usernames and passwords. This password should not be used anywhere else.) 5. Social & Entertainment (Facebook, Twitter, Youtube, Internet forums)

12 Secure Password Tips  Dictionary passwords are easy to crack. Do not use them.  Do not write your password down and stick it to your computer, monitor, under your keyboard.  Use a Mnemonic or a sequential pattern to remember your passwords  Dictionary passwords are easy to crack. Do not use them.  Do not write your password down and stick it to your computer, monitor, under your keyboard.  Use a Mnemonic or a sequential pattern to remember your passwords

13 So many passwords, so little time…What’s the solution?  Password managers  Are great to keep track of passwords  Should be encrypted  Uses a master password to keep your other passwords  Should have a cloud backup  Better than writing them in a “password book” (Never a good option)  Password managers  Are great to keep track of passwords  Should be encrypted  Uses a master password to keep your other passwords  Should have a cloud backup  Better than writing them in a “password book” (Never a good option)

14 Managing Passwords/Passphrases  A password manager is a software application that helps a user store and organize passwords.  Password managers usually store passwords encrypted, requiring the user to create a master password;  a single, ideally very strong password which grants the user access to their entire password database.

15 Advantages  Password management tools are really good solutions for reducing the likelihood that passwords will be compromised  No more easily lost scraps of paper!  Online or Cloud-based  Access your data from any computer, 24/7  No downloading software  Many password managers to try and choose what best fits your needs  Password management tools are really good solutions for reducing the likelihood that passwords will be compromised  No more easily lost scraps of paper!  Online or Cloud-based  Access your data from any computer, 24/7  No downloading software  Many password managers to try and choose what best fits your needs

16 Disadvantages  Because any computer or system is vulnerable to attack, relying on a password management tool creates a single point of potential failure.  If you forget the master password, all your other passwords in the database are lost forever, and there is no way of recovering them. Don’t forget the master password!  Because any computer or system is vulnerable to attack, relying on a password management tool creates a single point of potential failure.  If you forget the master password, all your other passwords in the database are lost forever, and there is no way of recovering them. Don’t forget the master password!

17 Most Common “Password Manager”

18 Choosing Password Managers  Users must be extra careful in choosing a provider.  Make sure they're a valid and reputable vendor.  TRIAL!!! Try recommended managers.  Users must be extra careful in choosing a provider.  Make sure they're a valid and reputable vendor.  TRIAL!!! Try recommended managers.

19 Recommended Password Managers  Dashlane (f) – keeps your passwords for you. Will go out and change your passwords on your request. It will autofill passwords on sites for you. https://www.dashlane.comhttps://www.dashlane.com  Keeper (p) – keeps your passwords and digital files for you. Encrypted and offers a cloud backup. https://keepersecurity.com/https://keepersecurity.com/  PasswordBox (f) - keeps your passwords. Offers a digital heir feature if something were to happen to you your information would be obtainable by someone else. https://www.passwordbox.com https://www.passwordbox.com  Last Pass (f/p) – allows you to save, organize, and access your login data. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. www.lastpass.com www.lastpass.com  Dashlane (f) – keeps your passwords for you. Will go out and change your passwords on your request. It will autofill passwords on sites for you. https://www.dashlane.comhttps://www.dashlane.com  Keeper (p) – keeps your passwords and digital files for you. Encrypted and offers a cloud backup. https://keepersecurity.com/https://keepersecurity.com/  PasswordBox (f) - keeps your passwords. Offers a digital heir feature if something were to happen to you your information would be obtainable by someone else. https://www.passwordbox.com https://www.passwordbox.com  Last Pass (f/p) – allows you to save, organize, and access your login data. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you. www.lastpass.com www.lastpass.com

20 Password Generator  A random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.  LAST RESORT if you cannot create a good, strong password.  Are great for those that need a password to use only once or twice.  Similar to password management but they are hard to guess when you don’t have access to your password manager.  Not heavily recommended for the normal computer user  A random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.  LAST RESORT if you cannot create a good, strong password.  Are great for those that need a password to use only once or twice.  Similar to password management but they are hard to guess when you don’t have access to your password manager.  Not heavily recommended for the normal computer user

21 Summary Never write your passwords down. Never insert and save them on an unencrypted Microsoft word document, excel spreadsheet, or any other electronic documents, including Smartphone notepads. Easy to remember Passphrases or sentences are your best bet when creating a strong, secure password. Always use two-factor authentication when it is provided, especially with your financial and personal or smartphone app accounts. Are you considering a password manager and generator? Try them all out and choose which manager best suits your needs. Still unable to create a strong password or passphrase, use a password generator as your last resort. Lastly, when in doubt, contact your UTHSC Information Security Team or your UTHSC Helpdesk ! Never write your passwords down. Never insert and save them on an unencrypted Microsoft word document, excel spreadsheet, or any other electronic documents, including Smartphone notepads. Easy to remember Passphrases or sentences are your best bet when creating a strong, secure password. Always use two-factor authentication when it is provided, especially with your financial and personal or smartphone app accounts. Are you considering a password manager and generator? Try them all out and choose which manager best suits your needs. Still unable to create a strong password or passphrase, use a password generator as your last resort. Lastly, when in doubt, contact your UTHSC Information Security Team or your UTHSC Helpdesk !

22 Fun Fact: Most Used Passwords of 2014 123456 password 12345 12345678 qwerty 123456789 1234 (Up 9) baseball 123456 password 12345 12345678 qwerty 123456789 1234 (Up 9) baseball dragon football 1234567 monkey letmein abc123 111111 mustang access shadow master michael superman 696969 123123 batman trustno1 Condliffe, Jamie. "The 25 Most Popular Passwords of 2014: We're All Doomed." Gizmodo. N.p., 20 Jan. 2015. Web. 20 Apr. 2015.

23 THANKS!!!!

24 UTHSC Information Security Team L. Kevin Watson lwatso20@uthsc.edu (901) 448-7010 Frank Davison fdavison@uthsc.edu (901) 448-1260 Jessica McMorris jmcmorr1@uthsc.edu (901) 448-1579 Ammar aammar@uthsc.edu (901) 448-2163 Information Security Email: itsecurity@uthsc.eduitsecurity@uthsc.edu Website: security.uthsc.edusecurity.uthsc.edu To report phishing and spam email forward it to abuse@uthsc.eduabuse@uthsc.edu UTHSC Help Desk: (901) 448-2222 ext. 1 or helpdesk@uthsc.eduhelpdesk@uthsc.edu

Download ppt "Passwords by The UTHSC Information Security Team."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.

Internet Safety Gleneagles Computer Club February 16, 2015 by Deborah Benson.
Using LastPass CONFIDENTIAL.  Great password management is impossible w/o a great tool  Auto-fill (hands-free login) will save you approximately 1 hour.

Using LastPass CONFIDENTIAL.  Great password management is impossible w/o a great tool  Auto-fill (hands-free login) will save you approximately 1 hour.
Secure Transit & Storage HOW TO SECURELY STORE & SEND CONFIDENTIAL DATA by The UTHSC Information Security Team.

Secure Transit & Storage HOW TO SECURELY STORE & SEND CONFIDENTIAL DATA by The UTHSC Information Security Team.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
By the UTHSC Information Security Team. What is Online Social Media – Social Network? Social media can be best described as websites and applications.

By the UTHSC Information Security Team. What is Online Social Media – Social Network? Social media can be best described as websites and applications.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS.

Passwords and You CREATING AND MAINTAINING SECURE PASSWORDS.
How to Create (and use) Strong & Unique Passwords Larry Magid Co-director ConnectSafely.org.

How to Create (and use) Strong & Unique Passwords Larry Magid Co-director ConnectSafely.org.
Threats to I.T Internet security By Cameron Mundy.

Threats to I.T Internet security By Cameron Mundy.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18, 2013 1.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.

PASSWORD MANAGEMENT MADE EASY A Project Play Date - September 26, 2008 Beth Carpenter, Library Services Manager, Outagamie Waupaca Library System.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Microsoft Windows LEARNING HOW USE AN OPERATING SYSTEM 1.

Microsoft Windows LEARNING HOW USE AN OPERATING SYSTEM 1.
Password Management PA Turnpike Commission

Password Management PA Turnpike Commission
PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.

PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.

Similar presentations

Ads by Google