Download presentation
Presentation is loading. Please wait.
Published byJulianna Fitzgerald Modified over 8 years ago
6
13. 1234567 (Down 6) 14. sunshine (Up 1) 15. master (Down 1) 16. 123123 (Up 4) 17. welcome (New) 18. shadow (Up 1) 19. ashley (Down 3) 20. football (Up 5) 21. jesus (New) 22. michael (Up 2) 23. ninja (New) 24. mustang (New) 25. password1 (New) compiled from files containing millions of stolen passwords posted online by hackers.
9
Copyright Pearson Prentice-Hall 2010 9
10
10 Password Length in Characters Low Complexity: Alphabetic, No Case (N=26) Alphabetic, Case-Sensitive (N=52) Alphanumeric: Letters and Digits (N=62) High Complexity: All Keyboard Characters (N=80) 126526280 26762,7043,8446,400 4456,9767,311,61614,776,33640,960,000 6308,915,77619,770,609,66 4 56,800,235,58 4 2.62144E+11 82.08827E+115.34597E+132.1834E+141.67772E+15 101.41167E+141.44555E+178.39299E+171.07374E+19 Note: On average, an attacker will have to try half of all combinations.
12
Copyright Pearson Prentice-Hall 2010 12
18
ItemMean Number of Sites105.7 Number of Unique IDs6.6 Number of Unique passwords4.7 Number of Unique log-in credentials11.8 ID re-use ratio19.1 Password re-use ratio29.2 Log-in credentials re-use10.5 % of used unique log-in credentials45.6%
19
Reuse ratio = 2.9, hmm I wonder how accurate this is?
21
ItemMean Inclusiveness0.94Use the same log-in credentials Largest component0.54 2 nd largest component0.180.72 (cumulative) 3 rd largest component0.090.81 (cumulative) Vulnerability Index0.38 3 most frequently used log-in combinations use in 81% of sites vs. 11.8 unique log-in credentials VI = expected proportion of sites subject to potential breaches if a breach at one site occurs Larger values of VI indicate higher levels of vulnerability
25
Fixes: Binding Mechanisms Allow a new site/app to remind in the future to update my credentials Secure Defaults I say use a password manger User Friendliness Make credentials easier for humans Face recognition vs character string memorization Incentives Discount for using strong passwords Costs for not – Why are CC companies responsible for your lack of a strong password?
26
Use Password Manager 1Password Roboform Password Based Key Derivation Function Version 2 (PBKDFV2) Systems using PBKDFV2 Copyright Pearson Prentice-Hall 2010 26
27
Copyright Pearson Prentice-Hall 2009 27
28
Copyright Pearson Prentice-Hall 2010 28
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.