Presentation is loading. Please wait.

Presentation is loading. Please wait.

13. 1234567 (Down 6) 14. sunshine (Up 1) 15. master (Down 1) 16. 123123 (Up 4) 17. welcome (New) 18. shadow (Up 1) 19. ashley (Down 3) 20. football.

Published byJulianna Fitzgerald Modified over 8 years ago

Similar presentations

Presentation on theme: "13. 1234567 (Down 6) 14. sunshine (Up 1) 15. master (Down 1) 16. 123123 (Up 4) 17. welcome (New) 18. shadow (Up 1) 19. ashley (Down 3) 20. football."— Presentation transcript:

1

2

3

4

5

6 13. 1234567 (Down 6) 14. sunshine (Up 1) 15. master (Down 1) 16. 123123 (Up 4) 17. welcome (New) 18. shadow (Up 1) 19. ashley (Down 3) 20. football (Up 5) 21. jesus (New) 22. michael (Up 2) 23. ninja (New) 24. mustang (New) 25. password1 (New) compiled from files containing millions of stolen passwords posted online by hackers.

7

8

9 Copyright Pearson Prentice-Hall 2010 9

10 10 Password Length in Characters Low Complexity: Alphabetic, No Case (N=26) Alphabetic, Case-Sensitive (N=52) Alphanumeric: Letters and Digits (N=62) High Complexity: All Keyboard Characters (N=80) 126526280 26762,7043,8446,400 4456,9767,311,61614,776,33640,960,000 6308,915,77619,770,609,66 4 56,800,235,58 4 2.62144E+11 82.08827E+115.34597E+132.1834E+141.67772E+15 101.41167E+141.44555E+178.39299E+171.07374E+19 Note: On average, an attacker will have to try half of all combinations.

11

12 Copyright Pearson Prentice-Hall 2010 12

13

14

15

16

17

18 ItemMean Number of Sites105.7 Number of Unique IDs6.6 Number of Unique passwords4.7 Number of Unique log-in credentials11.8 ID re-use ratio19.1 Password re-use ratio29.2 Log-in credentials re-use10.5 % of used unique log-in credentials45.6%

19 Reuse ratio = 2.9, hmm I wonder how accurate this is?

20

21 ItemMean Inclusiveness0.94Use the same log-in credentials Largest component0.54 2 nd largest component0.180.72 (cumulative) 3 rd largest component0.090.81 (cumulative) Vulnerability Index0.38 3 most frequently used log-in combinations use in 81% of sites vs. 11.8 unique log-in credentials VI = expected proportion of sites subject to potential breaches if a breach at one site occurs Larger values of VI indicate higher levels of vulnerability

22

23

24

25 Fixes: Binding Mechanisms Allow a new site/app to remind in the future to update my credentials Secure Defaults I say use a password manger User Friendliness Make credentials easier for humans Face recognition vs character string memorization Incentives Discount for using strong passwords Costs for not – Why are CC companies responsible for your lack of a strong password?

26 Use Password Manager 1Password Roboform Password Based Key Derivation Function Version 2 (PBKDFV2) Systems using PBKDFV2 Copyright Pearson Prentice-Hall 2010 26

27 Copyright Pearson Prentice-Hall 2009 27

28 Copyright Pearson Prentice-Hall 2010 28

29

30

31

32

33

34

35

36

37

Download ppt "13. 1234567 (Down 6) 14. sunshine (Up 1) 15. master (Down 1) 16. 123123 (Up 4) 17. welcome (New) 18. shadow (Up 1) 19. ashley (Down 3) 20. football."

Similar presentations

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.

Windows XP Tutorial Securing Windows. Introduction This presentation will guide you through basic security principles for Windows XP.
Authentication and Constructing Strong Passwords.

Authentication and Constructing Strong Passwords.
Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON

Data Security Concerns at Work and at Home STEVE MITZEL IT DIRECTOR ASHLAND SCHOOL DISTRICT #5 – ASHLAND OREGON
College of Information Technology & Design

College of Information Technology & Design
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.

Matt Weir, Sudhir Aggarwal, Michael Collins, Henry Stern Presented by Erik Archambault.
Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.

Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, 2008 See: ISS e G Computer Security: Advice for computer.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Technical Study Group April 2011. Agenda  Risks to websites and PC files  Components of password management policy  Password management systems  Password.

Technical Study Group April Agenda  Risks to websites and PC files  Components of password management policy  Password management systems  Password.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Click here for getting your Student User Id & password.

Click here for getting your Student User Id & password.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
11-01: Get Started with SCP Supply Chain Platform Training Presentation Updated April 2009.

11-01: Get Started with SCP Supply Chain Platform Training Presentation Updated April 2009.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Password Management PA Turnpike Commission

Password Management PA Turnpike Commission
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

Similar presentations

Ads by Google