Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect.

Slides:



Advertisements
Similar presentations
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Advertisements

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.
Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.
Cryptography and Network Security Chapter 20 Intruders
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
CIS 450 – Network Security Chapter 8 – Password Security.
Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology January 17,
Lecture 11: Strong Passwords
The memorability and security of passwords – some empirical results By: Jianxin Yan, Alan Blackwell, Ross Anderson, Alasdair Grant Presenter: Roy Ford.
Password security Dr.Patrick A.H. Bours. 2 Password: Kinds of passwords Password A string of characters: PIN-code A string.
Cpr E 308 Spring 2004 Security Unix Passwords Security across a network Cryptography – encryption and decryption.
Identification and Authentication CS432 - Security in Computing Copyright © 2005,2010 by Scott Orr and the Trustees of Indiana University.
Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
INTERNET SAFETY FOR KIDS
Jawaharlal Nehru National College of Engineering, Shimoga – Department of Computer Science & Engineering Technical Seminar on, Under the guidance.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
FERPA & Data Security:FERPA & Data Security: Passwords and Authenticators.
Encryption Power Crunch Tyler Morgan. Encryption & Cryptography What it is, methods, and brief description of cryptography.
Understanding Security Policies Lesson 3. Objectives.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
PASSWORD SECURITY A Melbourne Athenaeum Library
LastPass Password Management
Understanding Security Policies
COMP9321 Web Application Engineering Semester 2, 2017
Web Applications Security Cryptography 1
Password strength Dr. X.
Authentication Schemes for Session Passwords using Color and Images
Ways to protect yourself against hackers
Cryptographic Hash Function
Authentication CSE 465 – Information Assurance Fall 2017 Adam Doupé
Password Cracking Lesson 10.
Password Security by Jordan D. v2.0
CS 465 PasswordS Last Updated: Nov 7, 2017.
ICS 454 Principles of Cryptography
12: Security The Security Problem Authentication Program Threats
PHP: Security issues FdSc Module 109 Server side scripting and
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
CLIENT/SERVER COMPUTING ENVIRONMENT
ICS 454 Principles of Cryptography
Authentication CSE 365 – Information Assurance Fall 2018 Adam Doupé
Exercise: Hashing, Password security, And File Integrity
Operating System Concepts
Intrusion.
Operating System Concepts
Computer Security Protection in general purpose Operating Systems
COEN 351 Authentication.
Authentication CSE 365 – Information Assurance Fall 2019 Adam Doupé
Presentation transcript:

Effective Password Management Neil Kownacki

Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect against unauthorized access and privilege escalation (ex. Super user privilege on UNIX)

Password based attacks Social engineering – simple, can involve making a single phone call and minimal technological skill Continual s reminding that IT services will never ask for your password Brute forcing – guessing large numbers of password combinations, very slow

Password based attacks (continued) Dictionary attacks – uses a dictionary of words to guess People generally use words as passwords so they are easier to remember Learned to substitute 3 for E, 0 for O, etc. Rainbow tables – used to reverse cryptographic hashing functions

Strong vs. Weak Passwords Long, randomly generated passwords containing varying capitalization, numbers, and symbols if permitted Should be changed frequently Technique involves making a “pass- phrase”

Remembering Passwords Human brain is conditioned to work well with repetitive “chunks” – random sequences are difficult to remember 2000 study: most users with a randomly generated password kept it written down

Keeping Track of Passwords “Remember password” function on browsers is dangerous Keeping written records is also unsecure

Keeping Track of Passwords KeePass: free, open source, stores passwords in a database locked with a master key. Encrypted (AES). Robopass Lastpass SplashID 1Password

Alternatives to the current system PassFaces

Alternatives to the current system Pair based authentication

Alternatives to the current system These alternatives render dictionary attacks and brute force attacks useless Are vulnerable to shoulder surfing Must be implemented server side

Sources Anderson, R., Blackwell, A., Grant, A., Yan, J. (2000, September). The Memorability and Security of Passwords: Some Empirical Results. Retrieved from Capek, J., Hub, M. (2011). Security Evaluation of Passwords Used on Internet. Journal Of Algorithms & Computational Technology, 5(3), Komando, K. 5 Tips for Top-Notch Password Security. Retrieved from notch-password-security.aspx?fbid=8dPSEFEz49c Lemos, R. (2002). Passwords: the Weakest Link? Retrieved from Morris, R., Thompson, K. (1979). Password Security: A Case History. Retrieved from SREELATHA, M. M., SHASHI, M. M., ANIRUDH, M. M., SULTAN AHAMER, M. D., & KUMAR, V. (2011). Authentication Schemes for Session Passwords using Color and Images. International Journal Of Multimedia & Its Applications, 3(3), doi: /ijnsa

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.