Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.

Slides:

Advertisements

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Advertisements

©2002 TechRepublic, Inc. All rights reserved. Protecting Your Password Created By: Dana Norton Web Editor, IT Manager Republic.

Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.

13: Unlucky for some? …or how to test your WLAN passwords to make sure that it’s the hacker who is “unlucky” Ian Hughes Wireless Security Consultant

Internet Safety By: Brianna Brown. Index What Is Internet Safety? Passwords Cyber Bullying Safety Tips Quiz.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Today’s Objective: I will create a strong, private password.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.

STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security.

Password Management PA Turnpike Commission

IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.

Staying Safe Online Keep your Information Secure.

CIS 450 – Network Security Chapter 8 – Password Security.

Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.

©2002 TechRepublic, Inc. All rights reserved. Information Security Don’t Be the Weakest Link or “But, I use a password!!”

Computer Security Preventing and Detecting Unauthorized Use of Your Computer.

Password Fundamentals. UMB-Dental School New Password Policy Passwords must be eight characters or longer. Password must contain characters from three.

Microsoft ® Virtual Academy Module 3 Understanding Security Policies Christopher Chapman | Content PM, Microsoft Thomas Willingham | Content Developer,

The memorability and security of passwords – some empirical results By: Jianxin Yan, Alan Blackwell, Ross Anderson, Alasdair Grant Presenter: Roy Ford.

User Management: Passwords cs3353. Passwords Policy: “Choose a password you can’t remember and don’t write it down”

Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.

Session 7 LBSC 690 Information Technology Security.

Common Sense Media Unit 3 – Lesson 1 Category: Privacy & Security.

Password security Dr.Patrick A.H. Bours. 2 Password: Kinds of passwords Password A string of characters: PIN-code A string.

Information/Internet Safety. MBA Candidates at UNM Anderson School of Management This is our homework.

25/10/ Passwords are high value targets 2,000,000 passwords stolen from Facebook, Twitter and Google The Independent, 5 December 2013 Stolen Facebook.

By Moani Revoir.  8 or more characters long.  Longer passwords are harder to hack however, if your password is too long, it is easy to miss spell or.

 Access Control 1 Access Control  Access Control 2 Access Control Two parts to access control Authentication: Are you who you say you are? – Determine.

“L  kout” Initiative Choosing a Strong Password.

1 Choosing the Right Wand (or for those who like boring titles – Managing Account Passwords: Policies and Best Practices) Harvard Townsend IT Security.

Identification and Authentication CS432 - Security in Computing Copyright © 2005,2010 by Scott Orr and the Trustees of Indiana University.

Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst

How Safe are They?. Overview Passwords Cracking Attack Avenues On-line Off-line Counter Measures.

Internet Safety. Phishing, Trojans, Spyware, Trolls, and Flame Wars—oh my! If the idea of these threats lurking around online makes you nervous, then.

User Friendly Passwords Nicole Longworth Michael Shoppell RJ Brown.

2 nd Grade.  ______ make passwords eight or more characters long.

INTERNET SAFETY FOR KIDS

Chapter 1 – Introduction Part 4 1. Message Authentication Codes Allows for Alice and Bob to have data integrity, if they share a secret key. Given a message.

November 19, 2008 CSC 682 Do Strong Web Passwords Accomplish Anything? Florencio, Herley and Coskun Presented by: Ryan Lehan.

By John Williams. Why Secure Passwords Matter Passwords protect everything about you online. Once those passwords are discovered and used by someone else.

Building Structures. Building Relationships. Passwords February 2010 Marshall Tuck.

Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.

Greystash February Program Review. Team Failing Street Kyle DeFrancia – Spring Lead Erik Paulson – Fall Lead Joe Devlin - Webmaster.

Passwords Keep Your Information Secure. Online Lives need Good Locks “A password is like a toothbrush: Choose a good one and don’t share it.”

Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.

Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.

CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.

Username Usage and Password Security. Username Usage.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Understanding Security Policies Lesson 3. Objectives.

Digital Citizenship Unit 2 Lesson 1: Strong Passwords

1. Password Guidelines 2 Weak Passwords Easy to guess Less than 8 characters long Not Complex  mix of upper and lower, numeric and special characters.

Understanding Security Policies

Key words: Secure | Password | Character

Taken from Hazim Almuhimedi presentation modified by Graciela Perera

Password strength Dr. X.

Password Security by Jordan D. v2.0

Choosing a Strong Password

Choosing a Strong Password

Protecting Your Password

Choosing a Strong Password

Understanding Security Policies

Keeping Our Data Secure

Presentation transcript:

Password Security

Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices How to create a secure password

What are passwords? Secret combination of characters that only a user should know. "Passwords are a compromise between security and convenience" Password security used to secure information, and provide that information to authorized users easily.

How are Passwords Compromised? Brute force Attack Dictionary Attack Hybrid Attack Social Engineering

Brute Force Attack Most widely used method of cracking passwords Every combination of every character tried until password is found Password is guaranteed to be found The longer the password, the longer it will take to crack. E.g password that is 2 chars long, is case sensitive,consists of letters and numbers * First char: lower case letters (26) + upper case letters (26) + numbers (10) = 62 *Second char: same as first = 62 * Total permutations 62 * 62 = 3,844

Time to Crack Passwords using Brute Force

Dictionary Attack Uses a list of common values or words "Dictionary" is uploaded to a cracking app Words run against passwords Intended to narrow field of possible password values Succeed if password is single word that is easily predictable. Easy to defeat, (adding single random char in middle)

Hybrid Attack Combines Brute force and Dictionary Attack Checks all words in the dictionary along with it's variations. Noticeably slower than a dictionary attack * Common: Integrates dictionary words with common mutations * Dates: Combines dictionary attack with dates in various formats * Numbers: Mixes dictionary words with various number combinations

Social Engineering Use of social skills to convince people to reveal access credentials or other valuable information People are the easiest way to get information Posing as someone else to gain access to a system Stroking someones ego to get them to reveal information or passwords Use of Authority to get information from someone

Social Engineering Example HptbU Kevin Mitnic social engineering example

What is a safe password? Basic goal of a secure password is one that is easy for YOU to remember but hard for someone else to find out Long complicated passwords are not always the best solution E.g. : random password like Will you really be able to memorize that?

Problems with Complicated Passwords If a password is too complicated and hard to remember, you are likely to: Write it down Need password resets Use complicated password in many places A password is only as secure as the weakest system you use it on.

Easy to remember, easy to guess Your Birthday City you live in/ were born Your boyfriend/ girlfriend Pets names Family members names Any favorite thing (e.g. favorite team) Student ID –Avoid any information, numbers, or words that anyone can associate with you

Easy to remember, hard to guess Birthday of a famous person City your grandpa was born in Any information that means something to you, but not anything that friends, family, would know

Bad Practices DO NOT write down your passwords DO NOT share your password with anyone DO NOT use any personal information DO NOT use word or number patterns (e.g. "aaabbb", "qwerty" "123321", etc. )

Good Practices Minimum length of 8 characters User numeric characters (0-9) Use upper and lower case Use special characters (e.g. ! ? & # * ) Use passphrases

Pass Phrases to Create Passwords 1. Think of a phrase or sentence that's easy for you to remember. – Example: "Making passwords is easy when you follow these 5 steps“ 2. Turn your sentence or phrase into a password. - Take the first letter of each word in your sentence to create a password - Example: "mpiewyft5s"

Pass Phrases Continued.. 3. Make your password complex by using special characters and upper and lowercase. - For instance, substitute "i" with "!", "e" with "3" and "s" with "$" - "mpiewyft5s" becomes "Mp!3wYft53$" 4. Consider testing your password with a password checker, which will rate your password on strength, complexity, length, etc.

Pass Phrases Continued.. 5. Change your passwords at least every 90 days and do not "recycle" passwords; i.e. using old passwords again, or slightly modifying your existing password.

Conclusion Be aware of different attacks, and how they are used to crack passwords Do not fall for social engineering! Basic goal of a secure password is one that is easy for YOU to remember but hard for someone else to find out Use pass phrases to create secure passwords Check the strength of your passwords Change passwords often

Questions?