Presentation is loading. Please wait.

Presentation is loading. Please wait.

Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect.

Published byCharleen Stephens Modified over 7 years ago

Similar presentations

Presentation on theme: "Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect."— Presentation transcript:

1 Effective Password Management Neil Kownacki

2 Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect against unauthorized access and privilege escalation (ex. Super user privilege on UNIX)

3 Password based attacks Social engineering – simple, can involve making a single phone call and minimal technological skill Continual emails reminding that IT services will never ask for your password Brute forcing – guessing large numbers of password combinations, very slow

4 Password based attacks (continued) Dictionary attacks – uses a dictionary of words to guess People generally use words as passwords so they are easier to remember Learned to substitute 3 for E, 0 for O, etc. Rainbow tables – used to reverse cryptographic hashing functions

5 Strong vs. Weak Passwords Long, randomly generated passwords containing varying capitalization, numbers, and symbols if permitted Should be changed frequently Technique involves making a “pass- phrase”

6

7 Remembering Passwords Human brain is conditioned to work well with repetitive “chunks” – random sequences are difficult to remember 2000 study: most users with a randomly generated password kept it written down

8 Keeping Track of Passwords “Remember password” function on browsers is dangerous Keeping written records is also unsecure

9 Keeping Track of Passwords KeePass: free, open source, stores passwords in a database locked with a master key. Encrypted (AES). Robopass Lastpass SplashID 1Password

10 Alternatives to the current system PassFaces

11 Alternatives to the current system Pair based authentication

12 Alternatives to the current system These alternatives render dictionary attacks and brute force attacks useless Are vulnerable to shoulder surfing Must be implemented server side

13 Sources Anderson, R., Blackwell, A., Grant, A., Yan, J. (2000, September). The Memorability and Security of Passwords: Some Empirical Results. Retrieved from http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-500.pdf Capek, J., Hub, M. (2011). Security Evaluation of Passwords Used on Internet. Journal Of Algorithms & Computational Technology, 5(3), 437-450. Komando, K. 5 Tips for Top-Notch Password Security. Retrieved from http://www.microsoft.com/business/en-us/resources/technology/security/5-tips-for-top- notch-password-security.aspx?fbid=8dPSEFEz49c Lemos, R. (2002). Passwords: the Weakest Link? Retrieved from http://news.cnet.com/2009-1001-916719.html Morris, R., Thompson, K. (1979). Password Security: A Case History. Retrieved from Https://info.aiaa.org. SREELATHA, M. M., SHASHI, M. M., ANIRUDH, M. M., SULTAN AHAMER, M. D., & KUMAR, V. (2011). Authentication Schemes for Session Passwords using Color and Images. International Journal Of Multimedia & Its Applications, 3(3), 111-119. doi:10.5121/ijnsa.2011.3308

Download ppt "Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect."

Similar presentations

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.

Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.
Www.durham.ac.uk/cmp Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.

Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.
Cryptography and Network Security Chapter 20 Intruders

Cryptography and Network Security Chapter 20 Intruders
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.

Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.

RADIUS Server PAP & CHAP Protocols. Computer Security  In computer security, AAA protocol commonly stands for authentication, authorization and accounting.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18, 2013 1.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.
Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.

Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology January 17, 2013 1.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology January 17,

Similar presentations

Ads by Google