Password Security by Jordan D. v2.0 Reference: http://pixack.com/px54/wp-content/uploads/2014/07/safe-password.png
Table of Contents Section 1.0 - Password History (Slides 3-4) Section 2.0 - Common Mistakes Involving Passwords (Slides 5-8) Section 3.0 - How Hackers Steal Passwords (Slides 9-11) Section 4.0 - Tips for Creating Secure Passwords (Slides 12-15) Section 5.0 - Managing Your Passwords (Slides 16-21 Section 6.0 - Final Thoughts (Slide 22) Summary - (Slide 23) References - Graphics (Slide 24), Info (Slide 25)
Section 1.0 Password History From knights entering castles, to an accountant checking balances, passwords have been used as a form of security for valuable data since the dawn of time. During that time, a lot of improvements have been made due to the rapid growth of our technology. References: http://en.wikipedia.org/wiki/Password ; http://school.discoveryeducation.com/clipart/images/history.gif
Section 1.1 Password History Today, passwords are used on nearly every device we own. We must take the security of our devices extremely seriously to not fall victim to a hacker's evil deeds. Reference: http://home.comcast.net/~matt.l.king//pwpimages/.__480_480_American%20History%20Icon%20512.jpg
Section 2.0 Common mistakes involving passwords There are many common mistakes that people make when creating and using passwords. These mistakes include but are not limited to: using your favorite hobby as a password, using a repeatable or otherwise recognizable pattern as a password, and using the same password for multiple accounts. References: http://www.gcflearnfree.org/internetsafety/2 ; http://www.findababysitter.org/wp-content/uploads/2011/11/mistakes.jpg
Section 2.1 Common mistakes involving passwords One of the biggest mistakes people make when creating passwords is using the same password for many or all of their accounts. Using the same password on multiple accounts and devices increases your risk of being hacked exponentially. Any time you create a new account make sure to use a password that is both memorable, and unique to that account. By doing just this one thing, you will have peace of mind and a secure account.
Section 2.2 Common mistakes involving passwords When using a favorite hobby as a password, anyone that knows what your hobby is could easily hack into your account and steal your data. If you must use your hobby as a password, incorporate it in some way so that it is not easy to guess. For example, using the password “SkiingIsAwesome” is not as secure as “Sk11nG15Awes0mE!.” Reference: http://www.gcflearnfree.org/internetsafety/2
Section 2.3 Common mistakes involving passwords Do not ever use a repeatable pattern in you passwords! By using a repeatable pattern, it is extremely easy for a hacker to guess your password. For example, it would take approximately 7 hours for a hacker to crack the password "123abc321" versus the password "Ab4tE41#13@5*!" which would take approximately 2 billion years for a hacker to crack. References: http://www.gcflearnfree.org/internetsafety/2 ; http://m.c.lnkd.licdn.com/mpr/mpr/p/4/005/07b/308/3debdd6.jpg ; https://howsecureismypassword.net/
How hackers steal passwords Section 3.0 How hackers steal passwords Password cracking involves recovering passwords from stored or transmitted data and using it to gain unauthorized access to a device. The time needed to crack these passwords is related to the password's bit strength. There are two determining factors when finding a password's strength: the average number of guesses by the hacker and how difficult it is for the hacker to check each guessed password. References: http://en.wikipedia.org/wiki/Password_cracking ; http://en.wikipedia.org/wiki/Password_strength ; http://trentscovell.files.wordpress.com/2011/11/hacking-password1.jpg
Section 3.1 How hackers steal passwords Password entropy is a general measure of how unpredictable and unique a password truly is. Password entropy is determined by the characters used in the password and is measured in bits. A known password, for example, has zero bits of entropy. Calculating the entropy of a password involves using the log base 2 of the used character set multiplied by the number of characters. Reference: http://whatis.techtarget.com/definition/password-entropy
How hackers steal passwords Section 3.2 How hackers steal passwords Password hackers have a number of tools at their disposal when it comes to cracking passwords. A very common method, known as a brute-force attack, is the simplest way for a hacker to crack a password. A brute-force attack involves repeatedly guessing different combinations of characters until a password is found. The brute-force attack method can be utilized by software. References: http://en.wikipedia.org/wiki/Brute-force_attack ; http://www.shoutmeloud.com/how-do-hackers-hack-your-passwords.html Hackers also use keyloggers and trojan horses to steal passwords from victims' computers.
Tips for creating secure passwords Section 4.0 Tips for creating secure passwords There are many ways to secure your passwords when online. Using these tips will ensure that your passwords are safe and secure. NEVER give your password to ANYONE! Giving your password to someone will increase your risk of being hacked. DO NOT use just a single password! Using the same password on multiple accounts makes it easier for hackers to gain access to your other accounts. Reference: http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/
Tips for creating secure passwords Section 4.1 Tips for creating secure passwords Create passwords that are easy to remember and hard for others to guess. Use a phrase like "I got my first car on the 25th of December" and use the initials to create a password like this "Igmfcot25D." If possible, add some unique characters to make it even more distinct. Make your passwords a minimum of 8 characters long. While a longer password may be difficult to remember, it also makes it a lot more difficult to crack. Reference: http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/
Tips for creating secure passwords Section 4.2 Tips for creating secure passwords Include a mix of uppercase and lowercase letters, numbers, and symbols in all of your passwords. Using an @ instead of an A or a 3 instead of an E will make your password stand out and therefore make it more secure. DO NOT use dictionary words! If at all possible do not use a plain word from the dictionary as a password. Customize it in some way shape or form otherwise it will be extremely easy for a hacker to crack. Reference: http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/
Tips for creating secure passwords Section 4.3 Tips for creating secure passwords DO NOT leave your password out in the open. People tend to write their passwords down and leave them in public. This is a bad idea for obvious reasons. Be extremely cautious when visiting websites. Always look at the link before you click it to verify its authenticity. Keep your device safe. No matter how secure your password is, it won't do you any good if someone right next to you is watching. Always be vigilant about those around you. Use a password for all of your devices, especially your phone. Reference: http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/
Managing your passwords Section 5.0 Managing your passwords We are required to remember a lot of passwords! Passwords managers make it easy to gain instant, secure access to all of your passwords with a single master password. Password managers work by giving you access to a database file that contains all of your passwords. You can access this file through the use of an encrypted "master" password. References: http://en.wikipedia.org/wiki/Password_manager ; http://www.cnmeonline.com/wp-content/uploads/2012/12/Cloud-Management-Icon-635.jpg
Section 5.1 Managing your passwords Whether you decide to use a password manager or not is completely up to you. If you find that you have trouble remembering passwords however, then you should consider using one. Just like anything else on the Internet, there are pros and cons to using a password manager. Reference: http://security.stackexchange.com/questions/3458/password-manager-vs-remembering-passwords
Managing your passwords Section 5.2 Managing your passwords Pros: Convenience - using a password manager means only having to remember a single password Secure - All of your passwords are protected by an encrypted master password Usability - password managers can usually be accessed from anywhere at anytime Cons: A single, common point of failure - if someone gains access to your master password they could potentially gain access to all of your accounts The cloud - while the cloud makes it easy to have instant access to all of your passwords at any given time, the cloud software is not necessarily one-hundred percent secure References: http://security.stackexchange.com/questions/3458/password-manager-vs-remembering-passwords ; http://thumbs.gograph.com/gg61049272.jpg
Managing your passwords Section 5.3 Managing your passwords There are many different kinds of password managers ranging from free, open- source software, to subscription based or paid versions. Each one offers different features and have different capabilities. No matter which password manager is in use, they all have great security options. Regardless of which type you choose, a password manager makes it extremely easy to access all your passwords in one place at any time. References: http://en.wikipedia.org/wiki/Password_manager ; http://en.wikipedia.org/wiki/Advanced_Encryption_Standard ; http://en.wikipedia.org/wiki/Twofish ; http:// keepass.info/
Managing your passwords Section 5.4 Managing your passwords LastPass is an extremely popular and free password managing software. LastPass offers two different versions to choose from: a free ad- supported version with some limited features, and a premium ad-free version with full-access to all features. LastPass also offers services on mobile devices. References: https://lastpass.com/ ; Sean Sheehan
Section 5.5 Managing your passwords KeePass is a free, open-source password manager that is very lightweight and secure. It uses the AES (Advanced Encryption Standard) and Twofish (symmetric key block cipher) encryption algortihms to keep its databases secure. References: http://keepass.info/ ; http://www.techulator.com/attachments/Resources/11133-21126-KeePass-logo.jpg ; Sean Sheehan
Section 6.0 Final thoughts Password security is a very serious problem and people need to be aware of the risks involved with creating an online account. In order to maintain a secure life both in person and on the Internet, one must never share any personal or sensitive data with anyone regardless of who that person may be. Creating a secure password is a great first step in having a secure digital life. Living a secure life online is critical to living a secure life in the real world. Reference: http://www.techmynd.com/wp-content/uploads/2010/03/hacker-9.jpg
Summary 1.0 Password History - Basic overview of the history behind passwords 2.0 Common mistakes involving passwords - Common mistakes that are made when creating and using passwords 3.0 How hackers steal passwords - What hackers use to steal passwords 4.0 Tips for creating secure passwords - Top tips for creating strong and secure passwords 5.0 Managing your passwords - An overview of password managers and recommended software 6.0 Final thoughts - Final thoughts on the topic of password security References: http://www.clipartbest.com/cliparts/eiM/zjX/eiMzjX9in.jpeg ; http://blogs.msdn.com/blogfiles/willy-peter_schaub/windowslivewriter/sdlcsoftwaredevelopmentlifecycleflashbac_a707/clipart_of_10883_sm_2.jpg
References and citations Pictures/graphics - Cover, 1.0 - 6.0, and Summary Cover - http://pixack.com/px54/wp-content/uploads/2014/07/safe-password.png 1.0 - http://school.discoveryeducation.com/clipart/images/history.gif 1.1 - http://home.comcast.net/~matt.l.king//pwpimages/.__480_480_American%20History%20Icon%20512.jpg 2.0 - http://www.findababysitter.org/wp-content/uploads/2011/11/mistakes.jpg 2.3 - http://m.c.lnkd.licdn.com/mpr/mpr/p/4/005/07b/308/3debdd6.jpg 3.0 - http://trentscovell.files.wordpress.com/2011/11/hacking-password1.jpg 4.0 - http://thumbs.dreamstime.com/x/secure-badge-web-print-8820862.jpg 5.0 - http://www.cnmeonline.com/wp-content/uploads/2012/12/Cloud-Management-Icon-635.jpg 5.2 - http://thumbs.gograph.com/gg61049272.jpg 5.4 - http://pureinfotech.com/wp-content/uploads/2011/02/LastPass-Logo.png 5.5 - http://www.techulator.com/attachments/Resources/11133-21126-KeePass-logo.jpg 6.0 - http://www.techmynd.com/wp-content/uploads/2010/03/hacker-9.jpg Summary - http://blogs.msdn.com/blogfiles/willy- peter_schaub/windowslivewriter/sdlcsoftwaredevelopmentlifecycleflashbac_a707/clipart_of_10883_sm_2.jpg ; http://www.clipartbest.com/cliparts/eiM/zjX/eiMzjX9in.jpeg
References and citations Websites/info - Section 1.0 -6.0 1.0 - http://en.wikipedia.org/wiki/Password 1.2, 2.3 - http://www.gcflearnfree.org/internetsafety/2 2.2 - http://www.gcflearnfree.org/internetsafety/2 ; https://howsecureismypassword.net/ 3.0 - http://en.wikipedia.org/wiki/Password_cracking ; http://en.wikipedia.org/wiki/Password_strength 3.2 - http://whatis.techtarget.com/definition/password-entropy 4.0, 4.1, 4.2, 4.3 - http://www.connectsafely.org/tips-to-create-and-manage-strong-passwords/ 5.0, 5.3 - http://en.wikipedia.org/wiki/Password_manager 5.1, 5.2 - http://security.stackexchange.com/questions/3458/password-manager-vs-remembering-passwords 5.3 - http://en.wikipedia.org/wiki/Advanced_Encryption_Standard ; http://en.wikipedia.org/wiki/Twofish 5.3, 5.4 - https://lastpass.com/ ; Sean Sheehan 11/20/14 5.3,5.5 - http:// keepass.info/ ; Sean Sheehan 11/20/14