Password Security How secure are your passwords ? Why do we need passwords or do we need them ? Should they be simple or complex ? When should we assign.

Slides:

Advertisements

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Advertisements

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Helping our customers keep their computers safe.  Using your pet’s, business, family, friend’s names  Using number or letter sequences (0123, abcd)

Thank you to IT Training at Indiana University Computer Malware.

UNIT 6 DIGITAL LITERACY STUDY S3 OBJ 1 VIRUSES & DESTRUCTIVE PROGRAMS.

Password Security An overview. We need your help The IT department uses the latest technology and techniques to maintain the highest level of security.

A Software Keylogger Attack By Daniel Shapiro. Social Engineering Users follow “spoofed” s to counterfeit sites Users “give up” personal financial.

TAX-AIDE Computer Security Chris Hughes Chairman NTC 1 NLT Meeting Aug 2014.

TAX-AIDE Computer Security Chris Hughes (HMR mod) Chairman NTC 1 NLT Meeting Aug 2014.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.

7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

STRONG PASSWORDS Common Sense Unit 2-Lesson 1 (Cross-Curricular Categories) Privacy and Security.

Threats to I.T Internet security By Cameron Mundy.

Protect Your Computer from Viruses and Other Threats! 1. Use antivirus software. 2. Run Windows updates. 3. Use a strong password. 4. Only install reputable.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.

Safe computing and Malware Presentation done by Tylor Hardwick, Alex Gilsdorf, Code Forrester, Xander Winans.

Internet Safety By Stephanie Jarrard. What is the Internet?  “Internet” is a shortened name for “Interconnected networks”  The internet is a global.

Password Management PA Turnpike Commission

Using SWHS: The AUP [Acceptable Use Policy]

ESCCO Data Security Training David Dixon September 2014.

Staying Safe Online Keep your Information Secure.

Managing User Accounts, Passwords and Logon Chapter 5 powered by dj.

IT Security Essentials Lesley A. Bidwell, IT Security Administrator.

Keyloggers At Work Jason Clark. History Believed to have been first used by the government Believed that they were used in the early 1990’s Software key.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Thomas Jenkins.

Computer Security Preventing and Detecting Unauthorized Use of Your Computer.

Online Security By:. The Internet = A World of Opportunities Look what’s at your fingertips A way to communicate with friends, family, colleagues Access.

Information Security Awareness Training. Why Information Security? Information is a valuable asset for all kinds of business More and more information.

INTERNET SAFETY RULES. TECHNOLOGY Technology has become an important part of today’s classroom as well as the world. Students need to be able to use and.

P ROTECTING D ATA Threats to your privacy and the integrity of your computer’s data come from a number of sources. Understanding how to protect yourself.

Digital Citizenship Project. Netiquette Do’s -Read before you post messages. -Try to keep your postings brief and easy to read. -Be kind when others make.

G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.

Internet Safety. Phishing, Trojans, Spyware, Trolls, and Flame Wars—oh my! If the idea of these threats lurking around online makes you nervous, then.

INTERNET SAFETY FOR KIDS

Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

Digital Citizenship By Lisa Brackett ED 505. Netiquette on Social Media Sites What is it? “Netiquette is the etiquette guidelines that govern behavior.

Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.

Phishing Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money)

Blogs How to use the bog safely and secure? Create new username. Create a strong password to your account. Create the password to your uploaded files.

OCTOBER IS CYBER SECURITY AWARENESS MONTH. October is Cyber Security Awareness Month  Our Cyber Security Awareness Campaign focuses on topics such as.

ONLINE SECURITY Tips 1 Online Security Online Security Tips.

Smart, Safe, and Secure Online Spam commercial messages that you didn’t ask for (a company trying to sell things by sending out thousands of messages at.

Copyright © 2008 AusCERT 1 Practical Computer Security See the notes section throughout the slide presentation for additional information.

Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.

Phillip Schneider Information Services Librarian Gail Borden Public Library District Cybersecurity: Keeping Your Computers & Devices Safe.

Understanding Security Policies Lesson 3. Objectives.

Digital Citizenship Unit 2 Lesson 1: Strong Passwords

Technological Awareness for Teens and Young Adults.

Computer Security  Computer Security:  Password Strength  Windows Screen Saver  Deleting browser cache  Deleting browser cookies  Securing MS Office.

Hoover Middle School Cyber Safety Discussion

Understanding Security Policies

DATA SECURITY FOR MEDICAL RESEARCH

Malware and Computer Maintenance

Section II Terms Emily Stepp.

By BIJAY ACHARYA Twitter.com/acharya_bijay

Ways to protect yourself against hackers

Information Systems Desktop Support

Lesson 3 Safe Computing.

Understanding Browsers

Lesson 2: Epic Security Considerations

Lesson 2: Epic Security Considerations

Lesson 2: Epic Security Considerations

Chromebook Carts Kamiak High School.

Keeping your passwords safe

Presentation transcript:

Password Security How secure are your passwords ? Why do we need passwords or do we need them ? Should they be simple or complex ? When should we assign passwords ? How can we create effective passwords ? Should we use password generators ? Do we need to change passwords, how often ?

What is a weak password? A weak password: Contains fewer than six characters Is a word found in a dictionary (English or foreign) Is a common usage word such as: Passwords containing the user ID in any form Names of family, pets, friends, or co-workers Birthdays and personal information, such as addresses and phone numbers Any of the above spelled backward Any of the above preceded or followed by a digit (secret1, 1secret) or the same letter (ssecret, secrett)

What is a strong password? A strong password: Contains digits, symbols, and uppercase and lowercase characters. For example: a-z, A-Z, 0-9, Is at least eight characters long Isn’t a word in any language, slang, or dialect Isn’t based on personal information, names of family, etc.

Examples Note: Do not use these as your password; they’re just examples! Good one-time use password (> 16 char) Example: a file-level protected Excel 2003 workbook “ ThisIsMy1timePasswordx2791” A concatenated sentence plus extension [Shift]1 [Shift]2 [Shift]3 Good normal use password (> 8 char) Example: application login password #win8hir05 [Shift]3 Use a pattern that you can remember without writing it down

Loss of Information The time to crack/hack passwords with respect to the password length and its complexity. The search speed supposedly equals 100,000 passwords per second (a very decent speed). Password length /charset 26 (no case, letters only) 36 (no case, letters & digits) 52 (case sensitive) 96 (all printable) 4001 min13 min 5010 min1 hr22 hr 650 minutes6 hrs2.2 days3 months 722 hrs9 days4 months23 yrs 824 days10.5 months17 yrs2,287 yrs 921 months32.6 yrs881 yrs219,000 yrs 1045 yrs1,159 yrs45,838 yrs21 million yrs

Password do’s and don’ts Keep your user ID and password to yourself Use antivirus software (both at home and at work) Screen-lock or log off your computer desktop when you are away from the computer Report security incidents immediately DO: DON’T: Reveal your password to anyone over the phone, , or IM Share your password with your boss, family members, or a co- worker while you’re on vacation Reveal a password on questionnaires or security forms Use the “Remember Password" feature of applications in any public computer (conference room, airport, Internet café, etc).

The password policy Policy locationHighlights Minimum password length is 8 characters Complexity is strongly recommended All user passwords ( , login, etc.) must be changed at least every 90 days– no exceptions! A password can’t be reused for at least two years After 10 consecutive login failures, the account must be locked for a minimum of 30 minutes and the Account Administrator for the system must be notified Support staff must be able to verify the identity of the requestor before resetting the password Temporary passwords must be changed at the next login

How Passwords Stolen Keylogger or Keystroke Logger A keylogger, sometimes called a keystroke logger, key logger, or system monitor, is a hardware device or small program that monitors each keystroke a user types on a specific computer's keyboard. As a hardware device, a keylogger is a small battery-sized plug that serves as a connector between the user's keyboard and computer. information the device has gathered.

How Passwords Stolen Keylogger or Keystroke Logger (cont’d) Because the device resembles an ordinary keyboard plug, it is relatively easy for someone who wants to monitor a user's behavior to physically hide such a device "in plain sight." (It also helps that most workstation keyboards plug into the back of the computer.) As the user types, the device collects each keystroke and saves it as text in its own miniature hard drive. At a later point in time, the person who installed the keylogger must return and physically remove the device in order to access the information the device has gathered.hard drive

How Passwords Stolen Keylogger or Keystroke Logger (cont’d) A keylogger program does not require physical access to the user's computer. It can be downloaded on purpose by someone who wants to monitor activity on a particular computer or it can be downloaded unwittingly as spyware and executed as part of a rootkit or remote administration (RAT)Trojan horse. A keylogger program typically consists of two files that get installed in the same directory: a dynamic link library (DLL) file (which does all the recording) and an executable file (.EXE) that installs the DLL file and triggers it to work.spywarerootkitTrojan horseDLLexecutable

How Passwords Stolen Keylogger or Keystroke Logger (cont’d) The keylogger program records each keystroke the user types and uploads the information over the Internet periodically to whoever installed the program. Although keylogger programs are promoted for benign purposes like allowing parents to monitor their children's whereabouts on the Internet, most privacy advocates agree that the potential for abuse is so great that legislation should be enacted to clearly make the unauthorized use of keyloggers a criminal offense.

How Passwords Stolen Keylogger or Keystroke Logger (continued) Prevention Make sure anytime you are using a public computer make sure there are new devices between the computer and the keyboard. There are detection programs for software keyloggers that are often installed as a part of some Malware or Rootkit. These are dangerous and the hardest to detect.

How Passwords Stolen Browser Stored Passwords All of the Internet Browsers currently being used on most computers today have the facilities to store USER NAMES and PASSWORDS. This is one way that passwords are often stolen from Public Computers if we are careless about answering the typical question, “Do You Want to Save your password?” Make sure anytime you are using a public computer that there are known plugs or attachments between the computer and the keyboard.

How Passwords Stolen Browser Stored Passwords (con’t) Because we frequently save them on our Home Computers this is a very easy mistake to make. If you do depending on which browser you are using they can be removed. Running your browser from a flash drive is a good idea when traveling or using a public computer. detect.

Password Resources The Internet has many resources to help create good protective passwords and tools to check your existing ones for their strength or weakness. Microsoft Microsoft On-line Safety is a very useful site with many recommendations on passwords and tools. Symantec Symantec The Simplest Security: A Guide To Better Password Practices TechRepublicTechRepublic is a good place for additional information.

Password Generators There are both programs you can install locally or on-line Internet Tools that can be used to generate or check passwords. IObit Password GeneratorIObit Password Generator and Infinite Password Generator are two locally installed program that can be used to generate and maintain passwords.Infinite Password Generator Links below are two online Password Generator websites Online Password Aranis