Passwords by The UTHSC Information Security Team

Before we begin… Google Yourself!

Think Like a Hacker Ask Yourself… What information would a hacker need to get into any of your financial, professional, and/or personal online accounts? Ask Yourself… What information would a hacker need to get into any of your financial, professional, and/or personal online accounts?

Banking and Business services Banking and Business services How many passwords do you have? Personal s Social media and news Work related accounts

Password 101  A secret word or phrase that must be used to gain admission to something.  A string of characters that allows access to a computer, interface, or system.  A secret word or phrase that must be used to gain admission to something.  A string of characters that allows access to a computer, interface, or system.

Why do I need a secure password?  Passwords are the key to your digital life.  Passwords secure vital information such as:  Date of Birth  Address  Mother’s Maiden Name  Bank details  Social Security Number(s)  Other financial information  Your Entire Identity  Passwords are the key to your digital life.  Passwords secure vital information such as:  Date of Birth  Address  Mother’s Maiden Name  Bank details  Social Security Number(s)  Other financial information  Your Entire Identity

How to create a secure password Use a mixture of the following  CAPITAL and lower cAsE  M1xture 0f l3tt3r5 numb3r$ & $ymb0|$  Do not use your children's names, pets’ names, dates of birth, your address, grandkids names, parents names, etc. Refrain from using any names, including names of past schools/institutions you attended, organizations you have worked for, and names of town/cities/states. Use a mixture of the following  CAPITAL and lower cAsE  M1xture 0f l3tt3r5 numb3r$ & $ymb0|$  Do not use your children's names, pets’ names, dates of birth, your address, grandkids names, parents names, etc. Refrain from using any names, including names of past schools/institutions you attended, organizations you have worked for, and names of town/cities/states.

What is a passphrase?  A passphrase is a sequence of words or other text used to control access to a computer system, program or data.  A passphrase is similar to a password in usage, but is generally longer for added security.  Basically, passphrases are combination of random words or sentences.  A passphrase is a sequence of words or other text used to control access to a computer system, program or data.  A passphrase is similar to a password in usage, but is generally longer for added security.  Basically, passphrases are combination of random words or sentences.

How to Create a Passphrase Method #1  Create a sentence that you can remember.  My favorite drink is lemonade 1987! Method #2  I want a peanut butter and jelly sandwich every Tuesday for the month.  IwaPB&Jet4tm Method #1  Create a sentence that you can remember.  My favorite drink is lemonade 1987! Method #2  I want a peanut butter and jelly sandwich every Tuesday for the month.  IwaPB&Jet4tm

Use the site name to increase your security of passphrase  Youtube – Myfavoritydrinkislemonade1987!Yt  Twitter – Myfavoritydrinkislemonade1987!Tr  Facebook – Myfavoritedrinkislemonade1987!Fb  Youtube – Myfavoritydrinkislemonade1987!Yt  Twitter – Myfavoritydrinkislemonade1987!Tr  Facebook – Myfavoritedrinkislemonade1987!Fb

Password Hierarchy 1. Banking (These passwords should be their own and not used on sites with lower security) 2. Work and/or Employment Organization (This password should be exclusive to your work logins. Do not use this password elsewhere.) 3. Business (Amazon, iTunes, Netflix, Hulu, Etsy, Apple Pay, Groupon) 4. (Used to reset and control all other usernames and passwords. This password should not be used anywhere else.) 5. Social & Entertainment (Facebook, Twitter, Youtube, Internet forums) 1. Banking (These passwords should be their own and not used on sites with lower security) 2. Work and/or Employment Organization (This password should be exclusive to your work logins. Do not use this password elsewhere.) 3. Business (Amazon, iTunes, Netflix, Hulu, Etsy, Apple Pay, Groupon) 4. (Used to reset and control all other usernames and passwords. This password should not be used anywhere else.) 5. Social & Entertainment (Facebook, Twitter, Youtube, Internet forums)

Secure Password Tips  Dictionary passwords are easy to crack. Do not use them.  Do not write your password down and stick it to your computer, monitor, under your keyboard.  Use a Mnemonic or a sequential pattern to remember your passwords  Dictionary passwords are easy to crack. Do not use them.  Do not write your password down and stick it to your computer, monitor, under your keyboard.  Use a Mnemonic or a sequential pattern to remember your passwords

So many passwords, so little time…What’s the solution?  Password managers  Are great to keep track of passwords  Should be encrypted  Uses a master password to keep your other passwords  Should have a cloud backup  Better than writing them in a “password book” (Never a good option)  Password managers  Are great to keep track of passwords  Should be encrypted  Uses a master password to keep your other passwords  Should have a cloud backup  Better than writing them in a “password book” (Never a good option)

Managing Passwords/Passphrases  A password manager is a software application that helps a user store and organize passwords.  Password managers usually store passwords encrypted, requiring the user to create a master password;  a single, ideally very strong password which grants the user access to their entire password database.

Advantages  Password management tools are really good solutions for reducing the likelihood that passwords will be compromised  No more easily lost scraps of paper!  Online or Cloud-based  Access your data from any computer, 24/7  No downloading software  Many password managers to try and choose what best fits your needs  Password management tools are really good solutions for reducing the likelihood that passwords will be compromised  No more easily lost scraps of paper!  Online or Cloud-based  Access your data from any computer, 24/7  No downloading software  Many password managers to try and choose what best fits your needs

Disadvantages  Because any computer or system is vulnerable to attack, relying on a password management tool creates a single point of potential failure.  If you forget the master password, all your other passwords in the database are lost forever, and there is no way of recovering them. Don’t forget the master password!  Because any computer or system is vulnerable to attack, relying on a password management tool creates a single point of potential failure.  If you forget the master password, all your other passwords in the database are lost forever, and there is no way of recovering them. Don’t forget the master password!

Most Common “Password Manager”

Choosing Password Managers  Users must be extra careful in choosing a provider.  Make sure they're a valid and reputable vendor.  TRIAL!!! Try recommended managers.  Users must be extra careful in choosing a provider.  Make sure they're a valid and reputable vendor.  TRIAL!!! Try recommended managers.

Recommended Password Managers  Dashlane (f) – keeps your passwords for you. Will go out and change your passwords on your request. It will autofill passwords on sites for you.  Keeper (p) – keeps your passwords and digital files for you. Encrypted and offers a cloud backup.  PasswordBox (f) - keeps your passwords. Offers a digital heir feature if something were to happen to you your information would be obtainable by someone else.  Last Pass (f/p) – allows you to save, organize, and access your login data. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you.  Dashlane (f) – keeps your passwords for you. Will go out and change your passwords on your request. It will autofill passwords on sites for you.  Keeper (p) – keeps your passwords and digital files for you. Encrypted and offers a cloud backup.  PasswordBox (f) - keeps your passwords. Offers a digital heir feature if something were to happen to you your information would be obtainable by someone else.  Last Pass (f/p) – allows you to save, organize, and access your login data. Your key never leaves your device, and is never shared with LastPass. Your data stays accessible only to you.

Password Generator  A random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.  LAST RESORT if you cannot create a good, strong password.  Are great for those that need a password to use only once or twice.  Similar to password management but they are hard to guess when you don’t have access to your password manager.  Not heavily recommended for the normal computer user  A random password generator is software program or hardware device that takes input from a random or pseudo-random number generator and automatically generates a password. Random passwords can be generated manually, using simple sources of randomness such as dice or coins, or they can be generated using a computer.  LAST RESORT if you cannot create a good, strong password.  Are great for those that need a password to use only once or twice.  Similar to password management but they are hard to guess when you don’t have access to your password manager.  Not heavily recommended for the normal computer user

Summary Never write your passwords down. Never insert and save them on an unencrypted Microsoft word document, excel spreadsheet, or any other electronic documents, including Smartphone notepads. Easy to remember Passphrases or sentences are your best bet when creating a strong, secure password. Always use two-factor authentication when it is provided, especially with your financial and personal or smartphone app accounts. Are you considering a password manager and generator? Try them all out and choose which manager best suits your needs. Still unable to create a strong password or passphrase, use a password generator as your last resort. Lastly, when in doubt, contact your UTHSC Information Security Team or your UTHSC Helpdesk ! Never write your passwords down. Never insert and save them on an unencrypted Microsoft word document, excel spreadsheet, or any other electronic documents, including Smartphone notepads. Easy to remember Passphrases or sentences are your best bet when creating a strong, secure password. Always use two-factor authentication when it is provided, especially with your financial and personal or smartphone app accounts. Are you considering a password manager and generator? Try them all out and choose which manager best suits your needs. Still unable to create a strong password or passphrase, use a password generator as your last resort. Lastly, when in doubt, contact your UTHSC Information Security Team or your UTHSC Helpdesk !

Fun Fact: Most Used Passwords of password qwerty (Up 9) baseball password qwerty (Up 9) baseball dragon football monkey letmein abc mustang access shadow master michael superman batman trustno1 Condliffe, Jamie. "The 25 Most Popular Passwords of 2014: We're All Doomed." Gizmodo. N.p., 20 Jan Web. 20 Apr

THANKS!!!!

UTHSC Information Security Team L. Kevin Watson (901) Frank Davison (901) Jessica McMorris (901) Ammar (901) Information Security Website: security.uthsc.edusecurity.uthsc.edu To report phishing and spam forward it to UTHSC Help Desk: (901) ext. 1 or