Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst

Slides:



Advertisements
Similar presentations
Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Advertisements

Password Cracking Lesson 10. Why crack passwords?
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Strong : Do You Really Need Them? October 30, 2013.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
05-899/ Usable Privacy and Security Colleen Koranda February 7, 2006 Usable Privacy and Security I.
Authentication for Humans Rachna Dhamija SIMS, UC Berkeley DIMACS Workshop on Usable Privacy and Security Software July 7, 2004.
1. 2 Overview of AT&T EPIC Ordering Process for SUS (Supply Order) Suppliers 1.AT&T User creates shopping cart on internal web-based portal 2.Shopping.
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
Authentication Approaches over Internet Jia Li
Yvan Cartwright, Web Security Introduction Correct encryption use Guide to passwords Dictionary hacking Brute-force hacking.
MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).
Password Management PA Turnpike Commission
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
CIS 450 – Network Security Chapter 8 – Password Security.
Chapter X When can I consider my personal data secure?
Computer Security Preventing and Detecting Unauthorized Use of Your Computer.
Adrian Ellison Assistant Director, IT Services Wednesday 23 November 2011.
Presented by: Lin Jie Authors: Xiaoyuan Suo, Ying Zhu and G. Scott. Owen.
Password Security Everything (well… a lot, anyway) you didn’t know, or want to, but really actually need to.
The memorability and security of passwords – some empirical results By: Jianxin Yan, Alan Blackwell, Ross Anderson, Alasdair Grant Presenter: Roy Ford.
User Management: Passwords cs3353. Passwords Policy: “Choose a password you can’t remember and don’t write it down”
Three Basic Identification Methods of password Possession (“something I have”) Possession (“something I have”) Keys Passport Smart Card Knowledge (“Something.
Passwords. Outline Objective Authentication How/Where Passwords are Used Why Password Development is Important Guidelines for Developing Passwords Summary.
Session 7 LBSC 690 Information Technology Security.
PHYSICAL ITSECURITY scope. 1.What is password security?. 2.Why can't I tell anyone my password? 3.What about writing my password down 4.Social engineering.
Digital Citizenship Project. Netiquette Do’s -Read before you post messages. -Try to keep your postings brief and easy to read. -Be kind when others make.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
KeePass Open Source Software James Hadvabne Open Source Software James Hadvabne.
Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Passwords Internet Safety for grades Introduction to Passwords Become part of our everyday life –Bank cards, , chat programs, on- line banking,
6fb52297e004844aa81be d50cc3545bc Hashing!. Hashing  Group Activity 1:  Take the message you were given, and create your own version of hashing.  You.
1 Choosing the Right Wand (or for those who like boring titles – Managing Account Passwords: Policies and Best Practices) Harvard Townsend IT Security.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 30, 2011.
Internet Safety. Phishing, Trojans, Spyware, Trolls, and Flame Wars—oh my! If the idea of these threats lurking around online makes you nervous, then.
Password Security. Overview What are passwords, why are they used? Different types of attacks Bad password practices to avoid Good password practices.
INTERNET SAFETY FOR KIDS
What do you know about password? By Guang Ling Oct. 8 th,
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Joshua Fuller. - Passwords keep your information private - Never tell your password to ANYONE - Change your password regularly Basic Security.
Passwords and Password Policies An Important Part of IT Control – by Craig Piercy.
NC Wise Security & Passwords Revised: July 29, 2008 Developed by: Jennifer Jenkins, Cabarrus County Schools.
Building Structures. Building Relationships. Passwords February 2010 Marshall Tuck.
Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.
Greystash February Program Review. Team Failing Street Kyle DeFrancia – Spring Lead Erik Paulson – Fall Lead Joe Devlin - Webmaster.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Common sense solutions to data privacy observed by each employee is the crucial first step toward data security Data Privacy/Data Security Contact IRT.
Understanding Security Policies Lesson 3. Objectives.
Digital Citizenship Unit 2 Lesson 1: Strong Passwords
1 Web Technologies Website Publishing/Going Live! Copyright © Texas Education Agency, All rights reserved.
Effective Password Management Neil Kownacki. Passwords we use today PINs, smartphone unlock codes, computer accounts, websites Passwords are used to protect.
PASSWORD SECURITY A Melbourne Athenaeum Library
Understanding Security Policies
Authentication and Account Management
Authentication Schemes for Session Passwords using Color and Images
Common Methods Used to Commit Computer Crimes
Ways to protect yourself against hackers
Password Cracking Lesson 10.
Password Security by Jordan D. v2.0
Security.
Passwords.
Security.
When can I consider my personal data secure?
Keeping Our Data Secure
Keeping your passwords safe
Presentation transcript:

Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst mitch@uidaho.edu Passphrases and YOU Mitch Parks, GSEC/GCWN ITS Desktop Security Analyst mitch@uidaho.edu

What is a Passphrase? ITS defines a passphrase as an easy to remember string of words, numbers and symbols A UI passphrase must be 15 characters or more SEE: APM 30.15 UI Password/Passphrase Policy (http://www.uihome.uidaho.edu/default.aspx?pid=97508) SEE: APM 30.15 http://www.uihome.uidaho.edu/default.aspx?pid=97508

Passphrase examples Passphrases should be long, yet memorable: “EveryGOODboydoesfine#” “Listen,Children!” “Mymom#isbetter.” Passphrases should not be common phrases or repeats like: “My voice is my password.” “Strawberry fields forever.” “Passwordpassword.”

Don’t Passphrases have a space? Passphrases are commonly used with a space Security vs. Usability requires balance UI passphrases or passwords mayno longer have a space! * Banner users have additional restrictions on spaces and numerous special characters Note: While this is accurate starting 10/15/2009, this is subject to change as the myUIdaho project develops.

What other characters can’t be used? Disallowed characters as of October 14* include: <space> { } \ : = Note: this may only be a temporary change, pending the finalization of the myUIdaho project.

How many users have a passphrase? 3,049 users have switched to passphrase 14,751 password changes since August

Why a Passphrase? 400 instead of 90 day expiration (only when set on the ITS Support website) Easier to remember Whole words can be used More difficult to crack or guess (easily available tools can crack short passwords)

Cracking vs. Guessing Cracking involves reversing the password hash captured off the wire or from the local disk Guessing, or brute force methods simply try many or common passwords against accounts

What is a “brute-force” attack? Hackers write programs to automatically attempt login to systems using common passwords A common ssh brute force attack will use a team of computers to perform the attack

But I don’t use ssh… UI accounts are exposed to the Internet on a number of fronts for the convenience of all users: SSH/SFTP (unix.uidaho.edu) https forms (mail.uidaho.edu / OWA) Both of these can be attacked from around the world

Do people really attack us? It is hard to tell the difference between user failed logins and break-in attempts 10,407 failures in last 7 days

Length vs. Complexity There are limited numbers of combinations to make up a short password

Password Examples 4-digit PIN is obvious: 0000 to 9999 : 10,000 choices 10 * 10 * 10 * 10 = 10,000

Password complexity helps Basic alphabet (abcdefg…) aaaa to zzzz ?? 26 * 26 * 26 * 26 = 456,976 UPPER, lower, numbers and symbols AAAA to ++++ ??? If only the 76 most common characters.. 76 * 76 * 76 * 76 = 33,362,176

Password Length Helps More 76 ^ 4 = 33,362,176 76 ^ 8 = 1,113,034,787,454,976 76 ^ 15 = 163,006,110,274,334,700,000,000,000,000

Functional Account Passphrases Accounts shared and used by applications and processes “Behind the Scenes” Must have 30+ character passphrase or longer up to the maximum allowed by system

Password Safety Still Applies! Passphrase shall not be written down or stored in your office Passphrase shall not be stored within an application’s “Remember Password” function UI password or passphrase shall not be the same as any non-UI accounts

Password Safety Passphrase shall not be shared with anyone – must be kept confidential ITS will never ask for your password! Any time you can “see” your password, sound the alarm!

How DO I store a Passphrase? Passwords can only be stored with adequate encryption, for example, programs like: Keepass (http://keepass.info) eWallet (http://www.iliumsoft.com/site/ew/ewallet.php) Apple Keychain (Applications / Utilities / Keychain)

How do I generate a Passphrase? Many password tools like Keepass also have generators for long passwords Apple Keychain also has a passphrase generator

How do I generate a Passphrase? Poems and song lyrics are popular Make sure and alter them to be unique “IdahoIdahoGoGoG0” is too simple

Thank You Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.