Password Security Review Your password is the last line of defense. Keep your data safe with good password practices. Mikio Olin Kevin Matteson.

Slides:



Advertisements
Similar presentations
Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
Advertisements

1 Identification Who are you? How do I know you are who you say you are?
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.
 61% of people reuse the same password on multiple sites.  44% change their password only once a year or less.  Password theft increased by 300% in.
1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Security Awareness: Applying Practical Security in Your World
SECURITY Of the five basic elements of an Information System, DATA is our main concern in relation to security practices.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
SE571 Security in Computing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
Federated Shibboleth, OpenID, oAuth, and Multifactor | 1 Federated Shibboleth, OpenID, oAuth, and Multifactor Russell Beall Senior Programmer/Analyst University.
The Office of Information Technology Two-Factor Authentication.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Information Security Technological Security Implementation and Privacy Protection.
CIS 450 – Network Security Chapter 8 – Password Security.
Chapter-2 Identification & Authentication. Introduction  To secure a network the first step is to avoid unauthorized access to the network.  This can.
Identification and Authentication University of Sunderland COM380 Harry R. Erwin, PhD.
1 Lecture 8: Authentication of People what you know (password schemes) what you have (keys, smart cards, etc.) what you are (voice recognition, fingerprints,
Chapter 4 – Protection in General-Purpose Operating Systems Section 4.5 User Authentication.
Federal Acquisition Service U.S. General Services Administration eOffer/eMod Training eOffer/eMod Training Keonia Cobbins Systems Development Office of.
Security PS Evaluating Password Alternatives Bruce K. Marshall, CISSP, IAM Senior Security Consultant
25/10/ Passwords are high value targets 2,000,000 passwords stolen from Facebook, Twitter and Google The Independent, 5 December 2013 Stolen Facebook.
Networking and Health Information Exchange Unit 9b Privacy, Confidentiality, and Security Issues and Standards.
G53SEC 1 Authentication and Identification Who? What? Where?
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
1 Choosing the Right Wand (or for those who like boring titles – Managing Account Passwords: Policies and Best Practices) Harvard Townsend IT Security.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
G53SEC 1 Authentication and Identification Who? What? Where?
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Authentication What you know? What you have? What you are?
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.
Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.
Privilege Management Chapter 22.
Password Security Module 8. Objectives Explain Authentication and Authorization Provide familiarity with how passwords are used Identify the importance.
CSCE 201 Identification and Authentication Fall 2015.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Computer Security Sample security policy Dr Alexei Vernitski.
Understanding Security Policies Lesson 3. Objectives.
BuckeyePass Multi-Factor Authentication. 2 What is Multi-Factor Authentication? Adds a 2 nd layer of security Combines something you know with something.
Implementing and Managing Azure Multi-factor Authentication
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
System Access Authentication
Authentication and Account Management
Chapter One: Mastering the Basics of Security
Password Escrow Service
Multifactor Authentication
Passwords.
Cybersecurity Awareness
Office 365 Identity Management
User access levels, Passwords, Encryption, Cipher, Key
TallyVault & Password Policy
Chapter 3: Protecting Your Data and Privacy
Computer Security Protection in general purpose Operating Systems
Chapter Goals Discuss the CIA triad
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Password Security Review Your password is the last line of defense. Keep your data safe with good password practices. Mikio Olin Kevin Matteson

Overview Ohio University Policy (91.004) Your Credentials are Important Password Best Practices Ohio University Credential Complexity Standards Two factor Authentication Demo

Ohio University Policy (91.004) University Credentials Policy Sections A.Overview B.Individuals C.Credentials Data Stewards ( Data Classification) Authentication Credentials Complexity Standard D.Information system owners E.Authentication servers

Umm no, I was not in Nigeria last week… A (Overview) Credentials… are often the first line of attack, and the last line of defense, in the protection of these resources. Because of this, they must be used with care, and adequately protected. Your password is confirmation of your identity Attackers can impersonate you View/Change your personal information View/Change others personal information One password leads to another Access to an account or device opens a door to other accounts.

OU Policy says… B (Individual’s responsibilities) Keep your credentials, secret questions, and their answers private and known only to you. Use unique credentials (username and password combination) for Ohio university that are different from any other service or website. Your credentials are for your personal authentication to university resources, and should not be used as a means to provision services to other users. If you suspect that your credentials have been compromised, change your credentials and questions immediately and inform the information security office by to

Keep it hidden… Keep it safe… Even Strong passwords become weak if they are written on a Post-it® under your keyboard. Password Habits to Avoid Writing passwords down or storing in a document Reusing an old password Using your password on an insecure device Good Password Habits Store passwords encrypted in Keepass Change your password annually Be mindful of the situation

What’s your Risk Level? C (Risk and Credential Level) Not all University accounts carry the same level of risk. Risk is measured by the type of data an individual can view/change with their credentials. ( Data Classification) - University Data Stewards are responsible for rating and classifying their data. Data is labeled as a High, Medium, or Low Level based on potential impact to the university. University Data Stewards also are responsible for reviewing the Authentication Credentials Complexity Standard annually Authentication Credential Complexity Standards

Authentication and Credential Complexity Standard Risk Level = Credential Level Risk Levels 1.Low Risk – Access to only their own information or information classified as “Low” (Students, Guests) 2.Medium Risk – Access to University information classified as “Medium or High” (Faculty, Staff, Contract Employee) 3.Medium Risk with higher Credential Level – Same Risk as Medium Level 4.High Risk – Privileged access to “Medium or High” (System Administrators, DBA, Bursar, Registrar, Admissions Staff, etc) Credential Levels LevelCharacter ClassesLengthExpirationMultiFactor Enrolled Level 12 or more8 minimum5 yearsNot required Level 23 or more8 minimum6 monthsNot required Level 33 or more10 minimum1 yearNot required Level 43 or more10 minimum1 yearRequired

What is a weak Password? Weak password are easy to guess or easy to break. Contains a name or dictionary word (Including the following simple alterations of password) Modifying capitalization (PasSWorD) Reversing word order (drowssap) Character substitutions (pa55w0rd) Removing vowels (psswrd) Uses keys adjacent on the keyboard (1234asdf) Contains a single character type ( ) Contains less than 8 characters (pwd123)

What are STRONG Passwords? Strong passwords are difficult to guess and break Contains more than 8 characters Contains multiple character types UPPERCASE LETTERS lower case letters Numbers Special Characters Means something to you but no one else. !dnlg3aH$Ia ! do not like green 3ggs and Ham $am I am How to choose a strong password

Under Construction Password expiration (Notification and Enforcement) Password Meter MultiFactor Authentication (MFA) DUO (Phone Factor Voice, Text, App Push) Azure (Phone factor) YubiKey (Generated Token) Other?

Multifactor Authentication Knowledge Factors – (What you know) Passwords Security Pins Secret questions Possession Factors - (What you have) Physical Key Security Token Transmitted to or from a device you possess Inherence Factors – (What you are) Biometrics Fingerprint scanner Retina scanners Face recognition Voice recognition

Multifactor Demo

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.