Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Perils of Passwords. Hello! I’m Joe Campbell Principal Security Architect Dell Software.

Published byDebra Maud Shelton Modified over 8 years ago

Similar presentations

Presentation on theme: "The Perils of Passwords. Hello! I’m Joe Campbell Principal Security Architect Dell Software."— Presentation transcript:

1 The Perils of Passwords

2 Hello! I’m Joe Campbell Principal Security Architect Dell Software

3 So… what’s the problem? Just in case you didn’t know 1

4 3 out of 4 consumers use duplicate passwords, many of which have not been changed in five years or more Data from survey conducted by Telesign

5 40 percent of those surveyed say they had “a security incident” in the past year Data from survey conducted by Telesign

6 FUN FACTS! While you learn fun things about passwords, consider how we know these facts…

7 Top 10 Literary, Movie or TV passwords Swordfish From the movie Horse Feathers Caput Draconis Harry Potter and the Sorcerer’s Stone Alligator From the TV show Scrubs 12345 Actually the same code I have on my luggage… From the movie Spaceballs Open Sesame From the book One Thousand and One Nights ZXCVB From the movie Hackers Valley Forge From the movie National Treasure Z1ON0101 From the movie Matrix Reloaded Peek-A-Boo From the TV show Babylon 5 Joshua From the movie Wargames

8 Are you kidding me? 2,000,000 446,162 123456789 345,843 password 211,659 Adobe123 *Data captured from the Adobe Hack 123456

9 We all know what comes next

10 Let’s Talk Solutions There’s more than you think 2

11 Web Access Management More than a ‘user convenience’. SSO and WAM must be viewed by us as an essential link in the security chain Password Reduction Technologies Priviledged Access Management Often overlooked, priviledged user credentials are the hacker’s holy grail Multi-Factor When you finally see the light and know that passwords aren’t enough

12 Web Access Management This isn’t simply Single-Sign-On Apps are more and more web based Apps are mobile The security ‘glue’ is the IdP, the Identity Provider An identity provider can eliminate the biggest risks of password proliferation

13 Web Access Management Why do we care? Complete control from a single dashboard Secure access to web applications Secure access to web services Audit all authentication attempts (good or bad) Audit all application access attempts You can secure an application that doesn’t have security

14 Privileged Accounts Privileged Accounts are the accounts that are used to get access to sensitive information AD Administrator Domain Admin DNS Admin SQL Database SA Your Bank User ID and Password Having access to these credentials is a blessing and a curse “Please don’t take away my SA access!!!” “Please take away my SA access!!!”

15 Privileged Accounts Why do we care? User account credentials cannot be comprised An admin can’t have the credentials beaten out of them!

16 Multi-Factor AuthN You are welcome to my Google Credentials: User ID: joe.m.campbell@gmail.comjoe.m.campbell@gmail.com Password: EyeLoveMonkeys2! Multifactor authentication includes: Something you know, something you have, something you are Passwords are compromised all the time Latent password fingerprints are left in strange places

17 Multi-Factor AuthN Why do we care? Kim Jong-Un may have your password, but he doesn’t have your phone. Multi-factor is easy (don’t forget to leverage a risk engine!) Soft Tokens: Mobile Phone, Windows, Java Hard Tokens: Yubikey, OATH Compliant device Text Messaging Email Generation A simple Swipe? To put it simply… nearly all recent breaches would have stopped dead in their tracks with 2FA enabled somewhere.

18 Face it… you must do something

19 Are you the ‘Department of No’ ? 1. Executive/Director sponsorship 2. Focus on the people 3. Be nimble and promote intelligent change 4. Become the ‘Department of Yes’

20 You can reach me here: joe.m.campbell@software.dell.com

Download ppt "The Perils of Passwords. Hello! I’m Joe Campbell Principal Security Architect Dell Software."

Similar presentations

Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.

Managing A Secure Infrastructure – Tales From the Trenches November 6, 2003.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
How to take advantage of search engines for your local business.. THE LAST FRONTIER LOCAL and MOBILE SEARCH Take advantage with…

How to take advantage of search engines for your local business.. THE LAST FRONTIER LOCAL and MOBILE SEARCH Take advantage with…
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) =.00625 * 5,349.44 = $33.434 What happens to the.004?.004+.004+.004=.012.004.

Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.

RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Cloud Security Julian Lovelock VP, Product Marketing, HID Global.

Cloud Security Julian Lovelock VP, Product Marketing, HID Global.
InformationGraphics.Biz Case Study : FOX t.. Challenge The Create a graphic that explains an abstract software concept for FOX t’ s security vulnerabilities.

InformationGraphics.Biz Case Study : FOX t.. Challenge The Create a graphic that explains an abstract software concept for FOX t’ s security vulnerabilities.
Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.

Microsoft ® Official Course Module 13 Implementing Windows Azure Active Directory.
Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?

Yair Grindlinger, CEO and Co-Founder Do you know who your employees are sharing their credentials with? Do they?
User Manager Pro Suite continued… All-in-One Security, Management & Reporting.

User Manager Pro Suite continued… All-in-One Security, Management & Reporting.
- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.

- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.
Problems With Centralized Passwords Dartmouth College PKI Lab.

Problems With Centralized Passwords Dartmouth College PKI Lab.
Adxstudio Portals Training

Adxstudio Portals Training
Chris Calderon – February 2016 MIS 534 Information Security Management.

Chris Calderon – February 2016 MIS 534 Information Security Management.
Yahoo Help Phone Number 1-844-666-2840. Get Instant Help.

Yahoo Help Phone Number Get Instant Help.
 Attempts to steal your identity since most people who use Facebook post personal information and click things without thinking about it.

 Attempts to steal your identity since most people who use Facebook post personal information and click things without thinking about it.
1. Begin Quick Start 2. Administration 3. Good to Know 4. Slightly Technical 5. User Experience 6. You are ready to go !

1. Begin Quick Start 2. Administration 3. Good to Know 4. Slightly Technical 5. User Experience 6. You are ready to go !
Best Practices for Mobile Business Intelligence. So you’re thinking about going Mobile….  Who am I’m going to be providing the information too?  What.

Best Practices for Mobile Business Intelligence. So you’re thinking about going Mobile….  Who am I’m going to be providing the information too?  What.

Similar presentations

Ads by Google