Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.

Published byLawrence Wright Modified over 9 years ago

Similar presentations

Presentation on theme: "Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security."— Presentation transcript:

1 Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security

2 What We Will Cover: Password review Password Management Password Management Myths Flaws of Gray Matter Password Management What are the benefits of a Password Manager Password Manager Recommendations Demo

3 Password Review P@$$w0rds The most commonly used authentication mechanisms

4 Password Review P@$$w0rds The most commonly used authentication mechanisms Usually considered one of the weakest security mechanisms available

5 Password Review P@$$w0rds The most commonly used authentication mechanisms Usually considered one of the weakest security mechanisms available Users usually choose passwords that are easily guessed

6 Password Review P@$$w0rds The most commonly used authentication mechanisms Usually considered one of the weakest security mechanisms available Users usually choose passwords that are easily guessed Users write the passwords down on a sticky note and clearly hide under the keyboard

7 Password Review P@$$w0rds The most commonly used authentication mechanisms Usually considered one of the weakest security mechanisms available Users usually choose passwords that are easily guessed Users write the passwords down on a sticky note and clearly hide under the keyboard This is where Password Management steps in

8 Password Management What can you do to protect your credentials? 1.Never provide your password to anyone Nobody should ask for your password, not even other staff such as Help Desk. This includes via email, phone, or in person. 2.Change your password frequently and use strong password Dictionary attack - Files of thousands of words are compared to the user’s password until a match is found. Many people choose short passwords (7 characters or less). Therefore dictionary attack is often successful to crack their passwords.

9 Password management 3.Avoid re-using or duplicating passwords between work and personal accounts Dropbox email breach – Cloud storage service. Customers receiving spam email advertising online casinos. o The customer data were contained in a document that was stolen from the Dropbox account of one of the company's employees o Attacker managed to gain access to the account because of a different attack on another website o The account holder used the same password for both accounts http://www.scmagazine.com/employee-password-reuse-behind-dropbox-spam-outbreak/article/253004/ You should not reuse passwords across multiple systems.

10 Password Management Myths Stored passwords in your browser are secure. Incorrect: No encryption provided and easy to recover. Storing passwords in a Excel or Word document that is natively encrypted is a secure practice. Incorrect: Encryption is getting better than it used to be but you do not have the functionality. Writing down passwords is a secure practice if kept hidden. Incorrect: No encryption and easy to steal.

11 Password cracking monster

12 Flaws of Gray Matter Password Management Password Strength: Having to remember large complex strings. Quantity of Accounts: Having to manage a large number of accounts. Password Redundancy: Reusing passwords across applications/systems. Underutilized Accounts: Remembering passwords for accounts rarely used.

13 What are the Benefits of a Password Manager Password Storage: Store complex passwords without having to remember them. Strong Industry Standard Encryption: AES Stronger Authentication Security: Ability to Leverage Multi-Factor Password Generation: Ability to create very strong/complex passwords.

14 What are the Benefits of a Password Manager Password Expiration: Configure password expiration reminders. Password History: Configurable unique password enforcement. User-Friendly Password Usage: Ability to copy/paste, auto password cache cleanup, and URL storage.

15 Password Manager Recommendations Password Safe: http://passwordsafe.sourceforge.net Kee Pass: http://keepass.info

16 Password Manager DEMO

17 Contact us at … Send you questions, comments and suggestions to … DOIT-Security@doit.wisc.edu

Download ppt "Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
GW Introduction to Google Drive Security and Smart Sharing Practices.

GW Introduction to Google Drive Security and Smart Sharing Practices.
SOCIAL ENGINEERING AND INFORMATION PROTECTION BEST PRACTICES.

SOCIAL ENGINEERING AND INFORMATION PROTECTION BEST PRACTICES.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.

Password Management Strategies for Online Accounts Gaw & Felten Optional Reading.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.

Notes to Teachers At the time we embedded the links in these lessons, they all worked. If they don’t, you can google the website, find the link, open it.
Banking Safely. PIN and Password Selection and Protection Select unique digits (number and letter combinations DO NOT SELECT your birthdate, telephone.

Banking Safely. PIN and Password Selection and Protection Select unique digits (number and letter combinations DO NOT SELECT your birthdate, telephone.
Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.

Creating STRONGCreating STRONGPasswords. CREATING STRONG PASSWORDSCREATING STRONG PASSWORDS A strong password is an important part of keeping your information.
Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.

Nothing is Safe 1. Overview  Why Passwords?  Current Events  Password Security & Cracking  Tools  Demonstrations Linux GPU Windows  Conclusions.
Quick Reference Guide Welcome TEST USER Version_NSU_101111 HELP RETIREMENT MANAGER DEMO FEEDBACK.

Quick Reference Guide Welcome TEST USER Version_NSU_ HELP RETIREMENT MANAGER DEMO FEEDBACK.
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. Emails. Safe browsing for shopping and online banks. Social media.

CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Similar presentations

Ads by Google