Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Choosing the Right Wand (or for those who like boring titles – Managing Account Passwords: Policies and Best Practices) Harvard Townsend IT Security.

Published byAbner Manning Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Choosing the Right Wand (or for those who like boring titles – Managing Account Passwords: Policies and Best Practices) Harvard Townsend IT Security."— Presentation transcript:

1 1 Choosing the Right Wand (or for those who like boring titles – Managing Account Passwords: Policies and Best Practices) Harvard Townsend IT Security Officer harv@ksu.edu October 31, 2007

2 Whose responsibility is it? “Security is not just the CIO’s problem; it is everyone’s problem. And everyone is responsible for the solution.” Diane Oblinger Brian Hawkins EDUCAUSE

3 TJX Inc. now understands…

4 Agenda Authentication and authorization eID password  What’s the big deal?  Policies  Why do we have to change it twice a year?  Writing it down Tips for choosing a strong password Different passwords for different accts So many passwords…

5 Authentication & Authorization Authentication (AuthN) – verify who you are Authorization (AuthZ)– determine what you are allowed to do Your eID (or other username) and password provide authentication After authN, the system or application determines what you can access (authZ)

6 Forms of Authentication 4-digit PIN Username/Password Challenge-Response Two-factor Authentication  Two different methods required to authN  Something you know plus something you have (e.g., bank card + PIN) Biometrics (e.g., thumbprint reader) Passphrase One-time passwords Digital signature Strong Weak

7 eID Password What’s the big deal?  HRIS self-service  E-mail  KATS/iSIS  K-State Online  Oracle Calendar  Access to licensed software, databases  SGA elections  University Computing Labs  Student access to network in residence halls

8 eID Password Policies Why do you have to change it?  Is standard best practice  It could be worse!  The longer you have the same password the more likely someone will discover it Hacked computer - keylogger Network sniffer Someone helped you with a problem Password stored in web browser Faster computers = faster password cracking Typed it into the wrong place on the screen  Changing it limits the amount of time a hacker can wreak havoc in your life http://www.k-state.edu/policies/ppm/3430.html#require

9 eID Password Policies Do not share it… with anyone! Do not use it for non-university accounts  Such as hotmail, amazon.com, bank  Is okay for departmental servers (not ideal, but acceptable risk) Can I write it down? “ Passwords that are written down or stored electronically must not be accessible to anyone other than the owner and/or issuing authority.” http://www.k-state.edu/policies/ppm/3430.html#require

10 eID Password Policies These apply to ALL K-State passwords, not just the eID http://www.k-state.edu/policies/ppm/3430.html#require

11 Hints for Choosing a Strong (eID) Password 7-8 characters in length  Limits your choices  Maximum length will increase in the future to give you more choices and allow passphrases General rule – hard to guess, easy to remember (strong, memorable) Let eProfile choose one for you (is random, so will likely write it down)

12 Hints for Choosing a Strong (eID) Password Use “2” instead of “to/too”, “4” for “for” “4t” for “Fort”, “L8” for “late” Capitalize letters where it makes sense Take a phrase and abbreviate it:  2Bor~2B! = “To be, or not to be” Watch custom license plates for ideas  im4KSU2 (and add punctuation, like “!”)

13 Hints for Choosing a Strong (eID) Password Use a password strength meter: http://www.securitystats.com/tools/password.php http://www.microsoft.com/protect/yourself/password/checker.mspx http://www.securitystats.com/tools/password.php http://www.microsoft.com/protect/yourself/password/checker.mspx Gotchas:  Avoid space character  Beware of special characters that are not on foreign keyboards ($) What are your examples?

14 Steps to create a strong, memorable password http://www.microsoft.com/protect/yourself/password/create.mspx 1. Think of a sentence that you can remember as the basis of your strong password or pass phrase. Use a memorable sentence, such as “My son Aiden is three years old” 2. Check if the computer or online system supports the pass phrase directly. If you can use a pass phrase (with spaces between characters), do so.

15 Steps to create a strong, memorable password 3. If the computer or online system does not support pass phrases, convert it to a password. Take the first letter of each to create a new, nonsensical word. Using the example above, you'd get: “msaityo” 4. Add complexity  Mix uppercase and lowercase letters and numbers.  Swap some letters or intentionally misspell. “My SoN Ayd3N is 3 yeeRs old”

16 Steps to create a strong, memorable password 5. Substitute some special characters  Add punctuation (“!”, “;”, “()”, etc.)  Use symbols that look like letters “$” for “S”, “3” for “E”, “1” for “i”, “@” for “a”  Combine words (remove spaces). “MySoN 8N i$ 3yeeR$ old;” or “M$8ni3y0;” 6. Test your new password with Password Strength Checker and/or eProfile (eid.ksu.edu)

17 Acct/Password Categories Ideal = different password for each acct Acceptable = different password for each type of account 1. eID and some other K-State accounts 2. Financial accounts 3. Online shopping (if stores credit card info) 4. All others

18 Managing Your Passwords Try to remember them all?  Have someone younger than you help you remember them all?  Write them all down?   OK if keep in private place, like purse/wallet  Write down a hint, not actual password Web browser?  Use a tool like Password Safe? http://passwordsafe.sourceforge.net/ http://passwordsafe.sourceforge.net/

19 Don’t Let Windows Store Your eID or Banking Passwords

20 What’s on your mind?

Download ppt "1 Choosing the Right Wand (or for those who like boring titles – Managing Account Passwords: Policies and Best Practices) Harvard Townsend IT Security."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
©2002 TechRepublic, Inc. www.techrepublic.com. All rights reserved. Protecting Your Password Created By: Dana Norton Web Editor, IT Manager Republic.

©2002 TechRepublic, Inc. All rights reserved. Protecting Your Password Created By: Dana Norton Web Editor, IT Manager Republic.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
Lesson 11 Using Online Banking. Key Terms Account Transfer – online transfer of money; ex. Savings to checking acct. Fraud – using trickery to convince.

Lesson 11 Using Online Banking. Key Terms Account Transfer – online transfer of money; ex. Savings to checking acct. Fraud – using trickery to convince.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Www.durham.ac.uk/cmp Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.

Centre for Materials Physics Presentation by Peter Byrne Creating and using Strong Passwords Superconductivity Group.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,

PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.

Text passwords Hazim Almuhimedi. Agenda How good are the passwords people are choosing? Human issues The Memorability and Security of Passwords Human.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18, 2013 1.

Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
Protect Your Computer from Viruses and Other Threats! 1. Use antivirus software. 2. Run Windows updates. 3. Use a strong password. 4. Only install reputable.

Protect Your Computer from Viruses and Other Threats! 1. Use antivirus software. 2. Run Windows updates. 3. Use a strong password. 4. Only install reputable.
Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.

Lecture 7 Page 1 CS 236 Online Password Management Limit login attempts Encrypt your passwords Protecting the password file Forgotten passwords Generating.
MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).

MAKING GOOD PASSWORDS (AND HOW TO KEEP THEM SAFE).
Password Management PA Turnpike Commission

Password Management PA Turnpike Commission
PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.

PAGE 1 Company Proprietary and Confidential Internet Safety and Security Presented January 13, 2014.
Email. Open a email Click on your inbox and click on a email you want to open then it will open.

. Open a Click on your inbox and click on a you want to open then it will open.
Logging onto the Computer for the first time And Signing the Acceptable Use Policy (AUP) for Using the Internet.

Logging onto the Computer for the first time And Signing the Acceptable Use Policy (AUP) for Using the Internet.
Staying Safe Online Keep your Information Secure.

Staying Safe Online Keep your Information Secure.
Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.

Lesson 2- Protecting Yourself Online. Determine the strength of passwords Evaluate online threats Protect against malware/hacking Protect against identity.
CIS 450 – Network Security Chapter 8 – Password Security.

CIS 450 – Network Security Chapter 8 – Password Security.

Similar presentations

Ads by Google