Presentation is loading. Please wait.

Presentation is loading. Please wait.

Password Security Review Your password is the last line of defense. Keep your data safe with good password practices. Mikio Olin Kevin Matteson.

Published byTimothy Boone Modified over 9 years ago

Similar presentations

Presentation on theme: "Password Security Review Your password is the last line of defense. Keep your data safe with good password practices. Mikio Olin Kevin Matteson."— Presentation transcript:

1 Password Security Review Your password is the last line of defense. Keep your data safe with good password practices. Mikio Olin Kevin Matteson

2 Overview Ohio University Policy (91.004) Your Credentials are Important Password Best Practices Ohio University Credential Complexity Standards Two factor Authentication Demo

3 Ohio University Policy (91.004) University Credentials https://www.ohio.edu/policy/91-004.html Policy Sections A.Overview B.Individuals C.Credentials Data Stewards (93.001 Data Classification) Authentication Credentials Complexity Standard D.Information system owners E.Authentication servers

4 Umm no, I was not in Nigeria last week… 91.004 A (Overview) Credentials… are often the first line of attack, and the last line of defense, in the protection of these resources. Because of this, they must be used with care, and adequately protected. Your password is confirmation of your identity Attackers can impersonate you View/Change your personal information View/Change others personal information One password leads to another Access to an account or device opens a door to other accounts.

5 OU Policy says… 91.004 B (Individual’s responsibilities) Keep your credentials, secret questions, and their answers private and known only to you. Use unique credentials (username and password combination) for Ohio university that are different from any other service or website. Your credentials are for your personal authentication to university resources, and should not be used as a means to provision services to other users. If you suspect that your credentials have been compromised, change your credentials and questions immediately and inform the information security office by e-mail to security@ohio.edu.security@ohio.edu

6 Keep it hidden… Keep it safe… Even Strong passwords become weak if they are written on a Post-it® under your keyboard. Password Habits to Avoid Writing passwords down or storing in a document Reusing an old password Using your password on an insecure device Good Password Habits Store passwords encrypted in Keepass Change your password annually Be mindful of the situation

7 What’s your Risk Level? 91.004 C (Risk and Credential Level) Not all University accounts carry the same level of risk. Risk is measured by the type of data an individual can view/change with their credentials. (93.001 Data Classification) - University Data Stewards are responsible for rating and classifying their data. Data is labeled as a High, Medium, or Low Level based on potential impact to the university. University Data Stewards also are responsible for reviewing the Authentication Credentials Complexity Standard annually Authentication Credential Complexity Standards

8 Authentication and Credential Complexity Standard Risk Level = Credential Level Risk Levels 1.Low Risk – Access to only their own information or information classified as “Low” (Students, Guests) 2.Medium Risk – Access to University information classified as “Medium or High” (Faculty, Staff, Contract Employee) 3.Medium Risk with higher Credential Level – Same Risk as Medium Level 4.High Risk – Privileged access to “Medium or High” (System Administrators, DBA, Bursar, Registrar, Admissions Staff, etc) Credential Levels LevelCharacter ClassesLengthExpirationMultiFactor Enrolled Level 12 or more8 minimum5 yearsNot required Level 23 or more8 minimum6 monthsNot required Level 33 or more10 minimum1 yearNot required Level 43 or more10 minimum1 yearRequired

9 What is a weak Password? Weak password are easy to guess or easy to break. Contains a name or dictionary word (Including the following simple alterations of password) Modifying capitalization (PasSWorD) Reversing word order (drowssap) Character substitutions (pa55w0rd) Removing vowels (psswrd) Uses keys adjacent on the keyboard (1234asdf) Contains a single character type (18042010) Contains less than 8 characters (pwd123)

10 What are STRONG Passwords? Strong passwords are difficult to guess and break Contains more than 8 characters Contains multiple character types UPPERCASE LETTERS lower case letters Numbers Special Characters ($%^&*!@#) Means something to you but no one else. !dnlg3aH$Ia ! do not like green 3ggs and Ham $am I am How to choose a strong password

11 Under Construction Password expiration (Notification and Enforcement) Password Meter MultiFactor Authentication (MFA) DUO (Phone Factor Voice, Text, App Push) Azure (Phone factor) YubiKey (Generated Token) Other?

12 Multifactor Authentication Knowledge Factors – (What you know) Passwords Security Pins Secret questions Possession Factors - (What you have) Physical Key Security Token Transmitted to or from a device you possess Inherence Factors – (What you are) Biometrics Fingerprint scanner Retina scanners Face recognition Voice recognition

13 Multifactor Demo

Download ppt "Password Security Review Your password is the last line of defense. Keep your data safe with good password practices. Mikio Olin Kevin Matteson."

Similar presentations

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.

Point3r$. Password Introduction Passwords are a key part of any security system : –Work or Personal Strong passwords make your personal and work.
1 Identification Who are you? How do I know you are who you say you are?

1 Identification Who are you? How do I know you are who you say you are?
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.

Two-Factor Authentication & Tools for Password Management August 29, 2014 Pang Chamreth, IT Development Innovations 1.
15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.

15 Tactical Improvements to IT Security Virtual Keyboard, Two Factor Authentication, Active Confirmation and FAA Access to CPS Online Ganesh Reddy.
Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.

Information Security Confidential Two-Factor Authentication Solution Overview Shawn Fulton January 15th, 2015.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.

Technical Issues with Establishing Levels of Assurance Zephyr McLaughlin Lead, Security Middleware Computing & Communications University of Washington.
Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.

Using a Password Manager Are your passwords safe? Ryan Leavitt DoIT Security.
 61% of people reuse the same password on multiple sites.  44% change their password only once a year or less.  Password theft increased by 300% in.

 61% of people reuse the same password on multiple sites.  44% change their password only once a year or less.  Password theft increased by 300% in.
1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.

1 Authentication CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute March 11, 2004.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
SECURITY Of the five basic elements of an Information System, DATA is our main concern in relation to security practices.

SECURITY Of the five basic elements of an Information System, DATA is our main concern in relation to security practices.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
SE571 Security in Computing

SE571 Security in Computing
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
NS-H0503-02/11041 System Security. NS-H0503-02/11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.

NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.

Similar presentations

Ads by Google