1 / 32

Passwords and how to Manage Them CRH503

Passwords and how to Manage Them CRH503. Jacky Hartnett 2011. Peter Steiner, New Yorker Magazine, July 5, 1993. Your password informs the computer system that you are genuinely whom you claim to be NOT Your partner An attacker Or your Dog.

donnagonzales
Download Presentation

Passwords and how to Manage Them CRH503

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Passwords and how to Manage ThemCRH503 Jacky Hartnett 2011

  2. Peter Steiner, New Yorker Magazine, July 5, 1993.

  3. Your password informs the computer system that you are genuinely whom you claim to be NOT Your partner An attacker Or your Dog

  4. Your password opens the electronic pathway between you and the resources that the computer system manages for you **** ****

  5. Your Password is important!

  6. At least when it is protecting things of value to you or your employer But this is not always the case And we have SO many of them

  7. This Talk • Organising Passwords • Strong Passwords • The do’s and don’ts • Recipes for creating passwords • Managing your passwords • Writing them down • Changing them • Explaining the do’s and don’ts

  8. Organising Passwords • Some passwords give access to more than others • Some people have different identities on • different systems

  9. Organising Passwords • Group your passwords into categories • Perhaps start with three • Use a different recipe for creating each category of password • Make each (of the few) passwords in the most important category different • Do not mix passwords used at work with those used at home

  10. Organising Passwords • Use the same password for the moderately important category of accounts • But change it quite often • Use the same password for the least important category of accounts • Change it when you feel like it • BUT for all categories use strong passwords

  11. Strong Passwords • You can find the construction rules for these everywhere: • Australian Government Stay Smart OnLine • http://www.staysmartonline.gov.au/ • AusCERT Reference #: GoodPasswords • http://national.auscert.org.au/render.html?it=2260&cid=2997

  12. Strong Passwordsdo’s & don’ts • At least 8 symbols • Mix of letters, upper/lower case and numbers or special symbols! • NO dictionary or culturally obvious words • GotheCats, RickyPonting • NO personal details • Birthdays, children’s name, car rego, • Different from your username

  13. Recipes for Creating Passwords • My favourite: • Pick a song and use the first letter of the first line of a song • mlilarrrose – 3 rs in row not good, no case change, no numbers • mL1laredr OR mliLarR0se • Choose a different genre for each password • Classical, Country and western, jazz • Or composer, band, album …

  14. Recipes for Creating Passwords • Another one: • Pick a TV series and combine title with a memorable feature: • dwstarstmck or dwtsTMcK or dw1thtsT • Choose a different show for each password • Probably not your current favourite, but there are so many • 6&theCity, rUbe1ngSe, m1dSomer, • And so many ways to use them…

  15. Recipes for Creating Passwords • It is best not to use an interest with which you are indentified • Eg motorbikes if you ride one and talk about them • Or cricket or AFL if you follow it • But you could use a team and the combination of player and injury for a weekly password change – as long as this recipe is secret • Using a recipe makes creating strong passwords easier

  16. Managing Your Passwords • Of course you are going to write them down! • But you are NOT going to keep them near your computer • Exercise is good for you so make sure that you have to walk to retrieve then from your safe location! • For each of your many accounts this is what you need to know

  17. Managing Your Passwords Do not save ANY of these details on your computer I hand write them all

  18. Managing Your Passwords • So my list is very very messy because I also • Change my passwords • Possibly not as often as I should! • The more your password protects the more careful you should be with • Creating it • Changing it • So how often should you change a password?

  19. Managing Your PasswordsChanging passwords • One rule is to change it after a number of uses • Eg every 12 uses: • Access once a week then change it every 3 months • Access once a month then perhaps once a year • Access once a day then every to weeks • Another is to use a period of time • Make sure you change even low use / low value passwords once a year

  20. Managing Your PasswordsChanging passwords • An important rule is to assess your risk environment • How ‘safe’ is your home computer, your work computer , your friend’s, the online access centre, the library, an Internet café? • If you feel that you may have been in a risky environment then change your password! • What about if I share my password?

  21. Managing Your PasswordsChanging passwords • What about if I share my password? • Well we all do sometime or another • If this is at work • Report the fact (and the reason why) • Change your password • If this in your personal life • Record that you did it (and why) • Change your password

  22. Your current password confirms to the computer system that it is indeed you

  23. Explaining the Do’s and Don’ts • Why at least 8 symbols • Mix of letters, upper/lower case and numbers or special symbols? • Imagine 1 symbol that is a lower case letter • 26 possible values • Add upper case and we have 52 possible values • Add numbers and we have 62 • Adding special characters means even more

  24. Explaining the Do’s and Don’ts • A computer could run a program to try each of these in less time than it takes you to read this • As computers get faster we need to add • more symbols and • use more possible values for these symbols • This means that it would take a computer too too long to try each possible combination in turn

  25. Explaining the Do’s and Don’ts • NO dictionary or culturally obvious words • A sample password file maintained by a computer system It is worth even keeping this a secret This is encrypted This gives youe xtra protection

  26. Explaining the Do’s and Don’ts • A password is encrypted by a one way algorithm and stored in its encrypted form • Attackers know this algorithm and run programs to covert dictionary words into the encrypted form • They then compare encrypted entries in the captured password file to entries from their dictionary conversions

  27. Explaining the Do’s and Don’ts • NO personal details • Birthdays, children’s name, car rego • One variety of attacker is known as a ‘social engineer’ • They attack systems using their people skills more than technical skills • SO many people use their personal details as a basis for their passwords that this is the first thing an attacker will try

  28. Explaining the Do’s and Don’ts • If your system is under specific attack • there are sophisticated programs that use personal details from the public record to try possible password combinations • Personal details can also be shared via social networking sites

  29. Explaining the Do’s and Don’ts • Different from your username • Any detail that you give away is one less for an attacker to find out

  30. Final Tips • It is always a fraud if someone asks you to share your username and password via email • That is ALWAYS • If you MUST send your bank account numbers via email • Use 2 separate emails • Consider sending one part by SMS the other via email

  31. And Finally • All of life has risks • The online world is full of promise and opportunities • We just need to learn how to manage our online risks • Like we do when crossing the road • I hope this presentation has helped you to do this

More Related