Date post: | 19-Nov-2014 |
Category: |
Technology |
Upload: | rmortiz66 |
View: | 90 times |
Download: | 0 times |
APPY HOURDON'T FORGET YOUR (VIRTUAL) KEYS:
CREATING, USING, AND MAINTAINING STRONG
PASSWORDS
September 2014
2
“Up to 70 million individuals may be affected”
“33 P.F. Chang’s China Bistro branded restaurant locations”
“Nearly all U.S. Home Depot Stores Hit”
December 2013
April or May 2014
June 2014
3Source: http://www.insecpro.com/index.php/articles/cyber-crime-statistics
4
TODAY’S MENU
• CREATING STRONG PASSWORDS
• MONITORING YOUR PASSWORDS
• REMEMBERING YOUR PASSWORDS
• RECOVERING FROM A STOLEN PASSWORD
• MORE INFORMATION
5
ARE YOU USING STRONG PASSWORDS?
• HOW SECURE IS MY PASSWORD?
6
AVOID COMMON PASSWORDS
Source: http://splashdata.com/press/WorstPasswords-
2013.jpg
8
SOME TIPS:DO
• STARTING POINT:
• SENTENCE (ABBREVIATED)
• PASSPHRASE
• MISPELLED LONGER WORD
• ADD UPPER AND LOWER CASE
• ADD SOME NUMBERS
• ADD SOME SYMBOLS
DON’T
• REPEAT PART OF YOUR USER NAME
• USE SOMETHING OTHERS KNOW ABOUT YOU
• USE REAL WORDS ONLY
• REPLACE LETTERS WITH SYMBOLS TO MAKE COMMON WORDS MORE “SECURE”
• USE SOMETHING YOU CAN’T EASILY REMEMBER
9
EXAMPLES
START WITH
• ABBREVIATED SENTENCE:
• THE FIRST PRESIDENT WAS GEORGE WASHINGTON TFPWGW
• PASSPHRASE:
• ABELINCOLNPS347URIRWULAW
• MISPELLED WORD:
• EXOSKELETON EKSOSCHELATUN
10
EXAMPLES (CONT’D)
ADD
• UPPER AND LOWER CASE
• TFPWGW TfpwGW
• ABELINCOLNPS347URIRWULAW AbeLincolnPS347RWULaw
• EKSOSCHELATUN EksoSchelatun
• NUMBERS & SYMBOLS:
• TfpwGW 17TfpwGW89 17Tfp#wGW89!
• AbeLincolnPS347RogerWilliams Ab3Lin(olnPS347RWUL@w
• EksoSchelatun Eks0Sch3latun Eks0Sch3l@tun!
See Resources on Appy Hour page for more ideas on creating strong passwords.
11
CHANGE YOUR PASSWORDS OFTEN
12
AVOID USING THE SAME PASSWORD REPEATEDLY
13
USE A PASSWORD MANAGER
See the list at http://lawguides.rwu.edu/appyhour/passwords
14
PASSWORD MANAGER KEY FEATURES
• OPERATING SYSTEMS
• BROWSER INTEGRATION/FORM FILLING
• MOBILE PLATFORMS
• SECURE SHARING
• PASSWORD GENERATION
• PRICE: FREE, FREEMIUM, PAID, EDUCATIONAL DISCOUNTS
• BONUS! SECURITY ALERTS
• BONUS! TWO FACTOR AUTHENTICATION
15
HOW ELSE CAN YOU PROTECT YOURSELF?• DON’T SHARE PASSWORDS WITH ANYONE!
• DON’T REUSE PASSWORDS
• IF YOU DO SHARE A PASSWORD, DON’T SEND IT VIA EMAIL.
• MONITOR YOUR EMAIL ADDRESSES
• USE MULTIFACTOR AUTHENTICATION, IF AVAILABLE
• ADD PASSWORD RECOVERY FEATURES TO YOUR ACCOUNTS
16
17
MONITOR YOUR EMAIL• SHOULD I CHANGE MY PASSWORD?
• PWNEDLIST
18
USE MULTI-FACTOR AUTHENTICATION
19
WHAT YOU KNOW
What is your mother’s maiden
name?
20
WHAT YOU HAVE
21
WHO YOU ARE
Source: http://en.wikipedia.org/wiki/Multi-factor_authentication#Background
22
ADD PASSWORD RECOVERY FEATURES
• CHOOSE YOUR QUESTIONS WISELY!
• SAFE
• STABLE
• MEMORABLE
• SIMPLE
• MANY
• CHOOSE QUESTIONS THAT SATISFY ONE OR MORE OF THESE CRITERIA.
Source: http://goodsecurityquestions.com/examples
23
RECOVERING FROM A STOLEN PASSWORD
• CHANGE THE PASSWORD
• ASSESS & REPAIR THE DAMAGE
• SCAN & PROTECT YOUR SYSTEMS FOR VULNERABILITES
24
ASSESS & REPAIR THE DAMAGE: EMAIL & SOCIAL MEDIA• FACEBOOK: HACKED ACCOUNTS
• TWITTER: MY ACCOUNT HAS BEEN HACKED
• INSTAGRAM: REPORT A HACKED ACCOUNT
• GOOGLE: COMPROMISED GMAIL ACCOUNT
• RWU EMAIL: 401-254-6363 (MEDIA•TECH SUPPORT CENTER)
25
ASIDE: SOCIAL MEDIA SAVVY
• KNOW AND USE THE SECURITY FEATURES OF YOUR SOCIAL MEDIA SITES
• BE CAREFUL WHO “FRIENDS”, “FOLLOWS”, “LINKS”, ETC. TO YOU.
• KEEP YOUR PERSONAL INFORMATION PRIVATE
• REVIEW REGULARLY APPS AND OTHER TOOLS THAT LINK TO YOUR SOCIAL MEDIA ACCOUNTS!
26
ASSESS THE DAMAGE: FINANCES
• FEDERAL TRADE COMMISSION: PLACE A FRAUD ALERT
• CREDIT BUREAUS
• EQUIFAX: REQUEST A 90 DAY FRAUD ALERT
• EXPERIAN: HOW TO RESPOND TO IDENTITY THEFT
• TRANSUNION: FRAUD ALERTS
27
PROTECT YOUR SYSTEMS!
• COMPUTERS, ANTIVIRUS:
• AVAST! (W/M)
• MICROSOFT SECURITY ESSENTIALS (W)
• SOPHOS (M)
• COMPUTERS, MALWARE:
• MALWARE BYTES (W)
• SOPHOS (M)
• TABLETS/PHONES:
• ADD SECURITY LOCK
• FIND MY IPAD/IPHONE
• LOOKOUT MOBILE SECURITY
28
BREAKING NEWS!
29
QUESTIONS?
• LET ME KNOW!
OR
401-254-4547
•CLASS WEBPAGE: HTTP://LAWGUIDES.RWU.EDU/APPYHOUR/PASSWORDS
30
CREDITS (SLIDES 2, 7 & 11)• SLIDE 2: “HOME DEPOT” BY MIKE MOZART, “TARGET” BY
KEVIN DOOLEY, AND “P.F. CHANG’S” BY DAVE DUGDALE ARE LICENSED UNDER CC BY 2.0, CC BY 2.0 AND CC BY SA 2.0, RESPECTIVELY.
• SLIDE 7: “MAGIC 8 BALL” BY “CHRISTIAN HELDT”.
• SLIDE 11: FALL SCENE: “HAPGOOD POND” BY U.S. DEPARTMENT OF AGRICULTURE LICENSED UNDER CC BY 2.0; “SPRING” BY MOYAN BRENN LICENSED UNDER CC BY ND 2.0; “2015” BY FREE WIDE WALLPAPERS; “ALL FOUR SEASONS – OUTSIDE MY WINDOW” BY SUNDAR M LICENSED UNDER CC BY SA 2.0
31
CREDITS (SLIDES 12 & 16)
• SLIDE 12: “MONEYCASH” BY 2BGR8STOCK , LICENSED UNDER CC BY 3.0; “INSTAGRAM AND OTHER SOCIAL MEDIA APPS” BY JASON HOWIE, LICENSED UNDER CC BY 2.0. OTHER IMAGES COURTESY OF RWULAW, MICROSOFT.
• SLIDE 16: “YOU’LL NEVER FORGET YOUR PASSWORD EVER AGAIN” BY MEME BINGE, LICENSED UNDER CC BY 2.0.
32
CREDITS (SLIDES 18-19)
• “STEP 1: READY YOUR ATM CARD” BY COLIN MCCLOSKEY, LICENSED UNDER CC BY NC-SA 2.0.
• KEYPAD: “ATM KEYPAD 2/4” BY REDSPOTTED, LICENSED UNDER CC BY 2.0
33
CREDITS (SLIDE 20)
• ATM CARD: “PHOTO365 DAY 4” BY ALLAN DONQUE, LICENSED UNDER CC BY 2.0
• SECURITY KEYS: “RSA TOKENS” BY EDWIN SARMIENTO, LICENSED UNDER CC BY SA 2.0
• MOBILE PHONE: “SONY EXPERIA NEO MT15I MOBILE PHONE” BY MATT KLEFFER, LICENSED UNDER CC BY SA 2.0
34
CREDITS (SLIDE 21)
• FINGERPRINT: “FINGERPRINT” BY JOSE LUIS AGAPITO, LICENSED UNDER CC BY ND 2.0
• EYE SCAN: IROBOT EYE V2.O, BY TC MORGAN, LICENSED UNDER CC BY NC SA 2.0
• FACE RECOGNITION: “MYHERITAGE.COM FACE RECOGNITION” BY MYHERITAGE.COM
35
CREDITS (SLIDE 27)
• ALL YOU MAGAZINE ON FACEBOOK (POSTED 9/9/2014)