Password Security
Don’t be a victim
Do you really need to know why?
AdultFriendFinder network hack
exposes 412 million accounts
“In a recent survey it was
reported that 90 percent of all
businesses suffered some sort of
computer hack over the past 12
months and 77 percent of these
companies felt that they were
successfully attacked several
times over the same period of
time.”
This is where I scare you with statistics
Nearly three quarters, 73%,
of all Americans have fallen
victim to some type of cyber
crime.
This is where I scare you with statistics
“Over 27 million
Americans have fallen
victim to identity
theft over the past
five years. 9 million
of them found their
identities stolen in
the last year alone.”
This is where I scare you with statistics
Still doubt me?https://haveibeenpwned.com/
See if your email address is on the list of
accounts that have been offered for sale on
the black market.
Bottom line:● You must have good
passwords!● You need to be ready
to change them quickly
● You should also consider additional measures
1. They hacked one of your service providers
How did they get my password?
How did they get my password?
2. They cracked your lousy password (2 in 5 people)Splashdata’s Top 25 Worst Passwords 2017
123456 monkey trustno1
password login
12345678 abc123
qwerty starwars
12345 123123
123456789 dragon
letmein passw0rd
1234567 master
football hello
iloveyou freedom
admin whatever
welcome qazwsx
How did they get my password?
3. You Gave it to them - social engineering
How did they get my password?
4. They got it (see 1-3) and then used it for other accounts
https://haveibeenpwned.com/Passwords
What makes a good password?Length
● 12 characters or more
● If you are only alphanumeric -
longer
● Consider passphrases -
sentences with spaces
Complexity
● Letters - lowercase and caps
● Numbers
● Special characters
● No words
● No names
If you are only using numbers in your password, it has to be twice as long as
a password that uses the complex character set (96 possible characters) in
order to have the same level of security.
In other words, a 12 character password that uses only numbers is very
weak.
What makes a good password?According to Stopthehacker.com “it takes only 10
minutes to crack a lowercase password that is 6
characters long.
Add two extra letters and a few uppercase letters
and that number jumps to 3 years.
Add just one more character and some numbers and
symbols and it will take 44,530 years to crack.”
Some Examples
Michael just called my f!*$#-()g phone 925-291-0810
Michael just called my phone 925-291-0810
Michael just called my phone
Michael433
michael💩
👎
👍
💪
👽
Exactly how does one achieve the impossible?Good
Record them in an app that you keep on your phone
BetterPassword vaults on your browser
BestDual Authentication or Multi-factor authentication (MFA)
Note Taking Apps● Available anywhere - computer, tablet and phone
● Can be password protected
Password protection is important!
Password Vaults● Connected to your browser
● Works on all devices
● One good password to log in to the vault and it remembers
all of your passwords
● If you don’t have to remember your passwords, then all of
your passwords can be:
✓ Very long
✓ Very complex
✓ Different for every account
Password Keepers
Password Keepers
Dual Authentication or Multi-Factor AuthenticationUsing more than one authenticating factor to log in (MFA)
PasswordSomething you know
PhoneSomething you have
Fingerprint or faceSomeone you are
Existing tech that you probably don’t useAuthenticator apps on your phone
Your register the website that you
want to log into.
The authenticator gives you a
unique code on your phone, instead
of texting it to you.
Google, Microsoft, and Apple have
one “authenticator” apps
New TrendsPhysical keys, like a car.
Contain an encrypted code on a
chip.