THIS IS A GRAPHICS CARD Its cheap and good at playing video
games. About every teenager has access to one. Its also very good
at hacking your password.
Slide 6
A $1000 computer can process 3.3 billion passwords per second a
professional can make thousands of dollars a day selling your
information on the black market. (PCPro.com)
Slide 7
Dictionary Attacks: GoBuffs! a couple minutes P@$$w0rd1 a
couple hours Brute Force: fjR8n in 24 seconds %fjR8nQNUc5GPj9 would
take over ten years *Extra credit: 15 characters or more forces
windows to store passwords differently which breaks certain
attacks. ITS JUST A MATTER OF TIME
Slide 8
Slide 9
HACKING IS BIG BUSINESS 2011 = 12.5 billion in reported losses
Some estimates put that number closer to 10 times as much.
www.hotforsecurity.com
Slide 10
HOW DO HACKERS GET YOUR PASSWORD? Physical access to your
office or computer Social Engineering/Phishing (asking nicely)
Hacking commonly used sites Malware Infections Network based
attacks
Slide 11
LOSING YOUR PASSWORDS SINCE 1978
Slide 12
Slide 13
Slide 14
Slide 15
Slide 16
SECURING YOUR PASSWORD DOESNT MEAN USING TAPE
Slide 17
Under Keyboard In a Rolodex Top desk drawer Under desk calendar
In the planter Wallet/Purse/Gym Bag
Slide 18
NOW THAT YOU KNOW WHERE PEOPLE HIDE THEIR PASSWORDS
Slide 19
DONT DO IT
Slide 20
SURE, LONG PASSWORDS ARE SECURE BUT I CANT REMEMBER THEM.
Slide 21
MAKING MEMORABLE PASSWORD REQUIRES THOUGHT
Slide 22
ABBREVIATE I like taking the bus, but I ended up 20 minutes
late! Becomes: Ilttb,bIeu20ml! (15 characters)
Slide 23
LETTER SUBSTITUTION Create a long word or phrase: I Like To Eat
Tacos Remove spaces: ILikeToEatTacos Replace letters with symbols:
IL!k3T0e@tT@c0$
Slide 24
A FEW SUBSTITUTION SUGGESTIONS LetterBecomes A@ E3 S$ I! O0
K|< C(
Slide 25
Take two words: Bot & Kneecap Scramble a few letters:
Bocat_&_Kneep Add Complexity: 54 Bocat_&_Kne54ep WORD
JUMBLE
Slide 26
KEYBOARD PATTERNS Use the Shift Key to Add Complexity Becomes:
5^YghjkmnbVCX Use with caution, easy ones are in dictionary
attacks!
Slide 27
OK, SO IVE GOT A GREAT PASSWORD, ILL JUST KEEP USING THAT ONE
RIGHT?
Slide 28
REUSED PASSWORDS ARE DANGEROUS
Slide 29
Slide 30
LINKEDIN LOST 6.4 MILLION USERS PASSWORDS Hackers can use those
passwords to commit identity fraud including: Hack into corporate
accounts Break into bank accounts Spam email accounts Gather more
info for offline use (Credit Cards) LinkedIn is now facing $5
million class action lawsuit due to the loss.
Slide 31
PRO TIP: MAKING PASSWORDS UNIQUE TO EACH SITE Have a secure
base password: 5^YghjkbVCX Select two letters from the site or
program: usbank.com (2nd & 4th in this case) Add those letters
to your password: 5^YghjsakbVCX
Slide 32
WAIT A MINUTE THIS SITE WANTS ME TO CHANGE IT NOW Todays Date:
1/11/13 Pick a couple characters of the date: 11 Shift the numbers
(+3 in this case): 44 Add those numbers to your password 5^Yghjsak
becomes 5^Yghjsak44 Write down when you last change the
password
Slide 33
INSTANT, UNIQUE AND SECURE PASSWORDS FOR ALL USES
Slide 34
A FEW TOOLS TO HELP
Slide 35
PASSWORD GENERATORS Many free ones, but be careful! We suggest
changing the results before using them. http://www.pctools.com/guid
es/password/
IDENTIKEY Your username is the Identikey assigned to you by the
University. Keep private Commit to memory Do not use Username or
Password for any other purpose!
Slide 40
HR IDENTIKEY REQUIREMENTS 15 characters or longer Avoid
repeating characters No words that can be found in a dictionary (in
any language) Not be easily guessable (e.g., your birthday, age,
anniversary) All four character sets: capital, lowercase, numerical
and symbol (e.g., A,a,1,!)