• Home

  • Documents

  • Passwords - SANS · Password recommendations •Make your password a sentence •Unique account,...
27
Passwords Like You Never Knew Them Before! Per Thorsheim Twitter: @thorsheim Phone: +47 90 99 92 59 (Use Signal!)

Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Embed Size (px)

Citation preview

Page 1: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

PasswordsLike You Never Knew Them Before!

Per ThorsheimTwitter: @thorsheim

Phone: +47 90 99 92 59 (Use Signal!)

Page 2: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Password recommendations

•Make your password a sentence

•Unique account, unique password

•Write down your passwords

•Use 2-factor authentication

Page 3: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

About gamification…

Per Thorsheim

Page 4: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

What is the

risk analysis

behind your

password policy?

Page 5: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Where did you get

those password

recommendations?

Page 6: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Don’t blame

users for bad

passwords

Page 7: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Whenever I

see a bad

password

policy…

Page 8: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

PasswordsCon.org

Page 9: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

«Making security better by making it easier.»

Page 10: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

PINs1234

Page 11: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Choose your pins (17yr olds, fall 2013)

Girls1996

Boys13371996

Page 12: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Creating a long & memorable PIN:

=Johansen56426736

Page 13: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Lock Patterns

Page 14: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

www.marteloge.no

Page 15: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

10% uses a letter from standard English alphabet

«On User Choice for Android Unlock Patterns»Loge, Duermuth, Rostad

Page 16: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Password change frequencies

Page 17: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry

Page 18: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes

Page 19: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Complexity

Page 20: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Follow @PWTooStrong on Twitter for daily examples

Page 21: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

«Your password contains invalid characters.»

NO, your startup contains incompetent engineers.@harribellthomas

Page 22: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Usability: masking passwords?

Page 23: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Username

********************** SHOWOne truly amazing passphrase! HIDE

Page 24: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

Password recommendations

•Make your password a sentence

•Unique account, unique password

•Write down your passwords

•Use 2-factor authentication

Page 25: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

COMPARE & COMPLAIN

Page 26: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

And a personal story at the endWhy you should write down your passwords.

Page 27: Passwords - SANS · Password recommendations •Make your password a sentence •Unique account, unique password •Write down your passwords •Use 2-factor authentication

[email protected]+47 90 99 92 59 (Use Signal!)@thorsheim


Password Based Authentication Scheme: Safety and ...2 Password based Authentication Textual Passwords Graphical Passwords Attacks on Password Based Scheme 3 Existing Techniques DAS

Password Based Authentication Scheme: Safety and ...2 Password based Authentication Textual Passwords Graphical Passwords Attacks on Password Based Scheme 3 Existing Techniques DAS

Documents
Protect your passwords with Password Manager - myroyalmail Quic… · Protect your passwords with Password Manager What is it? Password Manager is an online service that enables you

Protect your passwords with Password Manager - myroyalmail Quic… · Protect your passwords with Password Manager What is it? Password Manager is an online service that enables you

Documents
System Monitoring Password-protected PV ... - files.sma.de · 4.1 Factory default passwords All new SMA devices come with the following default passwords: 4.2 Types of passwords 4.2.1

System Monitoring Password-protected PV ... - files.sma.de · 4.1 Factory default passwords All new SMA devices come with the following default passwords: 4.2 Types of passwords 4.2.1

Documents
2-ลืม Username และ Password · saved passwords in Safari Passwords preferences or (Snq4.) O O mom g bysdoO-fyj» Strong Password bysdoO-fyj» Strong Password by asking

2-ลืม Username และ Password · saved passwords in Safari Passwords preferences or (Snq4.) O O mom g bysdoO-fyj» Strong Password bysdoO-fyj» Strong Password by asking

Documents
USER IDS AND PASSWORDS - carey.jhu.edu JHED password should be unique from any other password that you use for other applications (ex: Gmail) Your JHED password must be between 8 …

USER IDS AND PASSWORDS - carey.jhu.edu JHED password should be unique from any other password that you use for other applications (ex: Gmail) Your JHED password must be between 8 …

Documents
Genaral Information - Efficient Password Manager · Password Manager Passwords Software Registrat10h Codes Email Accounts Account My Pass wards All passwords Cards Website work öther

Genaral Information - Efficient Password Manager · Password Manager Passwords Software Registrat10h Codes Email Accounts Account My Pass wards All passwords Cards Website work öther

Documents
Conference Overview. PASSWORDS You can set your password policy to enforce users to change their passwords periodically

Conference Overview. PASSWORDS You can set your password policy to enforce users to change their passwords periodically

Documents
Passwords and Password Policies

Passwords and Password Policies

Documents
Passwords Aim: To create a strong and safe password

Passwords Aim: To create a strong and safe password

Documents
The Password That Never Wassconce.ics.uci.edu/203-W17/honey-passwords-4.pdf · Password hashing • Hashing (plus salting) forces an attacker that learns hashes to determine passwords

The Password That Never Wassconce.ics.uci.edu/203-W17/honey-passwords-4.pdf · Password hashing • Hashing (plus salting) forces an attacker that learns hashes to determine passwords

Documents
Sever-based Password Synchronization: Managing Multiple Passwords

Sever-based Password Synchronization: Managing Multiple Passwords

Software
You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

You$and$Your$Passwords$sites.duke.edu/training/files/2012/10/PasswordPresentation.pdf · Recommendaons$ • Notjustone$strong$passwords,$butmulLple$ strong$passwords$ • Password$Escrow$

Documents
Microsoft Password Guidance · Microsoft Password Guidance Robyn Hicock, rhicock@microsoft.com ... hackers approach cracking passwords and how password diversity makes this harder,

Microsoft Password Guidance · Microsoft Password Guidance Robyn Hicock, [email protected] ... hackers approach cracking passwords and how password diversity makes this harder,

Documents
Security Awareness Passwords - Illinois.gov · 3 Passwords Password Cracking Find weak passwords Verify the use of good passwords Characters (complex) Estimated time to crack 7 15

Security Awareness Passwords - Illinois.gov · 3 Passwords Password Cracking Find weak passwords Verify the use of good passwords Characters (complex) Estimated time to crack 7 15

Documents
only 50% only 55%...and use these 5 free ways to protect your digital identity. Protect your passwords: Create unique and strong passwords for every account and let a free password

only 50% only 55%...and use these 5 free ways to protect your digital identity. Protect your passwords: Create unique and strong passwords for every account and let a free password

Documents
THE INFORMANT · password to access additional information in other accounts. Make it unique A quick search will tell you the most common passwords are “password”, “123456”,

THE INFORMANT · password to access additional information in other accounts. Make it unique A quick search will tell you the most common passwords are “password”, “123456”,

Documents
Passwords, Passwords, Passwords - MemberClicks · Most common passwords of 2017 1. 123456 2. 123456789 3. qwerty 4. 12345678 5. 111111 6. 1234567890 7. 1234567 8. password 9. 123123

Passwords, Passwords, Passwords - MemberClicks · Most common passwords of 2017 1. 123456 2. 123456789 3. qwerty 4. 12345678 5. 111111 6. 1234567890 7. 1234567 8. password 9. 123123

Documents
Estimating Password Strength · ♦ Test passwords against a dictionary – Even a big dictionary doesn’t occupy much of the total password space and half the passwords is one bit

Estimating Password Strength · ♦ Test passwords against a dictionary – Even a big dictionary doesn’t occupy much of the total password space and half the passwords is one bit

Documents
Strong Passwords - eSoftenb-wp.esoftbusiness.com/.../uploads/userfiles/file/StrongPasswords… · Passwords Always use strong passwords on the Internet. A strong password is one that

Strong Passwords - eSoftenb-wp.esoftbusiness.com/.../uploads/userfiles/file/StrongPasswords… · Passwords Always use strong passwords on the Internet. A strong password is one that

Documents
Conduent Self-Service Password Reset (SSPR) Password User Provisioning System (PUPS) Password Management system. Through this new technology, ... & AMP passwords.

Conduent Self-Service Password Reset (SSPR) Password User Provisioning System (PUPS) Password Management system. Through this new technology, ... & AMP passwords.

Documents
PasswordCracker.me - Good and Bad Passwords How-To Password Cracking Goals

PasswordCracker.me - Good and Bad Passwords How-To Password Cracking Goals

Documents
Password Cracking (cont.) - York University · Password Cracking (cont.) ... and passwords may contain any printable ASCII characters. System A allows passwords to be any length (1

Password Cracking (cont.) - York University · Password Cracking (cont.) ... and passwords may contain any printable ASCII characters. System A allows passwords to be any length (1

Documents
Passwords and Password Controlsmedia.techtarget.com/searchOracle/downloads/455_ORACLE_07.pdf · 173 Passwords and Password Controls Solutions in this chapter: Configuring Strong

Passwords and Password Controlsmedia.techtarget.com/searchOracle/downloads/455_ORACLE_07.pdf · 173 Passwords and Password Controls Solutions in this chapter: Configuring Strong

Documents
CSE 484 / CSE M 584 Computer Security: Passwords€¦ · Password Managers •Allows the user to use one secure password to secure all other passwords •Generate strong password

CSE 484 / CSE M 584 Computer Security: Passwords€¦ · Password Managers •Allows the user to use one secure password to secure all other passwords •Generate strong password

Documents
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks

Protecting Windows Passwords and Preventing Windows Computer / Password Attacks

Technology
Multiple Password Interference in Text Passwords and Click-Based Graphical Passwordspaulv/papers/ccs09.pdf · 2009. 8. 27. · Multiple Password Interference in Text Passwords and

Multiple Password Interference in Text Passwords and Click-Based Graphical Passwordspaulv/papers/ccs09.pdf · 2009. 8. 27. · Multiple Password Interference in Text Passwords and

Documents
Password Cracking Lesson 10. Why crack passwords?

Password Cracking Lesson 10. Why crack passwords?

Documents
Modern Password Cracking: A hands-on approach to … · an optimised and versatile attack. Chrysanthou Yiannis, ... Passwords are the most ... password cracking is the easiest. Passwords

Modern Password Cracking: A hands-on approach to … · an optimised and versatile attack. Chrysanthou Yiannis, ... Passwords are the most ... password cracking is the easiest. Passwords

Documents
Graphical Passwords and Practical Password Management · Graphical Passwords and Practical Password Management By Elizabeth Ann Stobert Athesissubmittedto theFacultyofGraduateandPostdoctoralAffairs

Graphical Passwords and Practical Password Management · Graphical Passwords and Practical Password Management By Elizabeth Ann Stobert Athesissubmittedto theFacultyofGraduateandPostdoctoralAffairs

Documents
Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database

Password Attacks Mike. Guessing Default Passwords Many applications and operating systems include built-in default passwords. Lazy administrators Database

Documents