Upload
shannon-fields
View
215
Download
0
Embed Size (px)
Citation preview
Software that can create and remember different passwords for different sites
Do your passwords measure up? What makes for a good
password? Reconciling security and
complexity with usability. Comparison of popular password
manager applications
Using a single password for everything? Using your pet’s name for a password? Using your grandchild’s name for your
p/w? Using ‘password’ for your password? Using ‘123456’ for your password? Using your birthday for your password?
Article in Nov. 2011 issue of The Atlantic by James Fallow
http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/
Brought to the attention of NBCUG by member Susan Philibert
Tells the story of a real life password theft and the difficulties that ensued.
Any site that matters needs it own password
If you use an important password in two places, it is no longer a valid password
Any step up from ‘password’, ‘123456’ or your birthday or pet’s name is worthwhile
Problem – stronger passwords tend to be complex, hence harder to remember.
Length – eight or more characters Complexity – letters, numbers,
punctuation, symbols Variation – change passwords often Variety – different passwords for
different sitesHackers steal passwords from poorly
secured sites and then try using them in more secure environments (e.g. banks)
No dictionary words – ANY language No common abbreviations or
misspellings or words spelled backwords No sequences or repeated characters,
e.g. 12345678, 22222222, abcdefg, qwerty
No personal information – name, birthday, phone, driver’s license
Bad Password: Banana
Good Password: 5.ytT#0_xn0ATzQVN|_yeGk2+0vFC2]ndZ
Great, but who’s going to remember that, especially if you use a different p/w for every site????
Password managers ‘remember’ your passwords
Password managers allow you to use different passwords for each site
Password managers can generate strong passwords.
Password managers can link the site to the password and call it up automatically
PassWordSafe – Elliott Alterman
LastPass – Ellis Miller KeePass – Michael Sagaser Ascendo DataVault – Jim Cason
Roboform – Wayne Maruna
Siber Systems is a privately-held company, incorporated in 1995 in the Commonwealth of Virginia, with offices in Germany, Japan, and Russia.
Five versions:Free trial – limit 10 passcardsRoboform Desktop for Windows – one-time
buy, free minor updatesRoboform Desktop for MacRoboform Everywhere - use on multiple
computers – free major updates - syncs to each PC you’ve installed.
Roboform2Go – extends Roboform Desktop or Roboform Everywhere to a portable USB drive
From Fred Langa’s column in the 3/22/12 issue of Windows Secrets:“In the case of RoboForm (and most other
well-known, Cloud-based, password-storage services), your data is stored on their servers in well-encrypted form. This means that even if someone hacks into RoboForm's servers, he'll see only strings of nonsensical characters — nothing plaintext.”
From Fred Langa’s column in the 3/22/12 issue of Windows Secrets: “RoboForm and similar services don't store
decrypted passwords anywhere on their Cloud-based servers. When data is transmitted between your device and their servers, it's sent and received in fully encrypted form. Someone successfully eavesdropping on your communication link will, again, see only a stream of gibberish — nothing plaintext. Encryption and decryption take place only when you command it, and only inside your local device.”
From Fred Langa’s column in the 3/22/12 issue of Windows Secrets:“The final concern is the communication
channel itself. Better services — including RoboForm — employ SSL encryption (just like most bank sites) to further protect all interactions with their password-storage servers.”