good passwords bad passwords and how to see the difference
play

Good Passwords, Bad Passwords, and How to See the Difference David - PowerPoint PPT Presentation

Sep 02, 2022 •17 likes •447 views

Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of Information Technology Uppsala University, Sweden 20. January 2020 Caveat Auditor Background Passwords this talk contains opinions Diceware

  1. Good Passwords, Bad Passwords, and How to See the Difference David Klaftenegger Department of Information Technology Uppsala University, Sweden 20. January 2020

  2. Caveat Auditor Background Passwords this talk contains opinions Diceware Questions my opinions Overture not the university’s nor do I claim to be an expert ... so expect some imprecision and errors 20 Jan 2020 Passwords @ Cryptoparty - 2 - David K

  3. What’s the problem? Why use passwords? Background Passwords Diceware Questions Overture 20 Jan 2020 Passwords @ Cryptoparty - 3 - David K

  4. What’s the problem? Why use passwords? protect accounts Background Passwords Diceware Questions Overture 20 Jan 2020 Passwords @ Cryptoparty - 3 - David K

  5. What’s the problem? Why use passwords? protect accounts (so that I can’t use them) Background Passwords Diceware Questions Overture 20 Jan 2020 Passwords @ Cryptoparty - 3 - David K

  6. What’s the problem? Why use passwords? protect accounts (so that I can’t use them) Background protect against Passwords • your ex? Diceware • your coworkers? Questions • police? Overture • nation state attackers? 20 Jan 2020 Passwords @ Cryptoparty - 3 - David K

  7. What’s the problem? Background Passwords Diceware Questions Overture https://www.xkcd.com/538/ https://creativecommons.org/licenses/by-nc/2.5/ 20 Jan 2020 Passwords @ Cryptoparty - 3 - David K

  8. What’s the problem? Why use passwords? protect accounts (so that I can’t use them) Background protect against Passwords • your ex? Diceware • your coworkers? Questions • police? Overture • nation state attackers? This talk people who know you well computers guessing very quickly not: people willing to hurt you not: attackers with other access 20 Jan 2020 Passwords @ Cryptoparty - 3 - David K

  9. Bad Passwords Only I myself know how the password is chosen! Background Passwords Diceware Questions Overture 20 Jan 2020 Passwords @ Cryptoparty - 4 - David K

  10. Bad Passwords Only I myself know how the password is chosen! Background The town I live in Passwords My birthplace, a special character, and two numerals Diceware Questions "onetwothreefourfivesixseveneight" Overture "41229411121620514577518" 20 Jan 2020 Passwords @ Cryptoparty - 4 - David K

  11. Bad Passwords Only I myself know how the password is chosen! Background The town I live in Passwords My birthplace, a special character, and two numerals Diceware Questions "onetwothreefourfivesixseveneight" Overture "41229411121620514577518" Security by obscurity 20 Jan 2020 Passwords @ Cryptoparty - 4 - David K

  12. Bad Passwords Only I myself know how the password is chosen! Background The town I live in Passwords My birthplace, a special character, and two numerals Diceware Questions "onetwothreefourfivesixseveneight" Overture "41229411121620514577518" Security by obscurity When someone knows how you construct your password it is trivial to guess it Therefore the password should be chosen randomly 20 Jan 2020 Passwords @ Cryptoparty - 4 - David K

  13. Choosing Passwords Background Passwords Diceware Questions How to choose good passwords? Overture (audience suggestions) 20 Jan 2020 Passwords @ Cryptoparty - 5 - David K

  14. Choosing Passwords Background Passwords Diceware Questions Overture https://www.xkcd.com/936/ https://creativecommons.org/licenses/by-nc/2.5/ 20 Jan 2020 Passwords @ Cryptoparty - 5 - David K

  15. Good Passwords Background Gold Standard Passwords I tell you exactly how I choose my password Diceware Questions You still cannot guess it before we’re all dead Overture 20 Jan 2020 Passwords @ Cryptoparty - 6 - David K

  16. Good Passwords Background Gold Standard Passwords I tell you exactly how I choose my password Diceware Questions You still cannot guess it before we’re all dead Overture Entropy means using randomness have a random number generator 20 Jan 2020 Passwords @ Cryptoparty - 6 - David K

  17. Good Passwords Background Gold Standard Passwords I tell you exactly how I choose my password Diceware Questions You still cannot guess it before we’re all dead Overture Entropy means using randomness have a random number generator use it until you have a secure password 20 Jan 2020 Passwords @ Cryptoparty - 6 - David K

  18. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 1 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  19. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 15 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  20. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 151 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  21. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 1512 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  22. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 15124 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  23. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 151245 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  24. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 1512452 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  25. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 15124524 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  26. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 151245241 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  27. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 1512452415 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  28. Good Passwords Background Passwords Diceware Questions Please bear with me it’s just an example Overture 1512452415263112214316331622221641 20 Jan 2020 Passwords @ Cryptoparty - 7 - David K

  29. Remembering Passwords Background Now we have a good password Passwords can’t remember that many numbers in order Diceware slow to type Questions Overture 20 Jan 2020 Passwords @ Cryptoparty - 8 - David K

  30. Remembering Passwords Background Now we have a good password Passwords can’t remember that many numbers in order Diceware slow to type Questions Overture Diceware transform numbers into words much easier to remember still equally hard to guess 20 Jan 2020 Passwords @ Cryptoparty - 8 - David K

  31. Diceware Process roll die five times Background write down results (in order) Passwords look up word in wordlist Diceware repeat until desired number of words Questions Overture 20 Jan 2020 Passwords @ Cryptoparty - 9 - David K

  32. Diceware Process roll die five times Background write down results (in order) Passwords look up word in wordlist Diceware repeat until desired number of words Questions Overture Example 15124 52415 20 Jan 2020 Passwords @ Cryptoparty - 9 - David K

  33. Diceware Process roll die five times Background write down results (in order) Passwords look up word in wordlist Diceware repeat until desired number of words Questions Overture Example 15124 52415 carrot rotunda 20 Jan 2020 Passwords @ Cryptoparty - 9 - David K

  34. Diceware Process roll die five times Background write down results (in order) Passwords look up word in wordlist Diceware repeat until desired number of words Questions Overture Example 15124 52415 carrot rotunda 21146 11646 13351 56154 20 Jan 2020 Passwords @ Cryptoparty - 9 - David K

  35. Diceware Process roll die five times Background write down results (in order) Passwords look up word in wordlist Diceware repeat until desired number of words Questions Overture Example 15124 52415 carrot rotunda 21146 11646 13351 56154 correct animal battery staple 20 Jan 2020 Passwords @ Cryptoparty - 9 - David K

  36. Diceware Process roll die five times Background write down results (in order) Passwords look up word in wordlist Diceware repeat until desired number of words Questions Overture Example 15124 52415 carrot rotunda 21146 11646 13351 56154 correct animal battery staple 11512 45241 52631 12214 31633 16222 21641 20 Jan 2020 Passwords @ Cryptoparty - 9 - David K

  37. Diceware Process roll die five times Background write down results (in order) Passwords look up word in wordlist Diceware repeat until desired number of words Questions Overture Example 15124 52415 carrot rotunda 21146 11646 13351 56154 correct animal battery staple 11512 45241 52631 12214 31633 16222 21641 ambiguity premium sampling apostle gallstone clumsily cursor 20 Jan 2020 Passwords @ Cryptoparty - 9 - David K

  38. Diceware How secure is it? Background Passwords Diceware Questions Overture 20 Jan 2020 Passwords @ Cryptoparty - 10 - David K

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and

CSS322 Passwords Authentication Passwords Entropy User Authentication and Passwords Storing Passwords Selecting Passwords CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by

670 views • 28 slides
PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords

PASSWORDS CS682: Advanced Security Topics Vasiliki Panteli 3/9/2020 Passwords 1 Passwords Passwords is a user authentication mechanism that is widely adopted for many years Methods for user authentication: Something you know

901 views • 52 slides
Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not

CSCE Intro to Computer Systems Security - Passwords Security: Some Fun with Passwords How to handle Passwords: the Basics Rainbow Attacks Not too long ago Hi, I forgot my password! Let me help you. What is your name? My Name is John

369 views • 5 slides
Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco IOS stores passwords in clear text in network device configuration files for several features such as passwords for local and remote CLI sessions,

354 views • 13 slides
STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A

STUDENT PASSWORDS GUI DEL I NES FOR 2 0 1 9 -2 020 S T U D E N T S , U P D A T E Y O U R P A S S W O R D F R O M H O M E ! Students: Update your password this summer from home! Student passwords were reset on 7/3/2019. Please follow the

525 views • 14 slides
Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random

Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random

Passwords in the Wild Passwords in the Wild Who am I...? My blog... SkullSecurity.org Random research, rants, etc. Nmap dev news Password database I post updates to Twitter https://twitter.com/iagox86 My job... Tenable Network Security

990 views • 88 slides
User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens

ITS335 User Authentication Authentication Passwords User Authentication Storing Passwords Selecting Passwords ITS335: IT Security Tokens Biometrics Sirindhorn International Institute of Technology Summary Thammasat University Prepared

663 views • 40 slides
Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret

Crypto with Passwords Lecture 22 Passwords Password or passphrase: Low-entropy shared secret Typical goal: client authenticating to server, without being tied to a device holding a cryptographic key. On authentication, a session key should be

344 views • 11 slides
The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of

The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of

The Long and Short of Passwords The Long and Short of Passwords Rich Shay November 5, 2009 1 / 34 The Long and Short of Passwords Motivation for Studying Passwords Outline Motivation for Studying Passwords 1 2 Overview of Password Failure

373 views • 36 slides
Authentication of People what you know (passwords) what you have (keys) what you are

Authentication of People what you know (passwords) what you have (keys) what you are

people 1 Authentication of People what you know (passwords) what you have (keys) what you are (biometric devices) where you are (physical) October 26, 2000 people 2 Passwords initial password distribution (students)

559 views • 13 slides
Authentication of People what you know (passwords) what you have (keys) what you are

Authentication of People what you know (passwords) what you have (keys) what you are

people 1 Authentication of People what you know (passwords) what you have (keys) what you are (biometric devices) where you are (physical) Slide 1 Passwords initial password distribution (students) limit password guessing

305 views • 7 slides
Sesame: A Secure and Convenient Mobile Solution for Passwords Dr. Mehrdad Aliasgari , Nick Sabol,

Sesame: A Secure and Convenient Mobile Solution for Passwords Dr. Mehrdad Aliasgari , Nick Sabol,

Sesame: A Secure and Convenient Mobile Solution for Passwords Dr. Mehrdad Aliasgari , Nick Sabol, and Ashutosh Sharma California State University, Long Beach MobiSecServ Feb. 2015 Passwords CSU Long Beach 2 Most Popular Passwords of 2014*

683 views • 20 slides
OVMCS Accounting 2 OVMCS - Accounting Passwords Do not give out your password to ANYONE.

OVMCS Accounting 2 OVMCS - Accounting Passwords Do not give out your password to ANYONE.

The purpose of todays presentation is to provide tools in ARTS to help monitor activity within your office. OVMCS Accounting 2 OVMCS - Accounting Passwords Do not give out your password to ANYONE. Do not publicly post passwords.

332 views • 29 slides
Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb

Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb

Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb smb 1 Problem Area Clients and servers frequently store plaintext passwords Used for

289 views • 9 slides
Secure Passwords Through Enhanced Hashing Benjamin Strahs, Chuan Yue, and Haining Wang The

Secure Passwords Through Enhanced Hashing Benjamin Strahs, Chuan Yue, and Haining Wang The

Secure Passwords Through Enhanced Hashing Benjamin Strahs, Chuan Yue, and Haining Wang The College of William and Mary Passwords The most common online authentication method Something you know instead of something you have (hardware

559 views • 29 slides
Replacing passwords with FIDO2 Nils Amiet June 29, 2020 Who am I? Nils Amiet

Replacing passwords with FIDO2 Nils Amiet June 29, 2020 Who am I? Nils Amiet

Replacing passwords with FIDO2 Nils Amiet June 29, 2020 Who am I? Nils Amiet Research team @ 2 Passwords are a problem 71% of accounts are guarded by password used on multiple 62% of breaches involved the use of

1.19k views • 63 slides
First Annual Forum on First Annual Forum on The Rio Grande Compact The Rio Grande Compact April

First Annual Forum on First Annual Forum on The Rio Grande Compact The Rio Grande Compact April

Middle Rio Grande Water Assembly University of New Mexico Water Resources Program New Mexico Water Dialogue First Annual Forum on First Annual Forum on The Rio Grande Compact The Rio Grande Compact April 26, 2006 from 6:30 pm - 8:30 pm

405 views • 13 slides
ANNUAL GENERAL MEETING 14 JUNE 2017 PHIL LONEY PHIL LONEY GROUP CHIEF EXECUTIVE 2 Our AGM is

ANNUAL GENERAL MEETING 14 JUNE 2017 PHIL LONEY PHIL LONEY GROUP CHIEF EXECUTIVE 2 Our AGM is

ANNUAL GENERAL MEETING 14 JUNE 2017 PHIL LONEY PHIL LONEY GROUP CHIEF EXECUTIVE 2 Our AGM is an important day for us 11 June 2014 Royal London AGM 2014 3 Pullout text layout 02. Georgia Regular 16pt. Lorem ipsum dolor sit amet,

504 views • 49 slides
Section 1 hello! Today we are going to look at how to write a text in context essay. What is

Section 1 hello! Today we are going to look at how to write a text in context essay. What is

TEXT IN CONTEXT Section 1 hello! Today we are going to look at how to write a text in context essay. What is the Text in context essay? This is where you talk about the text you have studied throughout the year in class. You could be asked

804 views • 49 slides
Tuning parameter selection for voxel-wise brain connectivity estimation via low dimensional

Tuning parameter selection for voxel-wise brain connectivity estimation via low dimensional

Introduction Covariance matrix Precision matrix Theoretical Results A feasible approach Tuning parameter selection for voxel-wise brain connectivity estimation via low dimensional submatrices Bin Nan Department of Biostatistics University

641 views • 27 slides
Forward: Retaining and Expanding UW Madisons Excellence 1 UW Madisons Remains a

Forward: Retaining and Expanding UW Madisons Excellence 1 UW Madisons Remains a

Forward: Retaining and Expanding UW Madisons Excellence 1 UW Madisons Remains a Uniquely Excellent University Record-setting applications Outstanding retention rate Graduation rates are up Time-to-degree is down

622 views • 29 slides
HR Transformation at UVA A Case Study, in Progress Sponsored by September 25, 2018 Bryan

HR Transformation at UVA A Case Study, in Progress Sponsored by September 25, 2018 Bryan

HR Transformation at UVA A Case Study, in Progress Sponsored by September 25, 2018 Bryan Garey Kelley Stuck Vice President and CHRO, Human Resources Vice President and CHRO, Human Resources Virginia Tech University University of

369 views • 15 slides
Action - Based Models for Belief - Space Planning Li Yang Ku , Shiraj Sen , Erik G . Learned -

Action - Based Models for Belief - Space Planning Li Yang Ku , Shiraj Sen , Erik G . Learned -

Action - Based Models for Belief - Space Planning Li Yang Ku , Shiraj Sen , Erik G . Learned - Miller and Roderic A . Grupen Goals Address the dual problems of modeling and reasoning by employing an action - based model grounded in the robot

630 views • 6 slides
RUBBLE READY abdullah, jacqueline, lauren, matt, titan students know how to shelter, not how to

RUBBLE READY abdullah, jacqueline, lauren, matt, titan students know how to shelter, not how to

RUBBLE READY abdullah, jacqueline, lauren, matt, titan students know how to shelter, not how to escape hi-tech devices available for rescuers, but not for victims alert control rescuers module module easily used and accessed emergency

272 views • 11 slides

More recommend