improving password management
play

Improving Password Management Laura Raderman, Policy and Compliance - PowerPoint PPT Presentation

Sep 09, 2022 •25 likes •395 views

Improving Password Management Laura Raderman, Policy and Compliance Coordinator, ISO Ole Villadsen, Research Liaison, Cybersecurity, UL Password Management How many passwords do you have? Are they all different? How different?

  1. Improving Password Management Laura Raderman, Policy and Compliance Coordinator, ISO Ole Villadsen, Research Liaison, Cybersecurity, UL

  2. Password Management • How many passwords do you have? • Are they all different? – How different? • Summer2016 vs Autumn2016?

  3. • Picking a password can be difficult – Multiple sites have different rules – what may be acceptable on one site is unacceptable on another • Biggest culprit: sites that don’t accept special characters – Very strong passwords generally aren’t very memorable • buz%vG9X#paC3s

  4. Password Managers! • Generate and store your passwords – You don’t even have to think up a new password!

  5. • Passwords are protected by a “master” password. – This is the password you will have to remember (you can still have the manager generate it for you if you want) • The master password is used to encrypt all of your other passwords – Most are using AES256 with PBKDF2 (Password Based Key Derivation Function 2)

  6. Master Passwords • Select a very strong master password – All managers support changing it should you want/need to • New NIST Recommendations – At least 8 characters – Not in a dictionary – Not in previously compromised account databases • ISO’s Recommendation – Long (16+ character) phrase

  7. http://xkcd.com/936/

  8. DO NOT FORGET YOUR MASTER PASSWORD!

  9. Storage Options • Offline storage • Online storage • Both are secure with ISO recommendations, but your risk tolerance may differ! – If you don’t sync/store online – BACKUP your file(s)!

  10. Specific ISO Recommendations • 1Password • KeePass • LastPass • ISO evaluated design at a high level for security of passwords – It’s OK to store your Andrew password in these! • CMU DOES NOT support these

  11. 1Password • https://1password.com • Both an online and a desktop/mobile application – Both are secure! • Not free – $64.99 for the “standalone” version (upgrades have been less in the past – usually ~$35 every 3-4 years) – $2.99/mth billed annually ($35.88/yr) for online

  12. 1Password (cont) • Standalone version offers syncing through Dropbox, iCloud, file folder (including file shares) – Syncing is not required! • Standalone version is not compatible with Linux • Online version supports offline caching (via applications), but is primarily online • Browser integration with all major browsers

  13. 1Password (cont) • Watchtower/ Security Audit – Lets you know about password breaches – like Yahoo’s or compromised private server keys – Points out weak or duplicate passwords

  14. KeePass • Offline storage only – Plugins (not evaluated) for syncing capabilities: (Dropbox, Google Drive, OneDrive, SCP, SFTP, S3) – Don’t forget to BACKUP! • Open Source • Linux, OSX support via Mono, Windows support via .NET. • Ports (not evaluated) for mobile devices

  15. KeePass (cont) • Generates passwords • Free! • Browser integration only via plugins (not evaluated)

  16. LastPass • Online “only” – Local password cache • Supports 2-factor soft token authentication (including Duo!) for free – 2-factor hard token authentication available with Premium subscription • Free for most features. Premium features $12/year.

  17. LastPass (cont) • Native Browser integration for all major browsers • Linux support • Password Auditing • Mobile applications

  18. LastPass Features • Create new, unique, strong passwords • Access passwords to log in to web sites • Store information in secure notes • LastPass Security Challenge – Identify compromised passwords – Identify weak or duplicate passwords – Automatically change some passwords

  19. How LastPass Works Your machine Internet Transit LastPass PBKDF2-SHA256 TLS 1.2 Enter Master Send login Create Key* Login Hash Password hash to LastPass LastPass verifies hash, *Use key to decrypt grants access and access to encrypted passwords in the Enter vault local vault Master *AES256 password Send Encrypted vault encrypted stored locally vault* back Access from multiple devices simultaneously Enters password on web sites/apps

  20. Is LastPass Secure? Password Managers are the worst way to store your passwords… except for all the others.

  21. LastPass Security • Vulnerabilities (bugs) have been discovered • All software has bugs • No exploits found “in the wild” • Would have been defeated by sound security practices (e.g. avoiding phishing attacks) • Recognized for quick & effective responses

  22. LastPass Security

  23. How LastPass Works Your machine Internet Transit LastPass PBKDF2-SHA256 TLS 1.2 Enter Master Send login Create Key* Login Hash Password hash to LastPass LastPass verifies hash, *Use key to decrypt grants access and access to encrypted passwords in the Enter vault local vault Master *AES256 password Send Encrypted vault encrypted stored locally vault* back Access from multiple devices simultaneously Vulnerabilities Enters password on web sites/apps

  24. Making LastPass more secure • Enable MFA • Manage your risk; consider keeping – Disable “offline” access separate, strong • Restrict mobile access passwords for: • Disable access from TOR – Primary Email • One IP at a time – Banking & Finance • Disable auto fill – Work vs Personal? • Auto log-off when idle • Access websites from your vault or bookmarks (and definitely not from a link you clicked)

  25. LastPass Settings

  26. LastPass MFA

  27. LastPass Security Settings

  28. LastPass Security Settings Click Enable

  29. LastPass Security Settings

  30. LastPass Security Settings

  31. LastPass Security Settings

  32. LastPass Security Settings

  33. LastPass Features

  34. LastPass Features

  35. LastPass Features

  36. LastPass Features

  37. LastPass Features

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com

Team Password Manager Password Management Software for Groups http://teampasswordmanager.com What is Team Password Manager - Password manager for groups and projects - Uses projects to group passwords - Secure, fine grained password sharing -

712 views • 9 slides
Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password

Open source password manager for teams 80% of security incidents are due to poor password management policies. ~ Trustwave Each year, over 125 millions hours of productivity are lost due to passwords management problematics. ~

950 views • 25 slides
Individual Differences and Perceived Password Security Management Lin Kyi, Sonia Chiasson, &

Individual Differences and Perceived Password Security Management Lin Kyi, Sonia Chiasson, &

Individual Differences and Perceived Password Security Management Lin Kyi, Sonia Chiasson, & Elizabeth Stobert Carleton University Ottawa, Canada WAY Workshop 2020 Introduction How password management is perceived can impact security

319 views • 15 slides
Key management Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Oct 4, 2016

Key management Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Oct 4, 2016

Key management Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Oct 4, 2016 Key management on whiteboard Password hashing in these slides Announcement Project 2 part 1 due today Passwords Tension between usability and

166 views • 16 slides
Something in the Air: Improving Air Quality through Community Partnerships @EnvisionCLT |

Something in the Air: Improving Air Quality through Community Partnerships @EnvisionCLT |

Something in the Air: Improving Air Quality through Community Partnerships @EnvisionCLT | @FFTC_RCCL | #EcoNetworkCLT Internet: MINT-GUEST Password: Today123 Liveable Low-carbon Cities Synergetic urban landscape planning with Water

885 views • 50 slides
Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force

Cisco Passwords - Enforcing Minimum Password Length Common Types of Password Attacks Brute-Force Attack - tries every possible character combination as a password. To recover a single-letter password would require up to 26 combinations. A

415 views • 8 slides
User Management Basic Training www.logicnets.com Password Reset for Existing Users Build Smart

User Management Basic Training www.logicnets.com Password Reset for Existing Users Build Smart

Build Smart Applications Fast User Management Basic Training www.logicnets.com Password Reset for Existing Users Build Smart Applications Fast Two ways to reset a (forgotten or expired) password: Forgot Details Receive an email from

593 views • 10 slides
Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Password Management

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Password Management

Welcome Clients of Mariner Wealth Advisors Cybersecurity Education Series Password Management & Public Wi-Fi Security Content provided by Presenter: Ray Cool, CEO PBSI Technology Solutions Webinar will begin at 10:00 Page 1 Series Goals

392 views • 18 slides
Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo

Is Password InSecurity Inevitable? Cryptographic Enhancements to Password Protocols Hugo Krawczyk (IBM Research) Works with Stanislaw Jarecki, Jiayu Xu (UC Irvine) Aggelos Kiayas (U Edinburgh) Nitesh Saxena, Maliheh Shirvanian (UA Birmingham)

750 views • 32 slides
Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring

LastPass, a Password Manager Application CS 88S Password, Authentication, Password Managers Week 4 Frank Chen | Spring 2017 Frank Chen | Spring 2017 Agenda Review last weeks material Some Definitions Password in the Cloud

584 views • 47 slides
LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your

LastPass An Introduction to Password Managers Why do I need a Password manager? Email is your Master Key When you forget a password, they send a reset link to your email. Anyone with access to your email has the power to reset your other

549 views • 31 slides
Improving Nutrient Management on Irish Farms NMP Online - Why Meets Nutrient Management

Improving Nutrient Management on Irish Farms NMP Online - Why Meets Nutrient Management

Improving Nutrient Management on Irish Farms NMP Online - Why Meets Nutrient Management requirement for Schemes GLAS Derogation Improving soil fertility Management on farms NMP Online Shows Soil fertility has fallen where you stand

344 views • 11 slides
Putting It All Together: Improving Management Decisions Through The Use of Analytics Court

Putting It All Together: Improving Management Decisions Through The Use of Analytics Court

Putting It All Together: Improving Management Decisions Through The Use of Analytics Court Solutions Conference Baltimore, Maryland September 10, 2008 Presented by Bob Wessels WWW.CCL.HCTX.NET Axioms of Caseflow Management Early and continuous

731 views • 58 slides
Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked

Proactive Password Checking Analyze proposed password for goodness Always invoked Can detect, reject bad passwords for an appropriate definition of bad Discriminate on per-user, per-site basis Needs to do

363 views • 21 slides
Improving the thermal management of power GaN devices ATW on Thermal Management, Los Gatos

Improving the thermal management of power GaN devices ATW on Thermal Management, Los Gatos

Improving the thermal management of power GaN devices ATW on Thermal Management, Los Gatos Chenjiang Y U 1 , Cyril B UTTAY 2 , ric L ABOUR 1 1 LGEP (GEEPS), Paris Sud, France 2 Laboratoire Ampre, Lyon, France 23/9/15 1 / 29 Outline

537 views • 50 slides
Improving governance in public debt management Public Debt Management Law: Recent Experience

Improving governance in public debt management Public Debt Management Law: Recent Experience

Sovereign Debt Management Forum, Oct. 2012, Washington DC, Treasury, The World Bank Improving governance in public debt management Public Debt Management Law: Recent Experience Public Debt Management Law of Cyprus Presentation by Phaedon

133 views • 12 slides
Thermal Runaway Propagation Testing of Lithium Battery Shipments for Safe Transportation J.

Thermal Runaway Propagation Testing of Lithium Battery Shipments for Safe Transportation J.

Thermal Runaway Propagation Testing of Lithium Battery Shipments for Safe Transportation J. Jeevarajan, Ph.D., Underwriters Laboratories Inc. December, 2018 Introduction and Background Lithium-ion batteries are being used in ground,

373 views • 18 slides
Noise Oversight Committee November 15, 2017 Audio recordings are made of this meeting ITEM 1

Noise Oversight Committee November 15, 2017 Audio recordings are made of this meeting ITEM 1

Noise Oversight Committee November 15, 2017 Audio recordings are made of this meeting ITEM 1 REVIEW AND APPROVAL OF JULY 19 AND SEPTEMBER 20, 2017 MEETING MINUTES NOISE OVERSIGHT COMMITTEE NOVEMBER 15, 2017 ITEM 2 REVIEW OF MONTHLY

748 views • 51 slides
FY 2019 IIT Withholding & Cashflow Analysis Ken A. Roberts, Chairman Idaho State Tax

FY 2019 IIT Withholding & Cashflow Analysis Ken A. Roberts, Chairman Idaho State Tax

FY 2019 IIT Withholding & Cashflow Analysis Ken A. Roberts, Chairman Idaho State Tax Commission tax.idaho.gov 1 Effects On Taxpayers Withholding of Doubling the Standard Deduction, 2017 to 2018 Household: $100 K Mr.: $50K Mrs.: $50K

349 views • 22 slides
Presented By: y Jason Webster, Underwriters Laboratories Joe Tseng, O2Works Introductions

Presented By: y Jason Webster, Underwriters Laboratories Joe Tseng, O2Works Introductions

Presented By: y Jason Webster, Underwriters Laboratories Joe Tseng, O2Works Introductions UL Invoicing Requirements Prior UL Invoice Process New UL Invoice Process Results Inventory Demonstration D t ti 2 Jason

657 views • 32 slides
RESILIENT SOLAR (SOLAR + BATTERY STORAGE) FDNY Filing Procedures March 27 th , 2020 Nicholas

RESILIENT SOLAR (SOLAR + BATTERY STORAGE) FDNY Filing Procedures March 27 th , 2020 Nicholas

RESILIENT SOLAR (SOLAR + BATTERY STORAGE) FDNY Filing Procedures March 27 th , 2020 Nicholas Petrakis, P.E. 1 RESILIENT SOLAR (SOLAR + STORAGE) CUNY in conjunction with FDNY has drafted permitting process guidelines for Valve-Regulated

158 views • 14 slides
Presentation to the City of Los Angeles Treasurer on the City's General Pool Investments July

Presentation to the City of Los Angeles Treasurer on the City's General Pool Investments July

Presentation to the City of Los Angeles Treasurer on the City's General Pool Investments July 31, 2018 July 31, 2018 Data Source: Bloomberg Economic Update: Overall Economy * Real Rate (Inflation Adjusted) Percent -3 -2 -1 0 1 2 3

741 views • 58 slides
Presentation to the City of Los Angeles Treasurer on the City's General Pool Investments January

Presentation to the City of Los Angeles Treasurer on the City's General Pool Investments January

Presentation to the City of Los Angeles Treasurer on the City's General Pool Investments January 31, 2018 January 31, 2018 Data Source: Bloomberg Economic Update: Overall Economy * Real Rate (Inflation Adjusted) Percent -3 -2 -1 0 1

891 views • 57 slides
deck.js Modern HTML Presentations Download or to learn more. 1.1.0 A project of I Make Web

deck.js Modern HTML Presentations Download or to learn more. 1.1.0 A project of I Make Web

deck.js Getting Started Docs GitHub deck.js Modern HTML Presentations Download or to learn more. 1.1.0 A project of I Make Web Things deck.js Getting Started Docs GitHub How Does It Work? <div

449 views • 15 slides

More recommend