Strong Passwords - PowerPoint PPT Presentation

About This Presentation
Title:

Strong Passwords

Description:

If I forget it, there's no way to recover it because I can't write it down. ... If you must write them down, separate the password from the account name, and ... – PowerPoint PPT presentation

Number of Views:309
Avg rating:3.0/5.0
Slides: 19
Provided by: lancecorpo
Learn more at: http://web.mit.edu
Category:

less

Transcript and Presenter's Notes

Title: Strong Passwords


1
Strong Passwords
  • How to make your passwords work for you.

Linda A. LeBlanc IT Security Support IST
2
Once upon a time.
3
The (old) Dos Donts of Passwords
  • DO!
  • Pick a password you can remember!
  • Make it REALLY hard to guess.
  • Use upper and lower characters
  • DONT!
  • Write your password down ANYWHERE!
  • Make them similar to each other.
  • Use klingon or Elvish (Elven?)

4
Lets be realistic
  • How many passwords do you have?
  • Dont forget your ATM, Insurance Phone Tree, your
    Bank Account Test question
  • How are we supposed to remember them ALL???

5
We know you write them down.somewhere.
  • Underneath your keyboard?
  • In your top desk drawer?
  • On your monitor?(Please say its on the back at
    least!)
  • The little notebook marked PASSWORDS?
  • The sheet of paper folded and sticking out of the
    dictionary above your head?

6
The Dilemma
  • Im supposed to remember but its not supposed to
    be a word in any language its supposed to be
    hard to guess.
  • If I forget it, theres no way to recover it
    because I cant write it down.
  • My dogs (cats)name isnt a word, and has upper
    and lower case characters.

7
New, more realistic rules
  • Use letters, numbers, special characters (upper
    and lower case).
  • If you must write them down, separate the
    password from the account name, and keep them
    somewhere secure.
  • Similarity and composition are not the same.
    (brainiac23 brainiac12 are similar fresZib61
    and gliitZul72 are composed in the same way)

8
Risk Assessment Reality
  • You have to decide for yourself what level of
    risk you are willing to assume when choosing how
    to secure your passwords.

9
Were always scheming
  • Develop password generation methods that work for
    you, and are easy to replicate.
  • Number/letter substitutions, nonsense sounds
  • Passphrases and acronyms
  • Group by account type. (whats good for mail,
    might not be sufficient for the IRA)

10
Exhibit A My Father
11
One Password, Many Places
  • Insecure accounts sharing a password with
    sensitive data accounts.
  • One FIVE letter word.

12
A new method
  • The Book of Psalms
  • Chapter and Verse
  • Preserve Case, Punctuation
  • Annotate account w/matching chapter verse pair.

13
Exhibit B My Bohemian Sister
14
w0rDz not words!
  • Use nonsense sounds that are pronounceable.
  • Build a word with all the requirements
  • Substitute a number for a vowel
  • Use the number combination for the vowels to
    identify the password.

15
More Ideas
  • Your favorite formulas?
  • Chemical compounds? (EtOH is a little too
    simple)
  • What else?

16
Last Writes
  • Establish a password generation method for
    yourself.
  • Find a place to keep your passwords and keep them
    secure.
  • Never reuse passwords EVER. Build a fresh one.

17
T he End
  • (of passwords as we know them?)

18
More information and handouts are available from
ITSS
  • Email leblancl_at_mit.edu
Write a Comment
User Comments (0)
About PowerShow.com