security_presentation
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
security_presentation [2021.12.02 16:25] – [More About KeePass] Steve Isenberg | security_presentation [2022.10.09 15:16] – [What I do] Steve Isenberg | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ~~NOCACHE~~ <fc # | + | ~~NOCACHE~~ <fc # |
+ | visits {{counter|today| time| times}} today, {{counter|yesterday| time| times}} yesterday, and {{counter|total| time total| total times}}]</ | ||
We all have bank accounts, credit cards, insurance policies, | We all have bank accounts, credit cards, insurance policies, | ||
healthcare accounts, the list goes on. Many are online. There are so | healthcare accounts, the list goes on. Many are online. There are so | ||
- | many of these, | + | many of these to remember, the URL to go to for access, phone numbers, |
- | account numbers, and requiring a password to access--one that is | + | account numbers, and an access |
- | complex and hard to guess. | + | complex and hard to guess. |
+ | |||
+ | The challenge is how do you keep track of | ||
all of this information in a way that is secure, yet easy to access, | all of this information in a way that is secure, yet easy to access, | ||
that's stored in multiple locations so it's unlikely to get lost, and | that's stored in multiple locations so it's unlikely to get lost, and | ||
that you can make available to your next-of-kin if necessary? | that you can make available to your next-of-kin if necessary? | ||
+ | |||
We will discuss a solution that your presenter uses to solve all of | We will discuss a solution that your presenter uses to solve all of | ||
these challenges in a cost affordable--free--way. | these challenges in a cost affordable--free--way. | ||
Line 29: | Line 33: | ||
* (Can you think of others?) | * (Can you think of others?) | ||
- | How long to crack: From [[https:// | + | Recent from WikiHow: [[https:// |
+ | Gives a set of steps to follow to guess someone' | ||
+ | - Figure out the password requirements for the site or app | ||
+ | - Ask for a hint or security questions (the " | ||
+ | - Check the list of easy-to-remember passwords | ||
+ | - like: 123456, 123456789, Qwerty, Password, Pa$$w0rd, Qwerty123, Iloveyou, etc | ||
+ | - Phone screen passwords may be easy to guess (123456, 147258, etc) | ||
+ | - Names of family members and pets | ||
+ | - What you know about the target' | ||
+ | - Significant numbers and dates | ||
+ | - like: address, birth/ | ||
+ | - Reverse or change the letters | ||
+ | - Adlihnurb, tsorfmada | ||
+ | - Substituting $ for s, 0 for o, 3 for e, 1 for i, etc (P@$$w0rd, w1k1h0w) | ||
+ | - If you have access to their machine, check for saved passwords in Browsers | ||
+ | |||
+ | How long to crack: From [[https:// | ||
^Length^numbers only^lowercase letters^U/L letters^Numbers, | ^Length^numbers only^lowercase letters^U/L letters^Numbers, | ||
|10|instantly|58 min|1 month|7 months|5 years| | |10|instantly|58 min|1 month|7 months|5 years| | ||
Line 59: | Line 79: | ||
====Remembering Passwords and Associated Issues==== | ====Remembering Passwords and Associated Issues==== | ||
- | |Method|Plusses|Minuses| | + | ^Method^Plusses^Minuses^ |
- | |Piece of paper|Free, flexible|Loss. Smudges/ | + | |Piece of paper|Free, flexible|Loss. Smudges/ |
- | |Sticky note attached to computer|Free|Can be seen or stolen by others. Fall off/loss. Smudges/ | + | |Sticky note attached to computer|Free|Can be seen or stolen by others. Fall off/loss. Smudges/ |
|Spreadsheet|Free, | |Spreadsheet|Free, | ||
- | |Password Manager|Free, | + | |Password Manager|Free, |
+ | or there' | ||
+ | {{: | ||
====How to create hard-to-guess passwords==== | ====How to create hard-to-guess passwords==== | ||
If a human is going to guess the password then make it unhuman. | If a human is going to guess the password then make it unhuman. | ||
Also see [[https:// | Also see [[https:// | ||
- | Do a DuckDuckGo (or Google if you're still using Google) search for "Best Password Managers" | + | Do a DuckDuckGo (or Google if you're still using Google) search for "Best Password Managers" |
- | All offer unlimited | + | //All of these offer login and text note storage in a secure vault protected by your master password, and can generate (and store) strong passwords.// |
+ | //Following data updated 10/ | ||
^Manager^Free version. | ^Manager^Free version. | ||
- | |[[https:// | + | |[[https:// |
- | |[[https:// | + | |[[https:// |
- | |[[https:// | + | |[[https:// |
- | |[[https:// | + | |[[https:// |
- | |[[https:// | + | |[[https:// |
- | |[[https://keepass.info/ | + | |[[https://1password.com/]]|no free version, only paid, 2wk free trial|unlimited pw & devices, 1GB storage, 2FA.|Individual: |
- | |Others?| | + | |[[https:// |
+ | |[[https://keepass.info/]]\\ [[https:// | ||
+ | KeePassXC is a KeePass port, see Tech Radar' | ||
+ | |||
+ | Refs: | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
====Caveat==== | ====Caveat==== | ||
Line 91: | Line 122: | ||
====What I do==== | ====What I do==== | ||
//These are my practices for your information. You should make a decision that's best for you.// | //These are my practices for your information. You should make a decision that's best for you.// | ||
- | * KeePass on multiple devices | + | * Use KeePass |
+ | * On MacBook: KeePassXC | ||
+ | * On iPhone and iPad: KeePass Touch | ||
+ | * On Android: | ||
+ | * On Windows: | ||
* Store password file in iCloud | * Store password file in iCloud | ||
- | * Copy password file to local Documents | + | * Copy password file to local Document storage |
- | * Copy password file to Dropbox, pCloud | + | * Copy password file to Dropbox, pCloud |
+ | |||
+ | To note: | ||
+ | * KeePassXC updates the iCloud version whenever I make a change | ||
+ | * On iPhone and iPad I need to download a latest version of password file | ||
+ | * I added an entry in the password file that tracks latest changes (so I can tell if I have the latest on a given device) | ||
Benefits: | Benefits: | ||
* Free | * Free | ||
+ | * Available on all my devices | ||
* One password to remember | * One password to remember | ||
* I can use long and complex passwords | * I can use long and complex passwords | ||
+ | * Can keep a history of past passwords | ||
Using a password manager: | Using a password manager: | ||
- | * you can create quite long and complex passwords | + | |
+ | | ||
* you can create secure passwords and not have to remember all of them | * you can create secure passwords and not have to remember all of them | ||
* you only have to remember One password | * you only have to remember One password | ||
+ | * you can store your password file encrypted in multiple places including USB drives so it's unlikely to be lost | ||
* you have all of your important access information in one spot, the encrypted file | * you have all of your important access information in one spot, the encrypted file | ||
- | * (your next of kin would likely find this useful) | + | * //your next of kin would likely find this useful// |
====More About KeePass==== | ====More About KeePass==== | ||
//Note that many of these features can be handled/ | //Note that many of these features can be handled/ | ||
Line 166: | Line 210: | ||
//There are other capabilities of a KeePass password manager, such as autofill (it'll copy and enter passwords for you) and URL entry (it'll type your site's URL into your browser), and more; but I do not have experience with these.// | //There are other capabilities of a KeePass password manager, such as autofill (it'll copy and enter passwords for you) and URL entry (it'll type your site's URL into your browser), and more; but I do not have experience with these.// | ||
+ | |||
+ | ====Next: Live demo of KeePass==== | ||
+ | ====Questions and Answers==== | ||
+ | |||
+ | ---- | ||
====References==== | ====References==== | ||
Line 175: | Line 224: | ||
* [[https:// | * [[https:// | ||
* [[https:// | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
- | <fc # |
security_presentation.txt · Last modified: 2022.10.11 15:31 by Steve Isenberg