security_presentation
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
security_presentation [2022.10.09 13:59] – Steve Isenberg | security_presentation [2022.10.11 15:31] (current) – [How to create hard-to-guess passwords] Steve Isenberg | ||
---|---|---|---|
Line 33: | Line 33: | ||
* (Can you think of others?) | * (Can you think of others?) | ||
- | How long to crack: From [[https:// | + | Recent from WikiHow: [[https:// |
+ | Gives a set of steps to follow to guess someone' | ||
+ | - Figure out the password requirements for the site or app | ||
+ | - Ask for a hint or security questions (the " | ||
+ | - Check the list of easy-to-remember passwords | ||
+ | - like: 123456, 123456789, Qwerty, Password, Pa$$w0rd, Qwerty123, Iloveyou, etc | ||
+ | - Phone screen passwords may be easy to guess (123456, 147258, etc) | ||
+ | - Names of family members and pets | ||
+ | - What you know about the target' | ||
+ | - Significant numbers and dates | ||
+ | - like: address, birth/ | ||
+ | - Reverse or change the letters | ||
+ | - Adlihnurb, tsorfmada | ||
+ | - Substituting $ for s, 0 for o, 3 for e, 1 for i, etc (P@$$w0rd, w1k1h0w) | ||
+ | - If you have access to their machine, check for saved passwords in Browsers | ||
+ | |||
+ | How long to crack: From [[https:// | ||
^Length^numbers only^lowercase letters^U/L letters^Numbers, | ^Length^numbers only^lowercase letters^U/L letters^Numbers, | ||
|10|instantly|58 min|1 month|7 months|5 years| | |10|instantly|58 min|1 month|7 months|5 years| | ||
Line 63: | Line 79: | ||
====Remembering Passwords and Associated Issues==== | ====Remembering Passwords and Associated Issues==== | ||
- | |Method|Plusses|Minuses| | + | ^Method^Plusses^Minuses^ |
- | |Piece of paper|Free, flexible|Loss. Smudges/ | + | |Piece of paper|Free, flexible|Loss. Smudges/ |
- | |Sticky note attached to computer|Free|Can be seen or stolen by others. Fall off/loss. Smudges/ | + | |Sticky note attached to computer|Free|Can be seen or stolen by others. Fall off/loss. Smudges/ |
|Spreadsheet|Free, | |Spreadsheet|Free, | ||
- | |Password Manager|Free, | + | |Password Manager|Free, |
or there' | or there' | ||
- | {{: | + | {{: |
====How to create hard-to-guess passwords==== | ====How to create hard-to-guess passwords==== | ||
- | If a human is going to guess the password then make it unhuman. | + | If a human is going to guess the password then make it unhuman. |
- | Also see [[https:// | + | You can also do a DuckDuckGo (or Google if you're still using Google) search for "Best Password Managers" |
- | Do a DuckDuckGo (or Google if you're still using Google) search for "Best Password Managers" | + | |
//All of these offer login and text note storage in a secure vault protected by your master password, and can generate (and store) strong passwords.// | //All of these offer login and text note storage in a secure vault protected by your master password, and can generate (and store) strong passwords.// | ||
+ | //Following data updated 10/ | ||
^Manager^Free version. | ^Manager^Free version. | ||
- | |[[https:// | + | |[[https:// |
- | |[[https:// | + | |[[https:// |
- | |[[https:// | + | |[[https:// |
- | |[[https:// | + | |[[https:// |
- | |[[https:// | + | |[[https:// |
- | |[[https://keepass.info/ | + | |[[https://1password.com/]]|no free version, only paid, 2wk free trial|unlimited pw & devices, 1GB storage, 2FA.|Individual: |
- | |Others?| | + | |[[https:// |
+ | |[[https://keepass.info/]]\\ [[https:// | ||
+ | KeePassXC is a KeePass port, see Tech Radar' | ||
+ | |||
+ | Refs: | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | * [[https:// | ||
====Caveat==== | ====Caveat==== | ||
Line 116: | Line 142: | ||
* One password to remember | * One password to remember | ||
* I can use long and complex passwords | * I can use long and complex passwords | ||
+ | * Can keep a history of past passwords | ||
Using a password manager: | Using a password manager: | ||
- | * you can create quite long and complex passwords | + | |
+ | | ||
* you can create secure passwords and not have to remember all of them | * you can create secure passwords and not have to remember all of them | ||
* you only have to remember One password | * you only have to remember One password | ||
+ | * you can store your password file encrypted in multiple places including USB drives so it's unlikely to be lost | ||
* you have all of your important access information in one spot, the encrypted file | * you have all of your important access information in one spot, the encrypted file | ||
- | * (your next of kin would likely find this useful) | + | * //your next of kin would likely find this useful// |
====More About KeePass==== | ====More About KeePass==== | ||
//Note that many of these features can be handled/ | //Note that many of these features can be handled/ | ||
Line 162: | Line 191: | ||
* I use a DB entry to log changes | * I use a DB entry to log changes | ||
- | * "Last changed | + | * "Last changed |
- | * Enter change(s) made, eg: "1201: updated CCS entry, new password Kohls" | + | * Enter change(s) made, eg: "0921: updated CCS entry, new password Kohls" |
* This I do manually | * This I do manually | ||
* Helps me synchronize databases | * Helps me synchronize databases | ||
Line 169: | Line 198: | ||
* I use KeePass application to create new entries and login passwords | * I use KeePass application to create new entries and login passwords | ||
* Passwords typically 14+ characters (upper/ | * Passwords typically 14+ characters (upper/ | ||
- | * KeePass tells me if a password is/isn't secure | + | * KeePass tells me how secure |
Here is a possible password I might use: '' | Here is a possible password I might use: '' | ||
Line 184: | Line 213: | ||
====Next: Live demo of KeePass==== | ====Next: Live demo of KeePass==== | ||
+ | on smi macbook | ||
+ | |||
+ | * open, select PasswordExample.kbdx pw=1234 | ||
+ | * Save as CSV and look | ||
+ | * Save as HTML and look | ||
+ | * Database> | ||
====Questions and Answers==== | ====Questions and Answers==== | ||
security_presentation.1665349140.txt.gz · Last modified: 2022.10.09 13:59 by Steve Isenberg