Invenio Conquer-Password-Mgmt

1

Conquering The PasswordHeadache…

Invenio Advisors, LLCDon Tomoff, CPA, MBA

December 2013

2Invenio Advisors, LLC – Don Tomoff

Disclaimer

Password management is a broad concept and there are a variety of ways to handle passwords and maintain security.

Outlined in this presentation is only oneapproach that I use - and recommend - to meet the password management objectives outlined.

3Invenio Advisors, LLC – Don Tomoff

Password Problem?

Check out video – does this sound familiar?

TAP Image

to Play

4Invenio Advisors, LLC – Don Tomoff

Password Problem?

Interesting statistics…

Source: https://lastpass.com

5Invenio Advisors, LLC – Don Tomoff

Problem Hypothesis

Individuals have a difficult time creating and managing complex,

secure passwords

6Invenio Advisors, LLC – Don Tomoff

Fast Company Article

“Feeling Insecure? Because Your Passwords Are” November 12, 2013

• “Adobe announced hackers had nabbed the account information of 2.9 million customers…then adjusted it to 38 million…”

• “…turns out that people are often loonily lackadasical with their passwords.”

• “Additionally, some Adobe users had the gumption to use sensitive information as their password or hint.” (e.g., social security number)

7Invenio Advisors, LLC – Don Tomoff

Fast Company Article

“The 10 Biggest Password Mistakes People Make” November 27, 2013

• “Using any of the following terms is like locking your bank vault with masking tape and good intentions ...”

• #7 –“LetMeIn… Even sticking a "please" on the end would make it at least somewhat hard, just from the act of adding more letters.”

• #5 - “Swear Words…Unfortunately, by doing this, you're choosing the first words that are going to pop into someone's head as soon as they get pissed off that they can't figure out your password.”

• #1 – “Password” – “It's one step above just leaving your computer sitting unattended on a busy city sidewalk.”

8Invenio Advisors, LLC – Don Tomoff

Secure

NOT Secure

Convenient NOT Convenient

This is the password conundrum...

9Invenio Advisors, LLC – Don Tomoff

Secure

NOT Secure

Convenient NOT Convenient

Current state may look like this...

10Invenio Advisors, LLC – Don Tomoff

Secure

NOT Secure

Convenient NOT Convenient

Challenge is to do this ..

11Invenio Advisors, LLC – Don Tomoff

Password ManagementIncreasing Security and Reducing Your Headaches

iCloud Keychain

KeePass/KyPass

12Invenio Advisors, LLC – Don Tomoff

Password Management Objectives

Manage and access from any platform or device ("anytime, anywhere")

Increase password complexity (character mix, length, and no repeating passwords)

Eliminate the need to remember or manually key your password

13Invenio Advisors, LLC – Don Tomoff

One Example - Dropbox

Password (ok, not really!)

L&@"2&!b,8s)0Zm,D^Vvl,uKI

What’s the point?

14Invenio Advisors, LLC – Don Tomoff

Password Tools

iCloud Keychain

Meldium

Password "Safe“ (many options, here’s two)

KeePass/KyPass

LastPass

15Invenio Advisors, LLC – Don Tomoff

Three Tools - Coverage

Tool Mobile / PC CommentsiCloud Keychain Mobile Just memorizes and works

– not all passwords (no user interaction)

Meldium PC Use at your desk (browser). “One-click” access to only cloud services.

Password Safe(KeePass/KyPass)• Also, LastPass &

1Password

Mobile/PC Everything – requires user interaction (however, enables no memory or re-keying efforts)

16Invenio Advisors, LLC – Don Tomoff

Three Tools - Coverage

Amount of Effort?Tool Mobile / PC Keep a List Tool

iCloud Keychain

Mobile Access, lookup,

manually enter

None

Meldium PC Access, lookup,

manually enter

One-click

Password Safe (KeePass / KyPass)

Mobile/PC Access, lookup,

manually enter

Access, lookup, copy-

paste

19Invenio Advisors, LLC – Don Tomoff

Passwords Across Devices

MeldiumKeePass

iCloud KeyChainKyPass

iCloud KeyChainKyPass

20Invenio Advisors, LLC – Don Tomoff

iCloud Keychain

iCloud Keychain stores your usernames, passwords, Wi-Fi networks, and credit card information so that you can easily fill in forms or logins whenever you need.

This will sync across Safari and with third party apps that support iCloud Keychain. Your information is securely protected using 256-bit AES encryption.

iCloud Keychain also includes a powerful password generator.

21Invenio Advisors, LLC – Don Tomoff

Intro to iCloud Keychain

22Invenio Advisors, LLC – Don Tomoff

iCloud Keychain Resources

iCloud – FAQ (Apple Support site)

Apple’s iCloud Keychain: It Works, but with Frustrating Limitations

How to access and view your iCloud KeyChain passwords with iOS7

iCloud Keychain: Everything You need to know and How to set it up

How to use iCloud KeyChain

How to add credit card information to iCloud KeyChain

23Invenio Advisors, LLC – Don Tomoff

MeldiumMore than just another password manager. It automatically logs you in to your favorite apps and web sites without typing usernames and passwords. You get instant access with extensions for Chrome and Firefox.

Enables your team to share access to apps without sharing passwords. Protect your company from phishing attacks and use strong passwords on all your services.

When you sign in with Google, Meldium automatically extends its secure two-factor authentication (2FA) to all your apps.

24Invenio Advisors, LLC – Don Tomoff

Meldium Dashboard

25Invenio Advisors, LLC – Don Tomoff

Meldium Pricing

26Invenio Advisors, LLC – Don Tomoff

Meldium Resources

Home page – www.meldium.com

Meldium blog page

Ditch the Spreadsheet. Meldium Controls Your Team’s Shared App Passwords For You

Meldium – Instant Access to Apps

27Invenio Advisors, LLC – Don Tomoff

KeePass & KyPass

Password "safe" - Windows PC software and compatible app for mobile devices

"A secure, lengthy, completely random password goes a long way towards improving your security–and having a separate password for each and every website and service you use is the single most important thing you can do to keep secure."

KeePass/KyPass

28Invenio Advisors, LLC – Don Tomoff

KeePass – Master Signon

29Invenio Advisors, LLC – Don Tomoff

KeePass – Desktop View

30Invenio Advisors, LLC – Don Tomoff

KyPass - iPad

31Invenio Advisors, LLC – Don Tomoff

KyPass - iPad

32Invenio Advisors, LLC – Don Tomoff

KyPass - iPhone

33Invenio Advisors, LLC – Don Tomoff

LastPass –Browser based password safe

TAP Image

to Access

34Invenio Advisors, LLC – Don Tomoff

Password Safe Resources

KeePass Password Safe – info home page

Keepass: free and open-source password manager

Review: KeePass makes strong passwords and keeps them safe

Review: LastPass takes your passwords to the cloud

1Password vs Lastpass vs KeePass (vs…..a bunch others)

1. Lists pros and cons of various password manager alternatives –accumulated from Reddit.com posts

2. Definitely worth a review if you are unsure about what password safe you want to use.

35Invenio Advisors, LLC – Don Tomoff

Contact Invenio Advisors

Don Tomoff, CPA, MBAdon@invenioadvisorsllc.com

LinkedIn ProfileFind Don on the Web

Download Business Card