Become a Cybersecurity Ninja A ten-part webinar series Today’s session: Your Passwords are Broken How You Can Fix Them With guest Keith Berner, Freedom House Next session: The @$#’s of Encryption Communication, Information and Device Encryption Basics To view information on entire series, please visit ninja.rtt.nyc.
28
Embed
Communication, Information and Device Encryption Basics ... · Become a Cybersecurity Ninja A ten-part webinar series Today’s session: Your Passwords are Broken How You Can Fix
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Become a Cybersecurity NinjaA ten-part webinar series
Today’s session:Your Passwords are Broken
How You Can Fix Them With guest Keith Berner, Freedom House
Next session:The @$#’s of Encryption
Communication, Information and Device Encryption Basics
To view information on entire series, please visit ninja.rtt.nyc.
Keith Berner, Director of ITFreedom HouseKeith Berner has been IT Director with Freedom House for four years and has been in the NGO sector since 2007. Keith’s eclectic career includes degrees in technology management, international relations, and theatre. He has at various times had responsibility for program development, research, writing, editing, financial management, and political organizing. Within IT, Keith’s greatest expertise is being able to locate and leverage the expertise of others. At Freedom House, an international human rights and democracy organization founded in 1941, he plays a key role in keeping the organization and its staff safe from authoritarian governments with hostile intent.
What is the average number accounts registered to a single email address in the US?
123456 is the best password
From Ashley Madison breach From LinkedIn breach
The best passwords are long, complex and random alphanumeric strings.Such as
7!G2Kq@qyhTfTTQIwlcd82Kt
Or
yHIQHtLp7YoAb^&ib3ZHJt4WP#xCuBZEO3S7tIIe%IhUb7b81
Or
I like to eat donuts on Wednesdays.
Notice anything different about the last one?
Human brains are not good at making and remembering long, complex and random alphanumeric strings.
And wait, it gets worse...
Even Complex Passwords aren’t great
● They can still get phished● They can still be reused in multiple places● They can still be shared in insecure ways (e.g. plain text)● They can still be part of a larger breach● They can still be captured by keystroke loggers
Password Managers to the Rescue
Do you use a password manager in your personal life?
Password Managers - Basics● Create long, complex and random passwords.
○ It’s literally their job. ● Inexpensive (generally <$30/year/person)● Protects against phishing attacks● Can audit all your passwords
Single Sign-On (SSO)
Password Managers● Used by individuals (can be part of organization)● Generate and manage passwords● Can login automatically (with browser plug-ins)● Share credentials securely● Can store private credentials (not reveal to org)
● Simplifies provisioning and deprovisioning (new staff and departing staff)● Creates a single authentication for key services ● Staff only manage one (1) password for SSO accounts