Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

APPY HOURDON'T FORGET YOUR (VIRTUAL) KEYS:

CREATING, USING, AND MAINTAINING STRONG

PASSWORDS

September 2014

2

“Up to 70 million individuals may be affected”

“33 P.F. Chang’s China Bistro branded restaurant locations”

“Nearly all U.S. Home Depot Stores Hit”

December 2013

April or May 2014

June 2014

3Source: http://www.insecpro.com/index.php/articles/cyber-crime-statistics

http://www.insecpro.com/index.php/articles/cyber-crime-statistics

4

TODAY’S MENU

• CREATING STRONG PASSWORDS

• MONITORING YOUR PASSWORDS

• REMEMBERING YOUR PASSWORDS

• RECOVERING FROM A STOLEN PASSWORD

• MORE INFORMATION

5

ARE YOU USING STRONG PASSWORDS?

• HOW SECURE IS MY PASSWORD?

https://howsecureismypassword.net/

https://howsecureismypassword.net/

6

AVOID COMMON PASSWORDS

Source: http://splashdata.com/press/WorstPasswords-

2013.jpg

7

THINK BIG!

http://upload.wikimedia.org/wikipedia/commons/9/90/Magic8ball.jpg

8

SOME TIPS:DO

• STARTING POINT:

• SENTENCE (ABBREVIATED)

• PASSPHRASE

• MISPELLED LONGER WORD

• ADD UPPER AND LOWER CASE

• ADD SOME NUMBERS

• ADD SOME SYMBOLS

DON’T

• REPEAT PART OF YOUR USER NAME

• USE SOMETHING OTHERS KNOW ABOUT YOU

• USE REAL WORDS ONLY

• REPLACE LETTERS WITH SYMBOLS TO MAKE COMMON WORDS MORE “SECURE”

• USE SOMETHING YOU CAN’T EASILY REMEMBER

9

EXAMPLES

START WITH

• ABBREVIATED SENTENCE:

• THE FIRST PRESIDENT WAS GEORGE WASHINGTON TFPWGW

• PASSPHRASE:

• ABELINCOLNPS347URIRWULAW

• MISPELLED WORD:

• EXOSKELETON EKSOSCHELATUN

10

EXAMPLES (CONT’D)

ADD

• UPPER AND LOWER CASE

• TFPWGW TfpwGW

• ABELINCOLNPS347URIRWULAW AbeLincolnPS347RWULaw

• EKSOSCHELATUN EksoSchelatun

• NUMBERS & SYMBOLS:

• TfpwGW 17TfpwGW89 17Tfp#wGW89!

• AbeLincolnPS347RogerWilliams Ab3Lin(olnPS347RWUL@w

• EksoSchelatun Eks0Sch3latun Eks0Sch3l@tun!

See Resources on Appy Hour page for more ideas on creating strong passwords.

11

CHANGE YOUR PASSWORDS OFTEN

12

AVOID USING THE SAME PASSWORD REPEATEDLY

13

USE A PASSWORD MANAGER

See the list at http://lawguides.rwu.edu/appyhour/passwords

http://lawguides.rwu.edu/appyhour/passwords

14

PASSWORD MANAGER KEY FEATURES

• OPERATING SYSTEMS

• BROWSER INTEGRATION/FORM FILLING

• MOBILE PLATFORMS

• SECURE SHARING

• PASSWORD GENERATION

• PRICE: FREE, FREEMIUM, PAID, EDUCATIONAL DISCOUNTS

• BONUS! SECURITY ALERTS

• BONUS! TWO FACTOR AUTHENTICATION

15

HOW ELSE CAN YOU PROTECT YOURSELF?• DON’T SHARE PASSWORDS WITH ANYONE!

• DON’T REUSE PASSWORDS

• IF YOU DO SHARE A PASSWORD, DON’T SEND IT VIA EMAIL.

• MONITOR YOUR EMAIL ADDRESSES

• USE MULTIFACTOR AUTHENTICATION, IF AVAILABLE

• ADD PASSWORD RECOVERY FEATURES TO YOUR ACCOUNTS

16

17

MONITOR YOUR EMAIL• SHOULD I CHANGE MY PASSWORD?

• PWNEDLIST

https://shouldichangemypassword.com/

https://pwnedlist.com/query

18

USE MULTI-FACTOR AUTHENTICATION

19

WHAT YOU KNOW

What is your mother’s maiden

name?

20

WHAT YOU HAVE

21

WHO YOU ARE

Source: http://en.wikipedia.org/wiki/Multi-factor_authentication#Background

22

ADD PASSWORD RECOVERY FEATURES

• CHOOSE YOUR QUESTIONS WISELY!

• SAFE

• STABLE

• MEMORABLE

• SIMPLE

• MANY

• CHOOSE QUESTIONS THAT SATISFY ONE OR MORE OF THESE CRITERIA.

Source: http://goodsecurityquestions.com/examples

23

RECOVERING FROM A STOLEN PASSWORD

• CHANGE THE PASSWORD

• ASSESS & REPAIR THE DAMAGE

• SCAN & PROTECT YOUR SYSTEMS FOR VULNERABILITES

24

ASSESS & REPAIR THE DAMAGE: EMAIL & SOCIAL MEDIA• FACEBOOK: HACKED ACCOUNTS

• TWITTER: MY ACCOUNT HAS BEEN HACKED

• INSTAGRAM: REPORT A HACKED ACCOUNT

• GOOGLE: COMPROMISED GMAIL ACCOUNT

• RWU EMAIL: 401-254-6363 (MEDIA•TECH SUPPORT CENTER)

https://www.facebook.com/hacked

https://support.twitter.com/articles/185703-my-account-has-been-hacked

https://help.instagram.com/contact/470866676325859

https://support.google.com/mail/answer/50270?hl=en

25

ASIDE: SOCIAL MEDIA SAVVY

• KNOW AND USE THE SECURITY FEATURES OF YOUR SOCIAL MEDIA SITES

• BE CAREFUL WHO “FRIENDS”, “FOLLOWS”, “LINKS”, ETC. TO YOU.

• KEEP YOUR PERSONAL INFORMATION PRIVATE

• REVIEW REGULARLY APPS AND OTHER TOOLS THAT LINK TO YOUR SOCIAL MEDIA ACCOUNTS!

26

ASSESS THE DAMAGE: FINANCES

• FEDERAL TRADE COMMISSION: PLACE A FRAUD ALERT

• CREDIT BUREAUS

• EQUIFAX: REQUEST A 90 DAY FRAUD ALERT

• EXPERIAN: HOW TO RESPOND TO IDENTITY THEFT

• TRANSUNION: FRAUD ALERTS

http://www.consumer.ftc.gov/articles/0275-place-fraud-alert

https://www.alerts.equifax.com/AutoFraud_Online/jsp/fraudAlert.jsp

http://www.experian.com/help/identity-theft-victim-assistance.html#idtheft_victimYes

http://www.transunion.com/personal-credit/credit-disputes/fraud-alerts.page

27

PROTECT YOUR SYSTEMS!

• COMPUTERS, ANTIVIRUS:

• AVAST! (W/M)

• MICROSOFT SECURITY ESSENTIALS (W)

• SOPHOS (M)

• COMPUTERS, MALWARE:

• MALWARE BYTES (W)

• SOPHOS (M)

• TABLETS/PHONES:

• ADD SECURITY LOCK

• FIND MY IPAD/IPHONE

• LOOKOUT MOBILE SECURITY

28

BREAKING NEWS!

29

QUESTIONS?

• LET ME KNOW!

[email protected]

OR

401-254-4547

•CLASS WEBPAGE: HTTP://LAWGUIDES.RWU.EDU/APPYHOUR/PASSWORDS

mailto:[email protected]

30

CREDITS (SLIDES 2, 7 & 11)• SLIDE 2: “HOME DEPOT” BY MIKE MOZART, “TARGET” BY

KEVIN DOOLEY, AND “P.F. CHANG’S” BY DAVE DUGDALE ARE LICENSED UNDER CC BY 2.0, CC BY 2.0 AND CC BY SA 2.0, RESPECTIVELY.

• SLIDE 7: “MAGIC 8 BALL” BY “CHRISTIAN HELDT”.

• SLIDE 11: FALL SCENE: “HAPGOOD POND” BY U.S. DEPARTMENT OF AGRICULTURE LICENSED UNDER CC BY 2.0; “SPRING” BY MOYAN BRENN LICENSED UNDER CC BY ND 2.0; “2015” BY FREE WIDE WALLPAPERS; “ALL FOUR SEASONS – OUTSIDE MY WINDOW” BY SUNDAR M LICENSED UNDER CC BY SA 2.0

https://www.flickr.com/photos/jeepersmedia/11199472286/in/photolist-3R2Gd-mXs1n4-nDKf9G-nwzRkv-9R1hP-i5rFEz-62qyGZ-mXrXkc-mXrZRe-mXtRJu-mXtPQQ-mXtRb5-i4EdVL-mXrWnn-nwzR2V-mXrX1M-i4Evga-nuQ8cu-nwBG77-nfofT1-nHzhfZ-mXs3ti-zHARb-nFA95E-jauAoE-mjFaHq-o1zJf9-mfRMek-mfSvU8-mjDyvz-mjCNcV-5HiqFP-bS4gc-mfTG6Q-mfRKED-oP56AW-9U6RwW-nU7qoB-nU7qtA-obsrb7-mjDGRF-mjDkvK-onrv64-nU71jL-nfocJp-nfomV9-nfo9vk-owBxz5-o9yrCm-nwBFcw/

https://www.flickr.com/photos/jeepersmedia/11199472286/in/photolist-3R2Gd-mXs1n4-nDKf9G-nwzRkv-9R1hP-i5rFEz-62qyGZ-mXrXkc-mXrZRe-mXtRJu-mXtPQQ-mXtRb5-i4EdVL-mXrWnn-nwzR2V-mXrX1M-i4Evga-nuQ8cu-nwBG77-nfofT1-nHzhfZ-mXs3ti-zHARb-nFA95E-jauAoE-mjFaHq-o1zJf9-mfRMek-mfSvU8-mjDyvz-mjCNcV-5HiqFP-bS4gc-mfTG6Q-mfRKED-oP56AW-9U6RwW-nU7qoB-nU7qtA-obsrb7-mjDGRF-mjDkvK-onrv64-nU71jL-nfocJp-nfomV9-nfo9vk-owBxz5-o9yrCm-nwBFcw/

https://www.flickr.com/photos/jeepersmedia/

https://flic.kr/p/96vCN1

https://www.flickr.com/photos/pagedooley/5313218644/in/photolist-4CoKAv-6L2Xji-n87HSk-7BN7ky-7uZahi-63hBdu-bXZFam-p3Kc9s-ndQEmA-ejPxj8-ojM7ad-96vCN1-fcJYgg-5HsyJH-ks7QzP-5smnjs-gDRaj-5xPJVf-6823n2-akLjz-6h3M1T-apvSiR-4ftKFp-3kYdg7-k8iBhk-bQmRVH-ntJvX8-5EtvoU-91uQPm-dL3UmP-81eeaJ-mXbG4S-aFU9Ke-dAdtYy-fzauHB-b7BhHz-4HjhPS-kGhdKR-an9Poh-dAo3YX-4Xt3DV-5evsSo-59UsLr-aaichg-2RxCau-nvT5yr-e1KQLe-j1TrTc-dAG9As-52joBn

https://flic.kr/p/7PJNHd

https://www.flickr.com/photos/davedugdale/

https://www.flickr.com/photos/davedugdale/

https://creativecommons.org/licenses/by/2.0/


https://creativecommons.org/licenses/by-sa/2.0/

http://commons.wikimedia.org/wiki/File:Magic8ball.jpg

http://de.wikipedia.org/wiki/Benutzer:ChristianHeldt

http://de.wikipedia.org/wiki/Benutzer:ChristianHeldt

https://flic.kr/p/avw9wd




https://www.flickr.com/photos/usdagov/


https://www.flickr.com/photos/aigle_dore/



https://creativecommons.org/licenses/by-nd/2.0/

http://www.freewidewallpapers.com/happy-new-year-2015/2015-new-year-celebration/



31

CREDITS (SLIDES 12 & 16)

• SLIDE 12: “MONEYCASH” BY 2BGR8STOCK , LICENSED UNDER CC BY 3.0; “INSTAGRAM AND OTHER SOCIAL MEDIA APPS” BY JASON HOWIE, LICENSED UNDER CC BY 2.0. OTHER IMAGES COURTESY OF RWULAW, MICROSOFT.

• SLIDE 16: “YOU’LL NEVER FORGET YOUR PASSWORD EVER AGAIN” BY MEME BINGE, LICENSED UNDER CC BY 2.0.

http://commons.wikimedia.org/wiki/File:Money_Cash.jpg

http://2bgr8stock.deviantart.com/

http://creativecommons.org/licenses/by/3.0/deed.en

https://flic.kr/p/d41HES

https://www.flickr.com/photos/jasonahowie/


https://flic.kr/p/noVhKg

https://www.flickr.com/photos/memebinge/


32

CREDITS (SLIDES 18-19)

• “STEP 1: READY YOUR ATM CARD” BY COLIN MCCLOSKEY, LICENSED UNDER CC BY NC-SA 2.0.

• KEYPAD: “ATM KEYPAD 2/4” BY REDSPOTTED, LICENSED UNDER CC BY 2.0

https://flic.kr/p/z4vyU

https://www.flickr.com/photos/mccolin/

https://creativecommons.org/licenses/by-nc-sa/2.0/


https://flic.kr/p/2oTx

https://www.flickr.com/photos/redspotted/



33

CREDITS (SLIDE 20)

• ATM CARD: “PHOTO365 DAY 4” BY ALLAN DONQUE, LICENSED UNDER CC BY 2.0

• SECURITY KEYS: “RSA TOKENS” BY EDWIN SARMIENTO, LICENSED UNDER CC BY SA 2.0

• MOBILE PHONE: “SONY EXPERIA NEO MT15I MOBILE PHONE” BY MATT KLEFFER, LICENSED UNDER CC BY SA 2.0

https://flic.kr/p/7AADC1

https://www.flickr.com/photos/allandonque/

https://www.flickr.com/photos/allandonque/


https://flic.kr/p/avUznU

https://www.flickr.com/photos/bassplayerdoc/


https://flic.kr/p/9Z4Ary



https://www.flickr.com/photos/mattkieffer/

https://www.flickr.com/photos/mattkieffer/


34

CREDITS (SLIDE 21)

• FINGERPRINT: “FINGERPRINT” BY JOSE LUIS AGAPITO, LICENSED UNDER CC BY ND 2.0

• EYE SCAN: IROBOT EYE V2.O, BY TC MORGAN, LICENSED UNDER CC BY NC SA 2.0

• FACE RECOGNITION: “MYHERITAGE.COM FACE RECOGNITION” BY MYHERITAGE.COM

https://flic.kr/p/4xGCiY

https://www.flickr.com/photos/blvesboy/

https://www.flickr.com/photos/blvesboy/





https://flic.kr/p/dieMY4

https://www.flickr.com/photos/tcmorgan/


http://www.myheritage.com/facial-recognition-technology

http://www.myheritage.com/

35

CREDITS (SLIDE 27)

• ALL YOU MAGAZINE ON FACEBOOK (POSTED 9/9/2014)

https://www.facebook.com/allyoumagazine

Don't Forget Your (Virtual) Keys: Creating, Using, and Maintaining Strong Passwords

Technology

cc bynd

cc by2

licensedunder cc

password manager13see

stolen password

password recoveryfeatures

password recovery features

secure use