1 / 12

Keeping your passwords safe

Learn about the security risks of using browser autocomplete for passwords and discover the benefits of using password vaults like LastPass. Get tips on creating and managing a safe password list and using encryption methods to protect your passwords.

mweiner
Télécharger la présentation

Keeping your passwords safe

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Keeping your passwords safe George Skarbek 13th June 2019

  2. Browser Autocomplete • Most browsers offer to save passwords. This improves your productivity as you do not need to open the password file. But there are security issues. • Do not save passwords in your browser, particularly for banking sites. • If someone at your home opens that browser and clicks on a banking site, the browser will log into your account. • Similarly if the computer is stolen. • Another issue is when disposing of your now old computer you must remember to clear the password cache. • If you do use autocomplete then beware of the risks. • NOTE: It is relatively easy to export these IDs and passwords to a text file.

  3. Password vaults • Tools like  LastPass, KeePass, 1Password and others collect, retain, and often enter your login credentials for you. • LastPass can also fill in other fields such as your name, full address, credit card number so that a form can be filled in with one click. • LastPass stores your passwords as extremely well-encrypted data that even they do not have access to. Your data is only decrypted on your device(s), computer or USB and only when you provide the correct master password. • In my opinion this type of software is worth considering.

  4. DIY password list tips • If you have created a password list some time ago and are updating it now, here are some suggestions for why it is important to understand how to keep your passwords safe. • The main tip is: NEVER print your password list. • Remember that Windows will index all files in the Documents folder and sub-folders. It will search over 100,000 files in under one second looking for any name in all files, for example “pass” or “bank”.

  5. Tips on password safety • If you have printed a list, NEVER have it in your wallet or handbag. What happens is this is lost or stolen? • Never save it in any document that is not encrypted, such as in Excel or Word without encrypting it first. Use Help in Excel or Word for encryption method. • Never save it using Notepad as this cannot be encrypted. • Never call that document Passwords. • It is preferable not to use the same password for more than one site.

  6. Suggestions • If you do not wish to use password manager software then using Excel is a good choice because it has good encryption build in. • In the first column have the name of where the password is to be used, for example ANZ. • The second column is the user ID, such as 123456 or Fred@Nurk.com • The third column is the password. • Other columns can have additional information such as security questions and answers. • That Excel file MUST be encrypted. If your Excel is 2003 or earlier then do NOT use it as the encrypted password file can be easily cracked. • That Excel master password can be written down somewhere safe.

  7. More suggestions • For all passwords, except for really trivial cases, use upper and lower case letters, at least one number and one symbol and make it at least eight characters long. Especially for the banking or super fund accounts. • With six lowercase letters, using a brute-force attack of one million attempts per second it will take about 1.2 seconds to crack it. With 8 characters using upper and lower case letters, numbers and symbols the time increases to 5,845 centuries. • Give your file a generic name such as Xmas2013gifts

  8. Suggestions for extreme protection • For additional safety I recommend that when creating passwords you always hide a letter by using another letter or symbol. This is done to add more protection in the unlikely case your password file is found and cracked. • For example, when using a lowercase letter, say a “b” - it will always be entered as say, W or a comma, a tilde or anything but a “b” in the actual password.

  9. And another extreme suggestion • You can make it ever harder for anyone to find that password file. • If you are using Excel then rename the .xlsx to something else such as .dll (Dynamic Link Library) and then to open that file right-click on it and select Open With … and select Excel. • Do not save a .dll file in the Documents folder as this will really stand out. Save in the C:Windows\System32 which has about 170 .dll files just starting with A. Call it something like Abl.dll. An extra advantage is that Ransomware will NOT encrypt .dll or .exe files. • Remember to back it up. • If you have 10,000+ music files then call it Something.mp3 with the music files.

  10. Final suggestion • Use an algorithmic password so that you never have to look at your password file. • If your name is Fred then use an algorithm, starting as:{ Fred$7 (Note the space after opening the curly bracket) • Then after your selected number add two letters that pertain to that password. Say the second and third letter. • If that site is Westpac, then your password will be { Fred$7se This way you do not need to look at a password file!

  11. After death …. • Having protected your wealth from hackers and thieves during your life don’t leave a huge problem when you die. • Remember that your executor must have access to your password file, where to find it and how to open it with the required password. • If you have transposed a letter with something else then include all details.

  12. Any Questions?

More Related