Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password...
Transcript of Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password...
![Page 1: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/1.jpg)
Become a Cybersecurity NinjaA ten-part webinar series
Today’s session:Your Passwords are Broken
How You Can Fix Them With guest Keith Berner, Freedom House
Next session:The @$#’s of Encryption
Communication, Information and Device Encryption Basics
To view information on entire series, please visit ninja.rtt.nyc.
![Page 2: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/2.jpg)
The Ninja PlanSubject to change
Threat Modeling Threat Modeling and Risk Assessment January 24th
Network Security Basics Firewalls, VPN, Vulnerability Scanning, etc February 7th
Authentication Passwords, Password Managers and 2FA February 21st
The @$#’s of Encryption Communication, Info and Device encryption March 7th
Gone Phishing Phishing, Social Engineering and Ransomware March 21st
On the Move Mobile security April 4th
Digital Privacy VPNs, TOR, reigning in social April 18th
Security Tools Review of our favorites tools and services May 2nd
Now What? Incident Response May 16th
Wrap-up and Quiz Review, wrap-up and Ninja Certification Quiz May 30th
![Page 3: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/3.jpg)
RoundTable Technology is a team of dedicated technology professionals operating out of Maine and New York.
We help hundreds of organizations achieve their missions through effective use of technology.
Joshua PeskayVice President of Technology Strategy
![Page 4: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/4.jpg)
Keith Berner, Director of ITFreedom HouseKeith Berner has been IT Director with Freedom House for four years and has been in the NGO sector since 2007. Keith’s eclectic career includes degrees in technology management, international relations, and theatre. He has at various times had responsibility for program development, research, writing, editing, financial management, and political organizing. Within IT, Keith’s greatest expertise is being able to locate and leverage the expertise of others. At Freedom House, an international human rights and democracy organization founded in 1941, he plays a key role in keeping the organization and its staff safe from authoritarian governments with hostile intent.
![Page 5: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/5.jpg)
The first step toward recovery is admitting you have a problem.
![Page 6: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/6.jpg)
Our Learning Objectives today...
● Why Passwords are Broken● Using Password Managers● Single Sign-On and Enterprise Password Managers● Two-Factor Authentication (2FA)
○ Fingerprint○ SMS○ Authenticator○ U2F (Universal 2-Factor)
● Resources for further learning
![Page 7: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/7.jpg)
What is the average number accounts registered to a single email address in the US?
![Page 8: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/8.jpg)
123456 is the best password
From Ashley Madison breach From LinkedIn breach
![Page 9: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/9.jpg)
The best passwords are long, complex and random alphanumeric strings.Such as
7!G2Kq@qyhTfTTQIwlcd82Kt
Or
yHIQHtLp7YoAb^&ib3ZHJt4WP#xCuBZEO3S7tIIe%IhUb7b81
Or
I like to eat donuts on Wednesdays.
Notice anything different about the last one?
![Page 10: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/10.jpg)
Human brains are not good at making and remembering long, complex and random alphanumeric strings.
And wait, it gets worse...
![Page 11: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/11.jpg)
Even Complex Passwords aren’t great
● They can still get phished● They can still be reused in multiple places● They can still be shared in insecure ways (e.g. plain text)● They can still be part of a larger breach● They can still be captured by keystroke loggers
![Page 12: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/12.jpg)
Password Managers to the Rescue
![Page 13: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/13.jpg)
Do you use a password manager in your personal life?
![Page 14: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/14.jpg)
Top Password Managers
Source: Lifehacker January 2015
![Page 15: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/15.jpg)
Password Managers - Basics● Create long, complex and random passwords.
○ It’s literally their job. ● Inexpensive (generally <$30/year/person)● Protects against phishing attacks● Can audit all your passwords
![Page 16: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/16.jpg)
Single Sign-On (SSO)
Password Managers● Used by individuals (can be part of organization)● Generate and manage passwords● Can login automatically (with browser plug-ins)● Share credentials securely● Can store private credentials (not reveal to org)
● Simplifies provisioning and deprovisioning (new staff and departing staff)● Creates a single authentication for key services ● Staff only manage one (1) password for SSO accounts
![Page 17: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/17.jpg)
Key Success FactorsPassword Managers● Strong master passwords
○ 2FA even better● Strong change management and support● Regular reporting and use monitoring● Time
![Page 18: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/18.jpg)
Do you use two-factor authentication in your personal life?
![Page 19: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/19.jpg)
Ways to Authenticate
1. Something you know (username, password)
2. Something you have (smartphone, usb key)
3. Something you are (fingerprint, voice recognition)
![Page 20: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/20.jpg)
Common Methods of 2FA
Fingerprint (something you are)
SMS (something you have)
Authenticator app (something you have)
![Page 21: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/21.jpg)
Universal Two-Factor Authentication (U2F)
![Page 22: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/22.jpg)
Universal Two-Factor Authentication (U2F)
![Page 23: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/23.jpg)
Who’s using U2F?
And lots more: https://www.yubico.com/about/reference-customers/
![Page 24: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/24.jpg)
Key Success FactorsTwo-Factor Authentication● Most critical services first● Testing groups● Authenticator app preferable to SMS
○ Consider U2F ● Training, support, training, support, rinse, repeat.
![Page 25: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/25.jpg)
What is your biggest challenge around Password Management?
![Page 26: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/26.jpg)
Resources
● Secure Passwords Animation (warning - some bad language)● Single Sign-On - Solutions and Challenges● 12 Days of 2FA (from the EFF)
![Page 27: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/27.jpg)
Next Session
To view information on entire series, please visit ninja.rtt.nyc.
The @$#’s of EncryptionCommunication, Information and Device Encryption Basics
![Page 28: Communication, Information and Device Encryption Basics ... · Authentication Passwords, Password Managers and 2FA February 21st The @$#’s of Encryption Communication, Info and](https://reader034.fdocuments.net/reader034/viewer/2022051807/6007ff41dec99e1d7f4e4428/html5/thumbnails/28.jpg)