Jeff Maynard - · PDF file Jeff Maynard Protecting your digital persona. Copyright © Jeff...

Click here to load reader

  • date post

    31-Mar-2020
  • Category

    Documents

  • view

    6
  • download

    0

Embed Size (px)

Transcript of Jeff Maynard - · PDF file Jeff Maynard Protecting your digital persona. Copyright © Jeff...

  • Jeff Maynard Protecting your digital persona

  • Copyright © Jeff Maynard 2019

    Jeff Maynard •Started in computing in September, 1965 •Ran British Airways’ global comms and computers •Migrated C&W from analogue to digital networking •IT Entrepreneur of the Year, 2000 •Floated three IT companies (OTC, LSE, AIM) •Author of ten IT books •Writes iPhone/Android Apps as a hobby •Accredited by Thames Valley Police as

    •Fraud and Cyber Crime Prevention Specialist

  • Copyright © Jeff Maynard 2019

    A ‘Take Five’ Reminder

    • Firewall

    • Anti Virus

    • Backup

    • Strong Passwords

    • Common Sense

  • Copyright © Jeff Maynard 2019

    Take (Another) Five

    • Think before you link mouse-over or tap-and-hold to see true destination delete text messages with links

    • Bookmark financial sites or use the App be certain of the destination first

    • Always install updates often they fix security holes

    • Delete the obvious if it seems to good to be true, it most certainly is

    • Don’t post personal information on social media the bad guys harvest this

  • Copyright © Jeff Maynard 2019

    Do I Even Have A Digital Persona?

    • Yes, if you use:

    • Email, On-line shopping (Amazon, eBay, John Lewis, etc, etc), Catch-up TV, Apple devices, on-line Banking, Loyalty Clubs, HMRC on-line, NHS on-line (appointments, prescriptions etc), Phyllis Court portal

  • Copyright © Jeff Maynard 2019

    So, What Is My Digital Persona?

    • In simple terms:

    • Your login (usernames) and passwords

    • But logging in is something of a misnomer

  • Copyright © Jeff Maynard 2019

    AUTHENTICATION

    • Supplying a username and password is to confirm your identity

    • You are authenticating yourself with a particular site

    • User name says ‘this is me’

    • Password says ‘and here is the proof’

    • Anything that follows is at your cost…

  • Copyright © Jeff Maynard 2019

    50% Of Authentication Is Compromised

    • Username is usually your email

    • Your email is not secure (or secret)

    • Your password is the critical authentication element

  • Copyright © Jeff Maynard 2019

    Is Technology Helping?

    • Biometrics increasingly available

    • Apple uses TouchId or FaceID

    • Others use fingerprint scanner

    • For device access, and some apps

    • So, does not help with web sites

  • Copyright © Jeff Maynard 2019

    Can I Use More Than Username/Password?

    • Two Factor authentication

    • Enter Username and password

    • Receive one-time code

    • Enter one-time code

  • Copyright © Jeff Maynard 2019

    Can I Use More Than Username/Password?

    • 2FA for consumers in the UK:

    • Amazon, Apple, Box, Dropbox, Facebook, Gmail, Google Drive, Instagram, LinkedIn, Outlook.com, OneDrive, PayPal, Pinterest, Snapchat, Vodafone

    • Most banks use a variation of 2FA

    • Many key sites do not (yet) use 2FA

  • Copyright © Jeff Maynard 2019

    Apple Plans Will Help

    • iOS 13 includes email masking

    • Authenticating via an iOS device will use a one-off email

    • Replies from site will be redirected to your email

  • Copyright © Jeff Maynard 2019

    Meanwhile, Passwords Are Key To Security

    • ActionFraud (run by City of London Police)

    • National centre for fighting cyber crime

    https://www.actionfraud.police.uk/

  • Copyright © Jeff Maynard 2019

    ActionFraud Password Advice

    • All passwords should be:

    • Strong

    • Secure

    • Used for one site/app only

    • NOT written down (inc in Password Managers!)

  • Copyright © Jeff Maynard 2019

    ActionFraud Password Advice

    • How to create a strong password

    • Use three random words:

    • Don’t use family/pet names, sports team facts, birthplace, favourite holiday

  • Copyright © Jeff Maynard 2019

    ActionFraud Strong Passwords

    • grapefruit.multiple.porsches

    • periscope.fractious.sterling

    • maltese.energetic.passionfruit

    • capsize.definitive.ferryboat

    • tabletennis.carpet.southend

    • Peterloo.deadloss.Available

    • Temperature65polarbearDemand

    • Derived4?terrible7+journeyman

    • diddyman.artistic.penultimate

    • ferrari.hamilton.devious

    • central.happening.carpets

    • debate.encourage.particular

    • easier.periodic.neptune

    • dribble.beaujolis.Tanker

    • aristotle5.Mercury.doubtful22

    • 67phyllis!password@discussion

  • Copyright © Jeff Maynard 2019

    And Remember:

    • Every password different (could easily be 200+)

    • None written down (or in a Password Manager)

    • Despite AF advice, this is unrealistic!

    • now, a system to solve both problems…

  • Copyright © Jeff Maynard 2019

    A Safe & Secure Password System

    • Choose six or more words

    • Each with different starting letter

    • Words you will never forget

    • Because they will never be written down!!!

    • Preferably unrelated

    • Not grandchildren’s names for example

  • Copyright © Jeff Maynard 2019

    A Safe & Secure Password System

    • Sample sets: • westminster, anglia, bbc, pepsi, zeebrugge, langham4468

    but let’s help ourselves remember them:

    • husband, venice, dinner, spaghetti, frascati, traghetto • breakfast, caravan, llandudno, hiking, twisted, doctor • ferrari, tooexpensive, 3-wheeler, wobbles, whitexc40, lancasters • gwladys, elmswood, tuson, grosvenor, waldorf, brockenhurst

    next list is for illustration

    • adam, barry, carol, david, elliot, freddie

  • Copyright © Jeff Maynard 2019

    Using Our Password Set

    Plain words

    • adamcarolbarry

    • carolelliotfreddie

    • davidbarryelliot

  • Copyright © Jeff Maynard 2019

    Using Our Password Set

    Capitalised words

    • adamcarolbarry

    • carolelliotfreddie

    • davidbarryelliot

    • freddieBarrycarol

    • elliotDavidBarry

  • Copyright © Jeff Maynard 2019

    Using Our Password Set

    Adding ALL caps

    • adamcarolbarry

    • carolelliotfreddie

    • davidbarryelliot

    • freddieBarrycarol

    • elliotDavidBarry

    • barryELLIOTFreddie

  • Copyright © Jeff Maynard 2019

    Using Our Password Set

    Adding ALL caps

    • adamcarolbarry

    • carolelliotfreddie

    • davidbarryelliot

    • freddieBarrycarol

    • elliotDavidBarry

    • barryELLIOTFreddie

    • But how do we record these in our password manager?

  • Copyright © Jeff Maynard 2019

    Using Our Password Set

    Our secret recording

    • adamcarolbarry

    • carolelliotfreddie

    • davidbarryelliot

    • freddieBarrycarol

    • elliotDavidBarry

    • barryELLIOTFreddie

    • acb

    • cef

    • dbe

    • fBc

    • eDB

    • bEEF

  • Copyright © Jeff Maynard 2019

    Using Our Password Set

    Using numbers and/or punctuation

    • adam.carol7Barry

    • Carol45elliot.freddie

    • Davidbarryelliot21

    • freddie&Barry+carol

    • elliotDavidBarry+99

    • 35barryELLIOTFreddie

    • a.c7B

    • C45e.f

    • Dbe21

    • f&B+c

    • eDB+99

    • 35bEEF

  • Copyright © Jeff Maynard 2019

    Using Our Password Set

    Do we have enough combinations?

    • With just six words and

    • Lower case, upper case, all caps

    • Number (00-99)

    • Just six punctuation marks (eg: & + / ? < >)

    • Over THREE MILLION possible passwords

    • with two numbers: over 300,000,000...

    • All strong and all secure

  • Copyright © Jeff Maynard 2019

    Keeping Yourself Safe

    • Choose some words (pref six) you will never forget

    • Make passwords with three of your words

    • When requested (or anytime)

    • Use caps, add numbers, add punctuation

    • Record the SUMMARY in your password manager

  • Copyright © Jeff Maynard 2019

    Free Password Managers

    • Avast

    • LastPass

    • Dashlane

    • Sticky Password

    • RoboForm

    • Password Boss

  • Copyright © Jeff Maynard 2019

    Common Sense Reminders

    • No one will share $50 million with you

    • Lottery winners don’t pay an ‘admin fee’

    • Emails asking to verify details via a link are a scam

    • Banks & police will never ask you to transfer money

    • Microsoft and BT will never call to help resolve a problem

    • If it’s too good to be true...

  • Copyright © Jeff Maynard 2019

    Questions?

    Copies of thi