Jeff Maynard - policevolunteer.co.uk · Jeff Maynard Protecting your digital persona. Copyright ©...
Transcript of Jeff Maynard - policevolunteer.co.uk · Jeff Maynard Protecting your digital persona. Copyright ©...
Jeff Maynard Protecting your digital persona
Copyright © Jeff Maynard 2019
Jeff Maynard•Started in computing in September, 1965 •Ran British Airways’ global comms and computers •Migrated C&W from analogue to digital networking •IT Entrepreneur of the Year, 2000 •Floated three IT companies (OTC, LSE, AIM) •Author of ten IT books •Writes iPhone/Android Apps as a hobby •Accredited by Thames Valley Police as
•Fraud and Cyber Crime Prevention Specialist
Copyright © Jeff Maynard 2019
A ‘Take Five’ Reminder
• Firewall
• Anti Virus
• Backup
• Strong Passwords
• Common Sense
Copyright © Jeff Maynard 2019
Take (Another) Five
• Think before you link mouse-over or tap-and-hold to see true destination delete text messages with links
• Bookmark financial sites or use the App be certain of the destination first
• Always install updates often they fix security holes
• Delete the obvious if it seems to good to be true, it most certainly is
• Don’t post personal information on social media the bad guys harvest this
Copyright © Jeff Maynard 2019
Do I Even Have A Digital Persona?
• Yes, if you use:
• Email, On-line shopping (Amazon, eBay, John Lewis, etc, etc), Catch-up TV, Apple devices, on-line Banking, Loyalty Clubs, HMRC on-line, NHS on-line (appointments, prescriptions etc), Phyllis Court portal
Copyright © Jeff Maynard 2019
So, What Is My Digital Persona?
• In simple terms:
• Your login (usernames) and passwords
• But logging in is something of a misnomer
Copyright © Jeff Maynard 2019
AUTHENTICATION
• Supplying a username and password is to confirm your identity
• You are authenticating yourself with a particular site
• User name says ‘this is me’
• Password says ‘and here is the proof’
• Anything that follows is at your cost…
Copyright © Jeff Maynard 2019
50% Of Authentication Is Compromised
• Username is usually your email
• Your email is not secure (or secret)
• Your password is the critical authentication element
Copyright © Jeff Maynard 2019
Is Technology Helping?
• Biometrics increasingly available
• Apple uses TouchId or FaceID
• Others use fingerprint scanner
• For device access, and some apps
• So, does not help with web sites
Copyright © Jeff Maynard 2019
Can I Use More Than Username/Password?
• Two Factor authentication
• Enter Username and password
• Receive one-time code
• Enter one-time code
Copyright © Jeff Maynard 2019
Can I Use More Than Username/Password?
• 2FA for consumers in the UK:
• Amazon, Apple, Box, Dropbox, Facebook, Gmail, Google Drive, Instagram, LinkedIn, Outlook.com, OneDrive, PayPal, Pinterest, Snapchat, Vodafone
• Most banks use a variation of 2FA
• Many key sites do not (yet) use 2FA
Copyright © Jeff Maynard 2019
Apple Plans Will Help
• iOS 13 includes email masking
• Authenticating via an iOS device will use a one-off email
• Replies from site will be redirected to your email
Copyright © Jeff Maynard 2019
Meanwhile, Passwords Are Key To Security
• ActionFraud (run by City of London Police)
• National centre for fighting cyber crime
https://www.actionfraud.police.uk/
Copyright © Jeff Maynard 2019
ActionFraud Password Advice
• All passwords should be:
• Strong
• Secure
• Used for one site/app only
• NOT written down (inc in Password Managers!)
Copyright © Jeff Maynard 2019
ActionFraud Password Advice
• How to create a strong password
• Use three random words:
• Don’t use family/pet names, sports team facts, birthplace, favourite holiday
Copyright © Jeff Maynard 2019
ActionFraud Strong Passwords
• grapefruit.multiple.porsches
• periscope.fractious.sterling
• maltese.energetic.passionfruit
• capsize.definitive.ferryboat
• tabletennis.carpet.southend
• Peterloo.deadloss.Available
• Temperature65polarbearDemand
• Derived4?terrible7+journeyman
• diddyman.artistic.penultimate
• ferrari.hamilton.devious
• central.happening.carpets
• debate.encourage.particular
• easier.periodic.neptune
• dribble.beaujolis.Tanker
• aristotle5.Mercury.doubtful22
• 67phyllis!password@discussion
Copyright © Jeff Maynard 2019
And Remember:
• Every password different (could easily be 200+)
• None written down (or in a Password Manager)
• Despite AF advice, this is unrealistic!
• now, a system to solve both problems…
Copyright © Jeff Maynard 2019
A Safe & Secure Password System
• Choose six or more words
• Each with different starting letter
• Words you will never forget
• Because they will never be written down!!!
• Preferably unrelated
• Not grandchildren’s names for example
Copyright © Jeff Maynard 2019
A Safe & Secure Password System
• Sample sets:• westminster, anglia, bbc, pepsi, zeebrugge, langham4468
but let’s help ourselves remember them:
• husband, venice, dinner, spaghetti, frascati, traghetto • breakfast, caravan, llandudno, hiking, twisted, doctor• ferrari, tooexpensive, 3-wheeler, wobbles, whitexc40, lancasters• gwladys, elmswood, tuson, grosvenor, waldorf, brockenhurst
next list is for illustration
• adam, barry, carol, david, elliot, freddie
Copyright © Jeff Maynard 2019
Using Our Password Set
Plain words
• adamcarolbarry
• carolelliotfreddie
• davidbarryelliot
Copyright © Jeff Maynard 2019
Using Our Password Set
Capitalised words
• adamcarolbarry
• carolelliotfreddie
• davidbarryelliot
• freddieBarrycarol
• elliotDavidBarry
Copyright © Jeff Maynard 2019
Using Our Password Set
Adding ALL caps
• adamcarolbarry
• carolelliotfreddie
• davidbarryelliot
• freddieBarrycarol
• elliotDavidBarry
• barryELLIOTFreddie
Copyright © Jeff Maynard 2019
Using Our Password Set
Adding ALL caps
• adamcarolbarry
• carolelliotfreddie
• davidbarryelliot
• freddieBarrycarol
• elliotDavidBarry
• barryELLIOTFreddie
• But how do we record these in our password manager?
Copyright © Jeff Maynard 2019
Using Our Password Set
Our secret recording
• adamcarolbarry
• carolelliotfreddie
• davidbarryelliot
• freddieBarrycarol
• elliotDavidBarry
• barryELLIOTFreddie
• acb
• cef
• dbe
• fBc
• eDB
• bEEF
Copyright © Jeff Maynard 2019
Using Our Password Set
Using numbers and/or punctuation
• adam.carol7Barry
• Carol45elliot.freddie
• Davidbarryelliot21
• freddie&Barry+carol
• elliotDavidBarry+99
• 35barryELLIOTFreddie
• a.c7B
• C45e.f
• Dbe21
• f&B+c
• eDB+99
• 35bEEF
Copyright © Jeff Maynard 2019
Using Our Password Set
Do we have enough combinations?
• With just six words and
• Lower case, upper case, all caps
• Number (00-99)
• Just six punctuation marks (eg: & + / ? < >)
• Over THREE MILLION possible passwords
• with two numbers: over 300,000,000...
• All strong and all secure
Copyright © Jeff Maynard 2019
Keeping Yourself Safe
• Choose some words (pref six) you will never forget
• Make passwords with three of your words
• When requested (or anytime)
• Use caps, add numbers, add punctuation
• Record the SUMMARY in your password manager
Copyright © Jeff Maynard 2019
Free Password Managers
• Avast
• LastPass
• Dashlane
• Sticky Password
• RoboForm
• Password Boss
Copyright © Jeff Maynard 2019
Common Sense Reminders
• No one will share $50 million with you
• Lottery winners don’t pay an ‘admin fee’
• Emails asking to verify details via a link are a scam
• Banks & police will never ask you to transfer money
• Microsoft and BT will never call to help resolve a problem
• If it’s too good to be true...
Copyright © Jeff Maynard 2019
Questions?
Copies of this and others from:
www.policevolunteer.co.uk