Passwords

• Goals
  • Understand the importance of a good password
  • Understand different ways someone might attempt to gain access to your password.
  • Understand what makes a good password.
  • Know how to reset your password at Edinboro.
• Currently your username and your password provide complete identity
• So what?
  • According to this report from the Bureau of Justice Statistics.
  • 17.6 million US residents were victims of identity theft in 2014
  • 2/3 reported financial loss.
    • About $15 Billion total
    • About 1/2 more than $100
    • 14% more than $1000
  • About 1/2 spent a day resolving the problem
    • 9% spent more than a month.
  • In general the habits you form today will impact you.
• As an add in, the government has a guide on how to protect yourself from identity theft.
• What is the impact of passwords in the University Environment?
  • In general:
    • On line shopping
    • Government Interaction
      • FASFA
      • IRS
      • Social Security
    • On line and in person banking
  • At school
    • Right now the big issue would be scheduling
    • Access to your grades/homework
    • Access to your email.
• What can you do?
  • Create a good password and keep it safe.
• Forms of password attack
  • Trying the default password.
  • Trying a known password (password reuse)
  • Social Engineering
  • Dictionary Attacks
  • Brute Force Attacks.
• Social Engineering
  • Phishing
    • Various bad emails.
      • 
      • 
      • 
    • Web sites
      • 
  • In person
    • Dad and his password list.
    • A "network support contractor"
    • Just a chat.
  • NEVER:
    • Give your password to anyone.
      • Not even your sister, mother, boyfriend, girlfriend,...
      • System people have access, they do not need your password.
      • And if they do, they should allow you to type it in WITHOUT WATCHING YOU DO SO
    • Don't write your passwords down.
      • In your wallet
      • On your keyboard
      • Anywhere.
• Other attacks
  • Other attacks occur when an entity breaks into a service and takes the password file.
    • Uber and 47 million of their users.
    • Yahoo seems always to have a problem.
    • Instagram lost info on 6 million users.
    • Exuafax lost data for 143 million people. (This one is sort of snarky, talking about how lax Equafax really was.)
    • Just try this search
  • My machine can "try" 350,000 passwords in a second
    • Using 1 processor (I have 4 cores, so 1.4 Million in a second)
    • 3.4 GHz processor.
    • Memory doesn't matter in this case.
    • This is not quite a fair test, as I was not "computing" new words, just re-encrypting the same one.
    • That would cut the speed by 1/2 or more.
  • The Oxford English Dictionary reports approximately 200,000 words.
    • But we could easily double or triple this : hot dog, hotdog, hot-dog, hotdogs, hot-dogs, hot dogs
  • Under reasonable assumptions, I should be able to try all 1 million dictionary words with my machine in a few minutes.
  • Any dictionary word is subject a brute force attack.
• Why does EUP require?
  • 
• Combinations and Permutations (Math 104)
  • How many lower case letters are there?
  • How many one letter passwords can I form?
  • How long will it take for me to "try" all of these?
  • With one letter, can I make this harder?
    • upper case
    • digits
    • special symbols
  • How about two letter passwords?
  • How about three letter passwords?
• What makes a bad password?
  • The default
  • Any word in any language
  • Non-words with meaning (rotfl, ncc1701, r2d2)
  • A word with a number on the end. (fred1)
  • Anything you will have to write down to remember.
• What makes a good password?
  • Sufficient length
  • Mix of letters, digits and special characters
  • Something you can remember.
  • Concatenate two words, with a symbol in the middle
    • w0rd4nOwFUN!
  • The first letter of each word in a phrase
    • To be or not to be, that is the question.
    • 2BontB,TItq?
• I generally keep three passwords
  • My secure password, - EUP accounts
  • My email password, -
  • My other password - for everything else.
• Build a spreadsheet.
  • Remember, my machine can try 350,000 passwords in a second.
  • The age of the universe is 13.82 billion years (estimate)
  • 
• Resetting your password at Edinboro.
  • Help Desk in Ross Hall.
    • You will need your student id.
  • On line
    • here
    • But you will need some form of validation.