Escolar Documentos
Profissional Documentos
Cultura Documentos
IT Security Roundtable
January 15, 2010
Harvard Townsend
Chief Information Security Officer
harv@ksu.edu
Agenda
My accts/passwords:
PLEASE, NO!!!
If one is compromised, all are compromised
Different systems have different pw rules
Violates K-State policy about eID passwords
Value is inversely proportional to your age!
Youll often click on Forgot Your Password? links!
Write em down?
Risky, but not out of the question if you keep the note in a safe
place (NOT your desk pencil drawer)
Bigger issue is quantity of passwords you have to remember
Generally considered a bad idea
4
Financial
eID and other important K-State accts
Shopping accts that store your credit card info
Innocuous accts w/ no sensitive information
Windows only
Available for free at
passwordsafe.sourceforge.net
Mature product, lots of nice features
Has a sophisticated password generator
Allows you to jump to a web site and
auto-enter the username/pw used for that
site.
Demo
8
Other Strategies?
Threats to Passwords
10
Threats to Passwords
Threats to Passwords
12
Bank account
Credit/debit card account
Personal Identity Information (name + SSN, for
example)
Shopping account that stores credit card data;
normally credit card # is masked, but person could
change shipping address and spend lots of money
Administrator
K-State
eID
eID Password
HRIS self-service
Email
iSIS
K-State Online
eProfile (eid.ksu.edu) w/ emergency contact info
Oracle Calendar
K-State Single-Sign-On environment
Access to licensed software, databases
SGA elections
University Computing Labs
Student access to network in residence halls
14
eID Password
The longer you have the same password the more likely
someone will discover it (because of the threats just
discussed)
16
17
Uppercase letters
Lowercase letters
Numbers
Special characters (!, @, #, &, etc.)
Forms of Authentication
Weak
Strong
21
Passphrase
Challenge-Response
(aka security questions)
24
25
26
2 instead of to/too
4 for for
4t for Fort
L8 for late (r8, g8, b8, d8, etc.)
r for are
u for you
$ for S
1 (one) for l (el) or i (eye)
! for 1, l, or i
27
28
Gotchas:
2.
4.
31
6.
32
33