Start explaining dangers of password reuse
This commit is contained in:
parent
7d3423f860
commit
a40b700601
1 changed files with 38 additions and 2 deletions
40
slides.rst
40
slides.rst
|
|
@ -1,11 +1,28 @@
|
|||
Surviving phishing
|
||||
------------------
|
||||
Password reuse, password managers and strong passwords
|
||||
======================================================
|
||||
Why is Password Reuse a Problem?
|
||||
--------------------------------
|
||||
.. image:: password_reuse_1.png
|
||||
.. image:: password_reuse_2.png
|
||||
.. image:: password_reuse_3.png
|
||||
:height: 6.5cm
|
||||
|
||||
Consider the following hypothetical users that reuse a strong password in
|
||||
most places:
|
||||
|
||||
+-------------------+--------------------------+
|
||||
| User | Password |
|
||||
+===================+==========================+
|
||||
| Sucker1@gmail.com | QUo5Qt+1Wa/Q1smDJRDbFg== |
|
||||
+-------------------+--------------------------+
|
||||
| Sucker2@gmail.com | +9Hz+/20rVkSkbcsmgdVFw== |
|
||||
+-------------------+--------------------------+
|
||||
| Sucker3@gmail.com | wnYkRcbi7Kkh7Fx2uR8EeA== |
|
||||
+-------------------+--------------------------+
|
||||
|
||||
About password strength
|
||||
-----------------------
|
||||
|
||||
How is strength measured?
|
||||
=========================
|
||||
'Entropy' `s` depends on the size of the alphabet `a` and the length `n` of the
|
||||
|
|
@ -31,6 +48,8 @@ reuse them.
|
|||
|
||||
It's surprisingly difficult for humans to generate good passwords!
|
||||
|
||||
A strong password, as of 2019, has at least 80 bits of entropy.
|
||||
|
||||
Password Managers to the Rescue!
|
||||
--------------------------------
|
||||
Password managers allow you to create a unique and strong password for every
|
||||
|
|
@ -83,3 +102,20 @@ Generate passphrases with Diceware
|
|||
5. Write down your passphrase on paper and keep it somewhere secure
|
||||
6. If you are 100% confident that you will not forget the passphrase, destroy
|
||||
the paper by burning
|
||||
|
||||
What about phishing?
|
||||
====================
|
||||
A password manager worth it's salt will refuse to fill out a password on a
|
||||
different website, for instance faceb00k.com vs facebook.com
|
||||
|
||||
Using different passwords on every service limits your vulnerability even if
|
||||
phishing is successful
|
||||
|
||||
Other advice
|
||||
------------
|
||||
In no particular order:
|
||||
|
||||
* Only log in on webpages that you navigated to by typing in the url yourself,
|
||||
by searching on google, duckduckgo or some other reputable search engine or
|
||||
from a bookmark
|
||||
* Only log in to webpages that are
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue