max/diceware_presentation
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Start explaining dangers of password reuse

Browse source
This commit is contained in:
Maximilian Friedersdorff 2019-05-31 10:07:51 +01:00
parent 7d3423f860
commit a40b700601
1 changed files with 38 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
slides.rst
View file

@ -1,11 +1,28 @@
Surviving phishing
------------------
Password reuse, password managers and strong passwords
======================================================
Why is Password Reuse a Problem? Why is Password Reuse a Problem?
-------------------------------- --------------------------------
.. image:: password_reuse_1.png .. image:: password_reuse_1.png
.. image:: password_reuse_2.png :height: 6.5cm
.. image:: password_reuse_3.png
Consider the following hypothetical users that reuse a strong password in
most places:
+-------------------+--------------------------+
| User | Password |
+===================+==========================+
| Sucker1@gmail.com | QUo5Qt+1Wa/Q1smDJRDbFg== |
+-------------------+--------------------------+
| Sucker2@gmail.com | +9Hz+/20rVkSkbcsmgdVFw== |
+-------------------+--------------------------+
| Sucker3@gmail.com | wnYkRcbi7Kkh7Fx2uR8EeA== |
+-------------------+--------------------------+
About password strength About password strength
----------------------- -----------------------
How is strength measured? How is strength measured?
========================= =========================
'Entropy' `s` depends on the size of the alphabet `a` and the length `n` of the 'Entropy' `s` depends on the size of the alphabet `a` and the length `n` of the
@ -31,6 +48,8 @@ reuse them.
It's surprisingly difficult for humans to generate good passwords! It's surprisingly difficult for humans to generate good passwords!
A strong password, as of 2019, has at least 80 bits of entropy.
Password Managers to the Rescue! Password Managers to the Rescue!
-------------------------------- --------------------------------
Password managers allow you to create a unique and strong password for every Password managers allow you to create a unique and strong password for every
@ -83,3 +102,20 @@ Generate passphrases with Diceware
5. Write down your passphrase on paper and keep it somewhere secure 5. Write down your passphrase on paper and keep it somewhere secure
6. If you are 100% confident that you will not forget the passphrase, destroy 6. If you are 100% confident that you will not forget the passphrase, destroy
the paper by burning the paper by burning
What about phishing?
====================
A password manager worth it's salt will refuse to fill out a password on a
different website, for instance faceb00k.com vs facebook.com
Using different passwords on every service limits your vulnerability even if
phishing is successful
Other advice
------------
In no particular order:
* Only log in on webpages that you navigated to by typing in the url yourself,
by searching on google, duckduckgo or some other reputable search engine or
from a bookmark
* Only log in to webpages that are