Part II: Passwords. Ron van der Meyden. (University of New South Wales Sydney, Australia) March 12, R. van der Meyden Part II: Passwords
|
|
- Darleen Quinn
- 5 years ago
- Views:
Transcription
1 Part II: Passwords Ron van der Meyden (University of New South Wales Sydney, Australia) March 12, 2013 Passwords An old security mechanism: Soldiers access to camp Secret society handshakes Objective: authentication: prove that the person requesting access has the right to access
2 A systems perspective Context of use: other systems Users Authentication and Access Control Technology Assets Password Hardness A brute force attack on passwords: try all possible passwords How many times required to try? password type # instances 4 digit PIN char (lower case) alphabetical digit (lower case) alphanumeric char (upper and lower) alphabetical digit (upper and lower) alphanumeric decimal digits *=password type used for US nuclear missile launch 12 = maximum reliable length in memory under stress experiments
3 Protections Against Brute Force Attacks Detection Response Detection: Login screen displays Date and Time of last successful login Date and Time of all unsuccessful login attempts since then (less common, but more effective) Requires training of users, attentiveness Response Repeat failed password attempts suggestive of a brute force attack in progress. Possible responses: After 3 failed attempts within time T, disable the password Degrade response time with frequency of attempts Problems: Both open up a new attack: denial of service! Locking not always possible: document encrypted with password as key- attacker with encrypted text can keep trying. What if the asset being protected is safety critical? E.g. medicine cabinet.
4 Brute force may be easier than you think Passwords must be remembered. People have bad memories, so choose passwords they can easily remember. Gramp & Morris 1984 (rule six characters, at least one number) cracked all of >20 machines using database of 20 most common female names + 1 digit Schneiner 2006: analysis of attack on 100,000 Myspace users: password1 (0.22%), abc123, myspace1, password, blink182, qwerty1, fuckyou, 123abc, baseball1, football1, , soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1, monkey (Oct 2009: 64 times in 10,000 Hotmail, MSN and Live.com ID s starting with A, B) Defending against common password guessing attacks Don t allow users to construct their own, give them a random pwd Impose password construction rules Check candidate password against a common password database Train users to avoid common password errors Train users in secure password construction approaches (e.g passphrase)
5 Password Construction Rules E.g. passwords must be at least six characters long and contain at least one non-alphabetical character Most common password changes from password to password1! Make the rules too hard and you may scare users away: (bad for an e-commerce site) Password Construction from a passphrase: The rain in Spain falls mainly on the plain TriSfmotp The downside of password defences Highly random passwords make it harder for people to remember passwords. So: they write their passwords on pieces of paper & stick them on the machine (beware the cleaner!) they frequently forget their passwords (so you need a password reset mechanism)
6 Password Reset A common approach to password reset: List of questions: e.g., UNSW zpass zpass.html Mother s maiden name Name of first pet etc Issues: Some of this is public information, so easily guessed These questions may not apply to everyone You can t change these in case they become public! Even when not easily guessed, so many services now use these questions that it opens up cross-site attack risk (insiders at one service attacking your account at another). Password Change Frequency A password that has been cracked is no defence. The likelihood that a password has been cracked increases with time. Defence: require password changes.
7 The downside of password defences Frequent password changes & highly random passwords make it harder for people to remember passwords. So: they write their passwords on pieces of paper they choose easily cracked passwords they change password twice (or k times) to reset to their old one: password1 password2 password1 Training Users Hard for e-commerce sites, but possible in military & corporate settings How effective is training users? J. Yan, A. Blackwell, R. Anderson, A. Grant, The memorability and security of passwords some empirical results, IEEE Security and Privacy, Oct
8 3 groups of Users: red: pick your own password, 6 characters, at least one non-alpha green: think of a passphrase and select letters to build a password yellow: force randomness: select 8 characters (mixed type) from a table, write down for learning, destroy after two weeks Crack rates/reported difficulty of remembering: red: 30%, OK green: 10%, OK ( same as red) yellow: 10%, difficult Recommendation: passphrase is the best tradeoff (Some users do not follow instructions!) Attacks against Passwords Brute Force Looking over the shoulder (Insider) attack on the system password database Sociological attacks: phishing
9 Insider Attacks on Password Database E.g. theft of password list: Defenses: encryption/hashing of entries: Store (user, f (Password)), where x such that f (x) = f (Password)) is hard to find To authenticate, check f (string entered) = f (Password) Phishing Dear Valued Customer, Due to an apparent attempt to break into your electronic banking account, we have locked your account pending reconfirmation of your password. This is urgent! You must reconfirm your login details. Please click on the following link <a href= > and log into your account to reconfirm your password. Please do not respond to this . This address is not monitored and is used for outgoing s only.
10 Training your users not to fall for phishing (not!) From: Subject: Important: Changed access to the UNSW Uniwide wireless service Date: 17 February :48:31 PM IT at UNSW is upgrading the UniWide wireless service. This upgrade will provide significant improvements including better coverage and higher throughput over the old service. What do I need to do? This service will require a new method of access which utilises zpass rather than UniPass. After the upgrade, authentication via UniPass will be disabled. Authentication is only available via z number and zpass. Staff who currently have an s staff number, simply replace the s with a z (so that s becomes z ). Staff who currently have a z number - simply use this as it is. Staff who currently have an m should contact the IT Service Centre to help create a z number for them. To set your zpass (if you have not done it yet), you can log into the Identity Manager website ( with your UniPass and set it up. Why don t you do that right now? Also instruction guides to reconfigure your device to support the use of zpass are available at CONTROL-ALT-DEL What is this (IBM PC/Windows) key sequence for? (a) rebooting the computer (b) escaping from the blue screen of death (c) protecting against an attack (d) all of the above (e) none of the above
11 Answer Answer: (d) originally intended as a reboot sequence (implemented by IBM PC designer David Bradley) Bradley: I may have invented Control-Alt-Delete, but Bill Gates made it famous. later adopted as secure attention key to protect against login spoofing Login Spoofing (phishing before the net) (Ever since multiple user terminals in 1970 s) User1 leaves a program running that displays an interface that looks just like the login screen. User2 enters their login and password. The program captures the login details, logs out, so real password screen now comes up. User2 thinks: Hmm, I must have made a typo in my password
12 Secure Attention A secure attention key (e.g. CONTROL-ALT-DEL) cannot be captured by any application program, and resets machine to offer an authentic login screen. Question: so what do you do on a MAC or Linux system? Aargh, not another password to remember! Many services require passwords: ATM PIN, Online Banking, telephone banking Share trading accounts: national, international Unipin, CSE login Bill payment Booking services (Opera House, Ticketek,..) Social Networking site Web Online Bookstore News sites (Crikey, Aust. Fin. Rev. already, News Ltd papers soon) etc... How to remember them all?
13 Same Password or Many? Use same password: Risk that compromise of one (e.g. News site) leads to compromise of others (e.g. Online Banking) Use different passwords: Risk that I will forget and be locked out! User defenses against password mania Use Browser (or system keychain) password memory but what about internet cafe use? Use password groups: easy password for all services that are protecting their content, not my secrets: online news, payment services that don t record my Credit Card number hard password(s) for critical secrets, banking etc.
14 User defenses against password mania Blake Ross, Collin Jackson, Nicholas Miyake, Dan Boneh and John C. Mitchell, Stronger Password Authentication Using Browser Extensions. Proc. of the 14th Usenix Security Symp., Generate the password for service/url X as a function f of X and a master password P I.e., I remember one password P At amazon.com, my password is f (P, amazon.com ) At ebay.com, my password is f (P, ebay.com ) (different from f (P, amazon.com )!) At ebay.phisherman, my password is f (P, ebay.phisherman ) (different from f (P, ebay.com )!) Conclusion When we look at passwords from a systems perspective, all sorts of non-obvious vulnerabilities appear. As a result of these, passwords have long since had their day. But they are not going to go away any time soon. So understand the risks, mitigate as best you can (e.g., two-factor authentication)!
Authentication KAMI VANIEA 1
Authentication KAMI VANIEA FEBRUARY 1ST KAMI VANIEA 1 First, the news KAMI VANIEA 2 Today Basics of authentication Something you know passwords Something you have Something you are KAMI VANIEA 3 Most recommended
More informationClient-side Defenses for Context-Aware Phishing and Transaction Generator Spyware
Client-side Defenses for Context-Aware Phishing and Transaction Generator Spyware Collin Jackson Dan Boneh John Mitchell Stanford University Web Threats Phishing Spoof website convinces user to log in
More informationTake Control of Your Passwords
Take Control of Your Passwords Joe Kissell Publisher, Take Control Books @joekissell takecontrolbooks.com The Password Problem Passwords are annoying! It s tempting to take the easy way out. There is an
More informationUser Authentication + Other Human Aspects
CSE 484 (Winter 2010) User Authentication + Other Human Aspects Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationComputer Security 3/20/18
Authentication Identification: who are you? Authentication: prove it Computer Security 08. Authentication Authorization: you can do it Protocols such as Kerberos combine all three Paul Krzyzanowski Rutgers
More informationComputer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Authentication Paul Krzyzanowski Rutgers University Spring 2018 1 Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Protocols such
More informationSecurity Awareness. Chapter 2 Personal Security
Security Awareness Chapter 2 Personal Security Objectives After completing this chapter, you should be able to do the following: Define what makes a weak password Describe the attacks against passwords
More informationComputer Security 4/12/19
Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers
More informationControlling Website Account Information. A recent survey done by Privacy Rights Clearinghouse shows that in the past five years
Colson 1 Alex Colson Dr. Lunsford Information Security Management 10 July 2007 Controlling Website Account Information A recent survey done by Privacy Rights Clearinghouse shows that in the past five years
More informationSecurity Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.
Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol John Jersin Jonathan Wheeler CS259 Stanford University March 20, 2008 Version 1 Security Analysis of Bluetooth v2.1 + EDR Pairing
More informationCNT4406/5412 Network Security
CNT4406/5412 Network Security Authentication Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 43 Introduction Introduction Authentication is the process
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationSummary
The Imperva Application Defense Center (ADC) ADC White Paper Summary In December 2009, a major password breach occurred that led to the release of 32 million passwords 1. Further, the hacker posted to
More informationMODULE NO.28: Password Cracking
SUBJECT Paper No. and Title Module No. and Title Module Tag PAPER No. 16: Digital Forensics MODULE No. 28: Password Cracking FSC_P16_M28 TABLE OF CONTENTS 1. Learning Outcomes 2. Introduction 3. Nature
More informationIndex 1. Activate your laptop s wireless connectivity [page 1] Configure your wireless connection for UniWide [page 1] Connect to UniWide [page 5]
UniWide Setup guide for Windows Vista UniWide is the UNSW Campus Wireless Network for UNSW students and staff. It offers fast, secure wireless network connectivity from a wide range of locations across
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationClient-side defenses against web-based identity theft
Client-side defenses against web-based identity theft Students: Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty: Dan Boneh and John Mitchell Stanford University PORTIA Project 1 Phishing Attack Spam
More informationPasswords. Secure Software Systems
1 Passwords 2 Password Lifecycle Change/Reset Password Create Password (user choice) Use Password (user supplies for auth) Store Password (with user identifier) 3 Password Creation 4 Password Creation
More informationUpgrading Your Home Network Security
Upgrading Your Home Network Security For Free! Dr. Glen Sagers Illinois State University Outline Passwords & Passphrases Two-factor authentication Updates Viruses and Malware WiFi security Internet of
More informationOn Passwords (and People)
On Passwords (and People) EECE 571B Computer Security Konstantin Beznosov Basics and Terminology definition authentication is binding of identity to subject! Identity is that of external entity! Subject
More informationUser Authentication. E.g., How can I tell you re you?
User Authentication E.g., How can I tell you re you? 1 The Basics Unlike real world authentication (e.g., you recognize someone s voice over the phone) computer can t recognize someone (well, not in the
More informationSigning up for My Lahey Chart
Signing up for My Lahey Chart What is My Lahey Chart? My Lahey Chart is a helpful service that allows you to connect with your doctor and your health information online, anytime. Using your personal computer
More informationPersonal Cybersecurity
Personal Cybersecurity The Basic Principles Jeremiah School, CEO How big is the issue? 9 8 7 6 5 4 3 2 1 Estimated global damages in 2018 0 2016 2018 2020 2022 2024 2026 2028 2030 Internet Users Billions
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationCOMMON WAYS IDENTITY THEFT CAN HAPPEN:
COMMON WAYS IDENTITY THEFT CAN HAPPEN: OLD FASHIONED STEALING / DUMPSTER DIVING Thieves typically steal wallets and purses. They also steal mail such as credit card and bank statements, pre-approved credit
More informationPasswords. EJ Jung. slide 1
Passwords EJ Jung slide 1 Basic Problem? How do you prove to someone that you are who you claim to be? Any system with access control must solve this problem slide 2 Many Ways to Prove Who You Are What
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/1516/ Chapter 4: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/1516/ Chapter 4: 1 Chapter 4: Identification & Authentication Chapter 4: 2 Agenda User authentication Identification & authentication Passwords
More informationRethinking Authentication. Steven M. Bellovin
Rethinking Authentication Steven M. https://www.cs.columbia.edu/~smb Why? I don t think we understand the real security issues with authentication Our defenses are ad hoc I regard this as a step towards
More informationSecurID Information. General Card Information. Card Precautions. Security Features FRED HUTCHINSON CANCER RESEARCH CENTER
FRED HUTCHINSON CANCER RESEARCH CENTER SecurID Information General Card Information The SecurID card is a credit-card-sized microprocessor token that lets authorized users access the SCHARP secure web
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationSECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA
SECURITY STORY WE NEVER SEE, TOUCH NOR HOLD YOUR DATA CTO Office www.digi.me another Engineering Briefing digi.me keeping your data secure at all times ALL YOUR DATA IN ONE PLACE TO SHARE WITH PEOPLE WHO
More informationSumy State University Department of Computer Science
Sumy State University Department of Computer Science Lecture 1 (part 2). Access control. What is access control? A cornerstone in the foundation of information security is controlling how resources are
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationA Model to Restrict Online Password Guessing Attacks
A Model to Restrict Online Password Guessing Attacks Aqib Malik, Dr. Sanjay Jamwal Department of Computer Science, Baba Ghulam Shah Badshah University, Rajouri, J&K, India Abstract Passwords are a critical
More informationMnemonic Password Algorithms
Mnemonic Password Algorithms Remembering Secure Passwords I)ruid What is a Mnemonic Password Algorithm? An MPA, or Mnemonic Password Algorithm, is a mental mapping of known elements
More informationBanking System Upgrade - Frequently Asked Questions (FAQs)
Banking System Upgrade - Frequently Asked Questions (FAQs) What does banking system upgrade mean and why do we need to upgrade our banking system? A banking system upgrade means we are changing the technology
More informationCardNav by CO-OP 3.0. Quick Reference Guide. CO-OP Financial Services
CardNav by CO-OP 3.0 Quick Reference Guide CO-OP Financial Services TABLE OF CONTENTS Getting Started Installing and Upgrading Contents Logging in to the App Navigating the App Viewing Card Information
More informationFAQ: Privacy, Security, and Data Protection at Libraries
FAQ: Privacy, Security, and Data Protection at Libraries This FAQ was developed out of workshops and meetings connected to the Digital Privacy and Data Literacy Project (DPDL) and Brooklyn Public Library
More informationGive Me Letters 2, 3 and 6! Partial Password Implementations and Attacks
Give Me Letters 2, 3 and 6! Partial Password Implementations and Attacks David Aspinall, University of Edinburgh, UK Mike Just, Glasgow Caledonian University, UK Financial Cryptography and Data Security,
More informationFrequently Asked Questions (FAQ)
Your personal information and account security is important to us. This product employs a Secure Sign On process that includes layers of protection at time of product log in to mitigate risk, and thwart
More informationYou can register online or at any CBA branch or download the application form from our website
1. What is CBA Internet banking? CBA Internet Banking offers you banking services online. With internet access you have the convenience of transacting or viewing your accounts from anywhere. Banking anytime,
More informationPasswords. CS 166: Introduction to Computer Systems Security. 3/1/18 Passwords J. Liebow-Feeser, B. Palazzi, R. Tamassia, CC BY-SA 2.
Passwords CS 166: Introduction to Computer Systems Security 1 Source: https://shop.spectator.co.uk/wp-content/uploads/2015/03/open-sesame.jpg 2 Password Authentication 3 What Do These Passwords Have in
More informationTABLE OF CONTENTS. Lakehead University Password Maintenance Standard Operating Procedure
TABLE OF CONTENTS 1.0 General Statement... 3 2.0 Purpose... 3 3.0 Scope... 3 4.0 Procedure... 3 4.1 General... 3 4.2 Requirements... 4 4.3 Guidelines... 4 5.0 Failure to comply... 6 2 1.0 GENERAL STATEMENT
More informationProtecting and Archiving usernames & passwords
Protecting and Archiving usernames & passwords Let s face it we all have too many passwords to remember. However, passwords are our first line of defense against keeping the bad guys out and appropriately
More informationUser Authentication. Tadayoshi Kohno
CSE 484 (Winter 2011) User Authentication Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationSecurity Awareness. Presented by OSU Institute of Technology
Security Awareness Presented by OSU Institute of Technology Information Technologies Division Security Awareness Topics Social Engineering Phishing Social Networks Displaying Sensitive Information Wireless
More informationCOMPUTER PASSWORDS POLICY
COMPUTER PASSWORDS POLICY 1.0 PURPOSE This policy describes the requirements for acceptable password selection and maintenance to maximize security of the password and minimize its misuse or theft. Passwords
More informationKT-4 Keychain Token Welcome Guide
SafeNet Authentication Service KT-4 Keychain Token Welcome Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document
More informationTennessee Technological University Policy No Password Management
Tennessee Technological University Policy No. 852 Password Management Effective Date: January 1, 2014 Policy No: 852 Policy Name: Password Management Policy Policy Subject: Password Management Date Revised:
More informationGLOBAL PAYMENTS AND CASH MANAGEMENT. Security
GLOBAL PAYMENTS AND CASH MANAGEMENT Security The Bank aims to provide you with a robust, reliable and secure online environment in which to do business. We seek to achieve this through the adoption of
More informationCyber Security Basics. Presented by Darrel Karbginsky
Cyber Security Basics Presented by Darrel Karbginsky What s to come In the following slides I am going to discuss amongst other things and in no particular order things to enlighten, frighten, educate,
More informationAssistance with University Projects? Research Reports? Writing Skills? We ve got you covered! www.assignmentstudio.net WhatsApp: +61-424-295050 Toll Free: 1-800-794-425 Email: contact@assignmentstudio.net
More information5-899 / Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006
5-899 / 17-500 Usable Privacy and Security Text Passwords Lecture by Sasha Romanosky Scribe notes by Ponnurangam K March 30, 2006 1 Topics covered Authentication and authorization Pass-sentences, pass-phrases
More informationImproving Password Management. Laura Raderman, Policy and Compliance Coordinator, ISO Ole Villadsen, Research Liaison, Cybersecurity, UL
Improving Password Management Laura Raderman, Policy and Compliance Coordinator, ISO Ole Villadsen, Research Liaison, Cybersecurity, UL Password Management How many passwords do you have? Are they all
More informationAbout MassMutual Electronic Bill Presentment & Payment
Group Billing and Collections Frequently Asked Questions (FAQs) for ebill and epay About MassMutual Electronic Bill Presentment & Payment E-Bill Questions and Problems Payment Process Questions Payment
More informationInternet Quick Start Guide. Get the most out of your Midco internet service with these handy instructions.
Internet Quick Start Guide Get the most out of your Midco internet service with these handy instructions. 1 Contents Internet Security................................................................ 4
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More informationSTEAM Clown Production. Passwords. STEAM Clown & Productions Copyright 2016 STEAM Clown. Page 1 - Cyber Security Class
Production Passwords Page 1 - Cyber Security Class Copyright 2016 Does It Matter? Is your email password the same as your Facebook password? Is that Good? Bad? Why? Page 2 - Cyber Security Class Copyright
More informationInformation Security CS 526
Information Security CS 526 Topic 7: User Authentication CS526 Topic 7: User Authentication 1 Readings for This Lecture Wikipedia Password Password strength Salt_(cryptography) Password cracking Trusted
More informationUser Authentication. Daniel Halperin Tadayoshi Kohno
CSE 484 / CSE M 584 (Autumn 2011) User Authentication Daniel Halperin Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others
More informationAuthentication. Steven M. Bellovin January 31,
Authentication Another trilogy: identification, authentication, authorization ACLs and the like are forms of authorization: what you re allowed to do Identification is whom you claim to be be Authentication
More informationKeePass Keep your passwords SAFE. John Steele. August 2015 Copyright John Steele
KeePass Keep your passwords SAFE John Steele August 2015 Copyright John Steele 2015 1 What we will cover What is the problem with passwords How complex do they need to be How can they be stored safely
More informationEngineering Robust Server Software
Engineering Robust Server Software Defense In Depth You Are Building YourAwesomeSite.com Django Built In Authen Sanitization Distrust clients Use all the best practices you know 2 You Are Building YourAwesomeSite.com
More information2 User Guide. Contents
E-mail User Guide 2 E-mail User Guide Contents Logging in to your web mail... 3 Changing your password... 5 Editing your signature... 6 Adding an e-mail account to Outlook 2010/2013/2016... 7 Adding an
More informationANNUAL SECURITY AWARENESS TRAINING 2012
UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff ANNUAL SECURITY AWARENESS TRAINING 2012 NETWORK AND COMPUTER USE POLICY Users of information technology
More informationWeb Security, Summer Term 2012
IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 7 Broken Authentication and Session
More informationWeb Security, Summer Term 2012
Table of Contents IIG University of Freiburg Web Security, Summer Term 2012 Brocken Authentication and Session Management Dr. E. Benoist Sommer Semester Introduction Examples of Attacks Brute Force Session
More informationWhy was an extra step of choosing a Security Image added to the sign-in process?
General Information Why was an extra step of choosing a Security Image added to the sign-in process? Criminals can create websites that look very similar to legitimate business websites. We want to take
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationReACT New User Setup, Password Reset and Account Unlock Instructions
ReAct is a tool that will replace the current password reset system. In order to use ReAct you have to enroll and setup your challenge questions. Once enrolled you will have easy access to reset your password
More informationConsumer Online Banking Application
Consumer Online Banking Application SERVICE INFORMATION To apply for consumer online banking services, complete this Online Banking Application, print, sign and return using one of the following options:
More informationA Division of Cisco Systems, Inc. GHz 2, g. Wireless-G. User Guide. Access Point WIRELESS WAP54G (EU/LA/UK) Model No.
A Division of Cisco Systems, Inc. GHz 2,4 802.11g WIRELESS Wireless-G Access Point User Guide Model No. WAP54G (EU/LA/UK) Copyright and Trademarks Specifications are subject to change without notice. Linksys
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationThe MSU Department of Mathematics "Account Manager" can be used for the following:
MSU Department of Mathematics Account Manager Tutorial Overview The MSU Department of Mathematics "Account Manager" can be used for the following: Change your Math account password Reset a forgotten password
More informationExpected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy
CHAPTER 9 DEVELOPING NETWORK SECURITY STRATEGIES Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy Network Security Design
More informationFORTIFICATION AGAINST PASSWORD GUESSING ATTACKS IN ONLINE SYSTEM
FORTIFICATION AGAINST PASSWORD GUESSING ATTACKS IN ONLINE SYSTEM V Anusha 1, T Lakshmi Priya 2 1 M.Tech Scholar (CSE), Nalanda Institute of Tech. (NIT), Siddharth Nagar, Guntur, A.P, (India) 2 Assistant
More informationGoal. Introduce the bases used in the remaining of the book. This includes
Fundamentals of Secure System Modelling Springer, 2017 Chapter 1: Introduction Raimundas Matulevičius University of Tartu, Estonia, rma@ut.ee Goal Introduce the bases used in the remaining of the book.
More informationEasthampton Savings Bank Online Business Banking User Guide
Easthampton Savings Bank Online Business Banking User Guide Page 1 of 100 Table of Contents SECURITY...6 PASSWORD TAB FUNCTIONALITY...6 SECURE DELIVERY TAB FUNCTIONALITY...9 CHALLENGE CODE TAB FUNCTIONALITY...10
More informationCUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s
CUSTOMER TIPS: HOW TO GUARD AGAINST FRAUD WHEN USING ONLINE BANKING OR ATM s ATM Fraud - Watch out for the following scams. Scam 1 - you find you are having difficulty with your card. Someone will come
More informationIdentity Theft and Account Takeover Prevention
Identity Theft and Account Takeover Prevention Sgt. Rick Radinsky,CFE 520-837-7814 Det. Jeff Van Norman 520-837-7827 Introduction Tucson Police Financial Crimes Unit Responsible for investigation of fraud
More informationI made a 5 minute introductory video screencast. Go ahead and watch it. Copyright(c) 2011 by Steven Shank
Introduction to KeePass What is KeePass? KeePass is a safe place for all your usernames, passwords, software licenses, confirmations from vendors and even credit card information. Why Use a Password Safe?
More informationCS 142 Winter Session Management. Dan Boneh
CS 142 Winter 2009 Session Management Dan Boneh Sessions A sequence of requests and responses from one browser to one (or more) sites Session can be long (Gmail - two weeks) or short without session mgmt:
More informationCreate strong passwords
Create strong passwords Passwords are the first line of defense against break-ins to your online accounts and computer, tablet, or phone. Poorly chosen passwords can render your information vulnerable
More informationInstructions 1 Elevation of Privilege Instructions
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play
More informationMulti-Factor Authentication FAQs
General FAQs What is Multi-factor Authentication (MFA)? Multi-factor authentication (MFA) seeks to decrease the likelihood that others can access your data. Specifically, it enhances the security of your
More informationACH Concentration Service User Guide
User Guide March 2008 Original Publication 5/2005 Version 9.0 NOTICE We have made every effort to ensure the accuracy of this manual. However, JPMorgan Chase Bank, N.A. and Metavante Corporation make no
More informationSession objectives. Identification and Authentication. A familiar scenario. Identification and Authentication
Session objectives Background Identification and Authentication CSM27 Computer Security Dr Hans Georg Schaathun University of Surrey Autumn 2008 Week 3 Recognise the purposes of (password) identification.
More informationON SCHEDULE TERMS AND CONDITIONS (September 23rd 2018)
By using On Schedule web application you are making an agreement with us, code fish, according to the current terms and conditions at the time of use. Upon the terms and conditions changing you will be
More informationMulti-Factor Authentication (MFA)
10.10.18 1 Multi-Factor Authentication (MFA) What is it? Why should I use it? CYBERSECURITY Tech Fair 2018 10.10.18 2 Recent Password Hacks PlayStation Network (2011) 77 Million accounts hacked Adobe (2013)
More informationInstructions 1. Elevation of Privilege Instructions. Draw a diagram of the system you want to threat model before you deal the cards.
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3 6 players. Play starts with the 3 of Tampering. Play
More informationT H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Authentication What is Authentication? Real-world and computer world examples? What is a result of authentication? What are the means for in
More informationAuthentication and passwords
Authentication and passwords Passwords The Key Idea Prover sends a password to a Verifier. The channel must be private If an attacker obtains a user s password, he can authenticate as her. Passwords must
More informationSimply e C A S H M A N A G E M E N T U S E R G U I D E
Simply e C A S H M A N A G E M E N T U S E R G U I D E Simply e Cash Management Rev. 06/01/15 Simply e Cash Management Rev. 06/01/15 Table of Contents 1. WELCOME TO 7 1A. TYPES OF ACTIVITY 7 1B. GETTING
More informationWorksheet - Reading Guide for Keys and Passwords
Unit 2 Lesson 15 Name(s) Period Date Worksheet - Reading Guide for Keys and Passwords Background Algorithms vs. Keys. An algorithm is how to execute the encryption and decryption and key is the secret
More informationMessage Networking 5.2 Administration print guide
Page 1 of 421 Administration print guide This print guide is a collection of system topics provided in an easy-to-print format for your convenience. Please note that the links shown in this document do
More informationCUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE
Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard
More informationStart the Security Walkthrough
Start the Security Walkthrough This guide will help you complete your HIPAA security risk analysis and can additionally be used for periodic review. It is based on the methodology used in PrivaPlan Stat
More informationCardNav. Member Experience Training Guide. CO-OP Financial Services
CardNav Member Experience Training Guide CO-OP Financial Services TABLE OF CONTENTS Getting Started...4-5 Installing and Upgrading...8-10 Logging in to the App...12-15 Navigating the App...17-31 Viewing
More informationESS Security Enhancements
ESS Security Enhancements payentry.com Employee Self Service Enhancements 1 Table of Contents INTRODUCTION 3 EXISTING EMPLOYEES 3 Existing Employee -Email Address 4 Existing Employee - Username 4 Existing
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More information