Upgrading Your Home Network Security For Free! Dr. Glen Sagers Illinois State University
Outline Passwords & Passphrases Two-factor authentication Updates Viruses and Malware WiFi security Internet of Things
Passwords & Passphrases What is a password? What is a passphrase?
Threat Model What are you defending against? Determined attacker with resources? Mass password leak? Physical theft? Casual attacker (Children or co-workers?)
Rules Never reuse a password you care about. If leaked, even a great password is blown Beware the "secret question. Often common questions, we post answers on Facebook! Use two-factor authentication, if available See what s been compromised https://haveibeenpwned.com/
Making Strong Passphrases Passphrases are better, because longer Several words together But not a well-known phrase Use number, CaSe, or symbols But not at the end (90%) Something like: Kissable98-remedy0-repair-eardrop Frostingrepeal&brethrenOveN
Making Strong Passwords If a site doesn t support a passphrase: First letter of words in sentence, mangle My first car was a 1984 VW Jetta bought in 95 = MfcwA1984VWJbi 95 (17) The Princess Bride is the best movie ever, with a great cast = TPBitbme,wagCAST (16) This could be the world s most secure memorable password, until I put it on a slide! = Tcbthwmsmp,u1pioas! (19)
Password Managers Securely generates, stores & fills passwords Password Safe 1Password KeePass LastPass Write it down
Authentication Methods Authentication based on: Something the user has: ID card, phone Something the user knows: PIN, password/phrase Something the user is: Biometrics fingerprint readers, iris scanners
Two Factor Authentication Must be based on two different methods ATM uses card + PIN High-security locks use biometrics + pass Can implement on websites User has a normal, reusable password Is sent or generates a 1-time password See https://twofactorauth.org/
Updates Install updates as soon as available Turn on automatic updates Operating System Apps Update your wireless router Usually from router login page, or an update tab
Malware Malicious Software Viruses, Trojans, Spyware, Ransomware All want to steal info or damage software Use an antivirus program Windows Defender built-in, good enough All are about 50% effective Nothing wrong with paid versions; but Free is often enough for home users
WiFi Don t: Use WEP or WPA security Use WPS (WiFi Protected Setup) Do: Use WPA2 security with a good passphrase (20+ letters) Set a good admin password to log in to router
Internet of Things Most IoT devices like WiFi cameras have little or no security Read reviews and search for security issues with a device before buying CHANGE THE DEFAULT PASSWORD Turn off cloud-management features if not needed. What are you giving away in information and privacy?
Homework! Go home and: 1. Set up a password manager, start saving, importing, and changing passwords, and enable two-factor authentication 2. Turn on automatic updates on PC & mobile 3. Install anti-malware software 4. Upgrade router & set better passphrases Feel free to contact tech support!
PDF handout: http://www.itk.ilstu.edu/faculty/gsagers/
Password Managers https://1password.com https://pwsafe.org/ http://keepass.info/ https://lastpass.com/
Other Resources Generators https://www.fourmilab.ch/javascrypt/pass_phrase. html https://xkpasswd.net/s/ https://www.rempe.us/diceware/#eff TED talk (17 min) https://youtu.be/0skdp36wiau WiFi http://www.itk.ilstu.edu/faculty/gsagers/wifi/