• No results found

Managers Your guts - Our glory.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Managers Your guts - Our glory."

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

Password

Password

Managers

Your guts - Our glory

Jeff Dowley

Jeff Dowley

(2)

Overview

Password managers Password managers

• Meant to aid you in keeping track of the

dozens or even hundreds of passwords you may have

• Most browsers (IE, FF, Opera, Chrome) now include at least some the basics for tracking include at least some the basics for tracking and completing passwords for your online activities

• Also meant to aid you in associating particular identities you may have for those same

passwords passwords

(3)

• What is meant by identities? • What is meant by identities?

– Jeff Dowley

[email protected][email protected]

[email protected] And a dozen more !

– And a dozen more…!

• What other attributes might an identity have? – Shipping addressShipping address

– Account numbers – Credit cards

(4)

• Can be one of 3 varieties: • Can be one of 3 varieties:

– Local - your PC desktop (or other local drive)

– Portable - on a mobile (PDA, smart phone), or flash device (USB, etc)

Web based stored in the 'cloud' man – Web based - stored in the 'cloud' man

(5)

Ways that password databases can

ays t at pass o d databases ca

store your data

• Insecure - default settings in FF and IE • Insecure default settings in FF and IE

• Weak - encrypt only the passwords or have only a master password for an otherwise un-encrypted database

• Moderate - encrypt the data and the database, but use weak hashing algorithm

but use weak hashing algorithm

• Strong - encrypt with a strong algorithm (two fish, blowfish, etc)

• Crazy strong - encrypt both with a strong algorithm and a key (sort of two factor authentication)

(6)

Password managers can also be used as a

Password managers can also be used as a

defense against phishing.

Unlike human beings a password

Unlike human beings, a password

manager program, which can handle

automated login script is not susceptible

g

p

p

to visual imitations and look alike

websites.

With this built-in advantage, the use of a

password manager is beneficial even if

th

l h

f

d t

the user only has a few passwords to

remember.

(7)

However not all password managers can However not all password managers can

automatically handle the more complex login procedures imposed by many banking

b it websites.

(8)

But wait there's more…

• You may also want to associate some of those • You may also want to associate some of those

attributes with forms you have to fill out on the web

– Ta-da! Enter the form field filler functionality for fun

– There are some caveats with form fillingThere are some caveats with form filling

• Not all web sites associate the needed data type (address) with the human viewable 'blank

address box' to be filled in address box to be filled in

• If the web site uses scripts to present and

capture the data, then the form filler may fail to be fully compatible depending on the scripting be fully compatible depending on the scripting language used

(9)

• If the form to be filled in is really being servedIf the form to be filled in is really being served by web site B on website A's page, then you may be warned about the possible security risks, and then again you may not when you'd like to be!

– Most web browsers can do some of the form filling for you without even using any 3rd party software or plug ins

3rd party software or plug-ins

• And then there are the aforementioned plug-ins or add-ons or toolbars that can aid the browser in completing forms

(10)

• Since you are building a database of what • Since you are building a database of what

your ID's and passwords are, then you might as well consider keeping even non-computing

l t d d t i thi 1 li ti related data in this 1 secure application

– You can use the notes field in most safes to create entries for your bank card or

c eate e t es o you ba ca d o shopping car PIN numbers

– You could keep track of affiliation cards

( d ) d th li

(rewards programs) and other non-online information

(11)

But there's more

• You may want to backup the database with a • You may want to backup the database with a

paper copy to be kept in a safe or safe-deposit box

– So, the right software will also aid you if you need to re-import that data or if you are bringing your data from another similar are bringing your data from another similar application

• Then there's keeping the password database f f b i iff d h t

safe from being sniffed on whatever pc you are using at the time

(12)

– Solution: keep your database on aSolution: keep your database on a

USB/flash drive and use it in a mode that stores no data on the host PC

– 2nd advantage - should not require installation, keeping less trace of your information

altogether

• You may want to 'go portable' so that you can always have your db on-hand, and thus work regardless of what PC you are using from day regardless of what PC you are using from day to day

• You might want to consider saving your db on the net "in the cloud" so that it is accessible everywhere

(13)

What are the risks and gotcha's

• KeyPass runs in manual mode and does NOT • KeyPass runs in manual mode and does NOT

offer to auto-fill login credentials • Roboform does fill in forms

• Password Safe is a blend of manual and mouse ready to fill in forms

You could always forget your main password • You could always forget your main password

(14)

• There are major disadvantages to an online • There are major disadvantages to an online

password manager if it is not utilizing Host-proof Hosting.

If you use an online password manager that doesn't use a Host-proof Hosting design the passwords (including the master password) pass o ds ( c ud g t e aste pass o d) are sent over the network, from which they may be copied unnoticeably during transit, and are stored on server computers using and are stored on server computers using software and hardware over which the

password owner has no control and from which the protected passwords might be obtainable by an attacker.

(15)

• Do NOT confuse password-safe net or com • Do NOT confuse password safe.net or .com

for passwordsafe.sf.net

What are some Password Safe products • KeePass

U S h i ' P d S f d – Uses Schneier's Password Safe souce code

• Is OSS and freeware

• Supports plug-ins that help you make the tool pp p g p y custom to your needs

– Import and export utilities – KeeForm - ?

– KeeFox -?

(16)

• Perhaps use Roboform free for simple

• Perhaps use Roboform free for simple

web site forum registrations or other

low-risk sites

• Use KeePass or Password Safe for

higher security sites (banking,

g

y

(

g,

(17)

• A quick Demo of KeePass v2 • A quick Demo of KeePass v2

References

Download now ( PDF - 17 Page - 206.00 KB )

Related documents

Japanese Couples' Childbirth Experiences in Michigan: Implications for Care

Methods: In this qualitative study, in-depth interviews of 11 Japanese couples n 4 22 were conducted at an outpatient primary care clinic in southeast Michigan by a team of

Subtrochanteric shortening osteotomy during cementless total hip arthroplasty in young patients with severe developmental dysplasia of the hip

Table 3 Overview of relevant literature in the treatment of Crowe III or IV dysplasia combined with subtrochanteric femoral shortening osteotomy Study Year Hips (n) DDH type

Labour History Social History Alltagsgeschichte: Experience, Culture, and the Politics of the Everyday A New Direction for German Social History?

national past .4 Moreover, whf le such celeb ratio,^ of Btnationaln traditions 6bviously lerd themselves to conservative political exploitation, the Left has also been

Factor structure and validity of the shoulder pain and disability index in a population based study of people with shoulder symptoms

In conclusion, this large study demonstrates that the SPADI has a bidimensional factor structure representing pain and disability, with adequate internal consistency and

Rheological and biological properties of a hydrogel support for cells intended for intervertebral disc repair

In an in vitro reference culture the alterations in gene expression of the matrix genes collagen type I, type II and aggrecan were analyzed at different time points during the

Local biochemical and morphological differences in human Achilles tendinopathy: a case control study

Conclusion: The present study indicates that an increased expression of factors stimulating the turnover of connective tissue is present in the diseased part of tendinopathic

Pain relief is associated with decreasing postural sway in patients with non specific low back pain

In a previous study we outlined that non-specific low back pain (NSLBP) intensity is correlated with the mag- nitude of postural sway [1]. This poses the question as to whether a)

Physiotherapy movement based classification approaches to low back pain: comparison of subgroups through review and developer/expert survey

The schemes were: Mechanical Diagnosis and Treatment (MDT, McKenzie) [42,43] (7 articles), Treat- ment Based Classification (TBC, Delitto) [11] (16 arti- cles);