1 of 9

Fix Your Passwords

digital workshop with Stephanie Booth

2 of 9

Our passwords aren’t good enough

  • we don’t want strangers accessing our data
    • phishing/scamming our contacts
    • data loss/corruption
    • intelligence/identity theft
  • our passwords aren’t secure
    • too short, reused, shared, too simple, daisy-chains
    • danger comes mainly from online untargeted attacks (weakest passwords fall)
    • cracking is easier and easier (lists, computing power)

3 of 9

Be scared

4 of 9

Two-factor authentification

5 of 9

Better passwords

  • never reuse
  • never share (one person = one login, manage access rights)
  • if you can remember or generate it, they can crack it (the human mind is predictable; they’re as smart as we are)
  • length is strength (entropy actually: how many combinations if you know the system?)

6 of 9

Diceware

  • easy to remember, very hard to crack :-)
  • random process (dice and long word lists)
  • high entropy
  • multi-language version

http://world.std.com/~reinhold/diceware.html

7 of 9

Password managers

  • 1 diceware master password
  • long random passwords
  • everything encrypted
  • practical interface, cross-device
  • remembering passwords just isn’t sustainable anymore

http://lastpass.com/ or http://agilebits.com/onepassword

8 of 9

Magic recipe

  • password manager
  • two-factor authentification
  • one diceware password to remember (OK, maybe 2-3)

better to have a strong password and write it down than a weak one you remember!

9 of 9

More...