Scribd
Upload
49 views28 pages

Password Managers: Security & Usability

This document discusses password managers and their usefulness for generating and storing strong, unique passwords for different websites. It provides an overview of popular password managers, including Roboform, and explains how they work to securely generate and fill passwords without exposing them in plain text form. The document also addresses security concerns regarding storing passwords in the cloud with a password manager.

Uploaded by

ABDUL AHAD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
49 views28 pages

Password Managers: Security & Usability

This document discusses password managers and their usefulness for generating and storing strong, unique passwords for different websites. It provides an overview of popular password managers, including Roboform, and explains how they work to securely generate and fill passwords without exposing them in plain text form. The document also addresses security concerns regarding storing passwords in the cloud with a password manager.

Uploaded by

ABDUL AHAD
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 28

Software that can

create and remember


different passwords for
different sites
 Do your passwords measure up?
 What makes for a good password?
 Reconciling security and complexity
with usability.
 Comparison of popular password
manager applications
 Using a single password for everything?
 Using your pet’s name for a password?
 Using your grandchild’s name for your p/w?
 Using ‘password’ for your password?
 Using ‘123456’ for your password?
 Using your birthday for your password?
 Article in Nov. 2011 issue of The Atlantic by
James Fallow
 http://www.theatlantic.com/magazine/arch
ive/2011/11/hacked/8673/
 Brought to the attention of NBCUG by
member Susan Philibert
 Tells the story of a real life password theft
and the difficulties that ensued.
 Any site that matters needs it own password
 If you use an important password in two
places, it is no longer a valid password
 Any step up from ‘password’, ‘123456’ or
your birthday or pet’s name is worthwhile
 Problem – stronger passwords tend to be
complex, hence harder to remember.
 Length – eight or more characters
 Complexity – letters, numbers, punctuation,
symbols
 Variation – change passwords often
 Variety – different passwords for different
sites
 Hackers steal passwords from poorly secured
sites and then try using them in more secure
environments (e.g. banks)
 No dictionary words – ANY language
 No common abbreviations or misspellings or
words spelled backwords
 No sequences or repeated characters, e.g.
12345678, 22222222, abcdefg, qwerty
 No personal information – name, birthday,
phone, driver’s license
 Bad Password: Banana

 Good Password: 5.ytT#0_xn0ATzQVN|


_yeGk2+0vFC2]ndZ

 Great, but who’s going to remember that,


especially if you use a different p/w for
every site????
 Password managers ‘remember’ your
passwords

 Password managers allow you to use


different passwords for each site

 Password managers can generate strong


passwords.

 Password managers can link the site to the


password and call it up automatically
 PassWordSafe – Elliott Alterman
 LastPass – Ellis Miller
 KeePass – Michael Sagaser
 Ascendo DataVault – Jim Cason
 Roboform – Wayne Maruna
Siber Systems is a privately-held company,
incorporated in 1995 in the Commonwealth of
Virginia, with offices in Germany, Japan, and Russia.
 Five versions:
 Free trial – limit 10 passcards
 Roboform Desktop for Windows – one-time buy,
free minor updates
 Roboform Desktop for Mac
 Roboform Everywhere - use on multiple
computers – free major updates - syncs to each
PC you’ve installed.
 Roboform2Go – extends Roboform Desktop or
Roboform Everywhere to a portable USB drive
 From Fred Langa’s column in the 3/22/12
issue of Windows Secrets:
 “Inthe case of RoboForm (and most other well-
known, Cloud-based, password-storage services),
your data is stored on their servers in well-
encrypted form. This means that even if
someone hacks into RoboForm's servers, he'll see
only strings of nonsensical characters — nothing
plaintext.”
 From Fred Langa’s column in the 3/22/12
issue of Windows Secrets:
 “RoboForm and similar services don't store
decrypted passwords anywhere on their Cloud-
based servers. When data is transmitted between
your device and their servers, it's sent and
received in fully encrypted form. Someone
successfully eavesdropping on your
communication link will, again, see only a
stream of gibberish — nothing plaintext.
Encryption and decryption take place only when
you command it, and only inside your local
device.”
 From Fred Langa’s column in the 3/22/12
issue of Windows Secrets:
 “The final concern is the communication channel
itself. Better services — including RoboForm —
employ SSL encryption (just like most bank sites)
to further protect all interactions with their
password-storage servers.”

You might also like