DOCSLIB.ORG

An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices University of Tennessee, Knoxville TRACE: Tennessee Research and Creative Exchange Doctoral Dissertations Graduate School 5-2021 An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices Timothy Oesch [email protected] Follow this and additional works at: https://trace.tennessee.edu/utk_graddiss Part of the Information Security Commons, Other Computer Engineering Commons, and the Other Computer Sciences Commons Recommended Citation Oesch, Timothy, "An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices. " PhD diss., University of Tennessee, 2021. https://trace.tennessee.edu/utk_graddiss/6670 This Dissertation is brought to you for free and open access by the Graduate School at TRACE: Tennessee Research and Creative Exchange. It has been accepted for inclusion in Doctoral Dissertations by an authorized administrator of TRACE: Tennessee Research and Creative Exchange. For more information, please contact [email protected]. To the Graduate Council: I am submitting herewith a dissertation written by Timothy Oesch entitled "An Analysis of Modern Password Manager Security and Usage on Desktop and Mobile Devices." I have examined the final electronic copy of this dissertation for form and content and recommend that it be accepted in partial fulfillment of the equirr ements for the degree of Doctor of Philosophy, with a major in Computer Engineering. Scott I. Ruoti, Major Professor We have read this dissertation and recommend its acceptance: Kent Seamons, Jinyuan Sun, Doowon Kim, Scott I. Ruoti Accepted for the Council: Dixie L. Thompson Vice Provost and Dean of the Graduate School (Original signatures are on file with official studentecor r ds.) An Analysis of Password Manager Security and Usage on Desktop and Mobile Devices A Dissertation Presented for the Doctor of Philosophy Degree The University of Tennessee, Knoxville Timothy Sean Oesch May 2021 © by Timothy Sean Oesch, 2021 All Rights Reserved. ii I would like to dedicate this work to my family, whose unwavering love and support have been a constant source of encouragement throughout the PhD process, and to all those committed to defending the world against the dark arts. iii Acknowledgments I would like to thank my advisor, Dr. Scott Ruoti, without whom this work would not have been possible, and my dissertation committee (Dr. Kent Seamons, Dr. Jinyuan Sun, and Dr. Doowon Kim) who provided timely feedback and direction. I would also like to thank my fellow students James Simmons and Bhaskar Gaur for their feedback and support, and especially Anuj Gautam, who provided invaluable support on two of my papers. I would also like to thank my coworkers who participated in pilot studies and encouraged me throughout the process of completing my studies. And last but certainly not least, I extend a heartfelt thanks to my family, who endured the long hours of studying and were always there to encourage me during this journey. iv Abstract Security experts recommend password managers to help users generate, store, and enter strong, unique passwords. Prior research confirms that managers do help users move towards these objectives, but it also identified usability and security issues that had the potential to leak user data or prevent users from making full use of their manager. In this dissertation, I set out to measure to what extent modern managers have addressed these security issues on both desktop and mobile environments. Additionally, I have interviewed individuals to understand their password management behavior. I begin my analysis by conducting the first security evaluation of the full password manager lifecycle (generation, storage, and autofill) on desktop devices, including the creation and analysis of a corpus of 147 million generated passwords. My results show that a small percentage of generated passwords are weak against both online and offline attacks, and that attacks against autofill mechanisms are still possible in modern managers. Next, I present a comparative analysis of autofill frameworks on iOS and Android. I find that these frameworks fail to properly verify webpage security and identify a new class of phishing attacks enabled by incorrect handling of autofill within WebView controls hosted in apps. Finally, I interview users of third-party password managers to understand both how and why they use their managers as they do. I find evidence that many users leverage multiple password managers to address issues with existing managers, as well as provide explanations for why password reuse continues even in the presence of a password manager. Based on these results, I conclude with recommendations addressing the attacks and usability issues identified in this work. v Table of Contents 1 Introduction1 2 Background5 2.1 Password Managers................................5 2.2 Related Work...................................6 2.2.1 Desktop Managers............................7 2.2.2 Mobile Autofill..............................8 2.2.3 Usability and User Studies........................ 10 2.2.4 Relation to This Work.......................... 12 3 Browser-Based Password Managers on the Desktop 14 3.1 Analyzed Password Managers.......................... 16 3.1.1 App.................................... 16 3.1.2 Extension................................. 18 3.1.3 Browser.................................. 19 3.1.4 Updates for Password Managers..................... 20 3.2 Password Generation............................... 20 3.2.1 Settings and Features........................... 20 3.2.2 Password Collection and Analysis.................... 22 3.2.3 Results................................... 26 3.3 Password Storage................................. 34 3.3.1 Password Vault Encryption....................... 34 3.3.2 Metadata Privacy............................. 36 vi 3.4 Password Autofill................................. 37 3.4.1 User Interaction Requirements...................... 37 3.4.2 Autofill for iframes............................ 40 3.4.3 Fill Form Differing from Saved Form.................. 41 3.4.4 Non-Standard Login Fields........................ 42 3.4.5 Potential Mitigation........................... 42 3.4.6 Web Vault Security & Bookmarklets.................. 43 3.5 Discussion..................................... 44 3.5.1 Filter weak passwords........................... 46 3.5.2 Better master password policies...................... 46 3.5.3 Safer autofill................................ 46 4 A Security Analysis of Autofill Frameworks on iOS and Android 48 4.1 Background.................................... 50 4.1.1 Password Managers............................ 50 4.1.2 Secure Autofill.............................. 51 4.1.3 WebView................................. 52 4.2 Evaluation Methodology............................. 53 4.2.1 Mobile Autofill Frameworks....................... 54 4.2.2 Testing Approach............................. 56 4.3 Browser Autofill.................................. 58 4.3.1 P1|User Interaction........................... 60 4.3.2 P2|Credential-to-Domain Mapping.................. 62 4.3.3 P3|Protecting Filled Credentials.................... 62 4.4 App Autofill.................................... 64 4.4.1 P1|User Interaction........................... 64 4.4.2 P2|Credential-to-App Mapping.................... 67 4.4.3 P3|Protecting Filled Credentials.................... 69 4.5 WebView Autofill................................. 70 4.5.1 P1|User Interaction........................... 73 vii 4.5.2 P2|Credential-to-Domain Mapping.................. 73 4.5.3 P3|Protecting Filled Credentials.................... 75 4.6 Password Generation............................... 76 4.6.1 Comparison to Desktop Managers.................... 79 4.7 Password Storage................................. 79 4.7.1 Password Encryption........................... 82 4.7.2 Metadata Privacy............................. 83 4.7.3 Comparison to Desktop Managers.................... 83 4.8 Discussion..................................... 83 4.8.1 Addressing WebView Phishing Attacks................. 86 4.8.2 Recommendations for Secure Autofill Frameworks........... 87 4.8.3 Autofill Framework Smells........................ 89 4.8.4 Future Research.............................. 89 5 "It basically started using me" - An Observational Study of Password Manager Usage 92 5.1 Methodology................................... 95 5.1.1 Recruitment................................ 95 5.1.2 Interview Design............................. 96 5.1.3 Addressing Potential Risks........................ 99 5.1.4 Analysis.................................. 99 5.1.5 Participant Demographics........................ 100 5.1.6 Limitations................................ 101 5.2 Core Theories................................... 101 5.2.1 Adoption of multiple managers..................... 101 5.2.2 Cross-device entry and reuse....................... 104 5.2.3 Limited usage on mobile......................... 109 5.2.4 Breach notifications desired, but health check overwhelming..... 111 5.2.5 Adoption and promotion......................... 115 5.3 Additional Topics................................. 116 viii 5.3.1 Password sharing via manager difficult and rarely used........ 116 5.3.2 Mental models of password reuse.................... 119 5.3.3 Inconsistencies in autofill and autosave................. 120 5.3.4 Desire for single sign-on......................... 122 5.3.5 Ubiquitous usage of default settings................... 122 5.3.6 Attitudes towards autolock.......................
Load more

Recommended publications
  • Privacy and You the Facts and the Myths
    Privacy and You The facts and the myths Bill Bowman and Katrina Prohaszka Clarkston Independence District Library 1 Overview ● What is privacy? ● Why should you care? ● Privacy laws, regulations, and protections ● Privacy and libraries ● How to protect your privacy → need-to-know settings 2 “[Privacy is] the right to What is Privacy? be let alone” - Warren & Brandeis, 1890 3 What is Privacy cont’d - Alan Westin (1967) on privacy: - “[privacy is] the right of individuals to control, edit, manage, and delete information about themselves, and to decide when, how, and to what extent information is communicated to others.” - Privacy provides a space for discussion, growth, and learning - Privacy is the ability to control your information and maintain boundaries 4 DEMO → Ghostory 5 What Privacy Is NOT - common myths Myth: Privacy and secrecy Myth: Privacy and security are the same are the same - Privacy is about being - Privacy is about unobserved safeguarding a user’s identity - Secrecy is about intentionally hiding - Security is about something protecting a user’s information & data 6 Evolving Concerns - Persistence of cameras and microphones - Think 1984 by George Orwell - “big brother” is always watching, and “it’s okay” - Social media culture - “Tagging” people without knowledge - Sharing photos without asking - Data as currency - 23andMe, Ancestry.com, Google, etc. 7 “Arguing that you don’t Why should you care about privacy because you have nothing to hide is no different than care? saying you don’t care about free speech because Why
    [Show full text]
  • Jelszókezelök Pclinuxos Magazine – 2017
    Repo mustra: jelszókezelök PClinuxOS Magazine – 2017. április Írta CgBoy Jelszavak. Mindnyájan használunk. Néhányan egyet használunk mindenre. Másoknak sok, összetett jelszava van, amit nehéz észben tartani. Mielőtt a cikket írtam volna, a számítógépemen volt egy fájl az összes jelszavammal. Nagyon biztonságos, igaz? Minden esetre, ebben a hónapban rövid pillantást vetünk a tárolóban található jelszó kezelőkre. Abba a sorba raktam őket, ahogy átnéztem. KDE Wallet (tárca) Manager. Kezdjük a KDE Wallet Manager-rel. Elég könnyű tárcát készíteni. Használhat Blowfish-t, vagy GPG titkosítást. Mivel nincs GPG-kulcsom, Blowfish titkosítási eljárást használtam. A KDE Wallet Manager képes XML Nos, a KDE Wallet Manager olyan jó? Azt wallet-fájlokat importálni és exportálni. A KDE Wallet mondanám, igen. Könnyen használható, jo a felülete Manager felhasználói felülete jó és egyszerű. Van és van néhány jó tulajdonsága, vagyis mondhatnám, még rendszertálca alkalmazása is, ahonnan a tárcák jó. megnyithatóak. KeePassX, (Megjegyzés: a 2.0.3-as verzió ez és nem a régi 0.4.4-es) a KeePassX-t gyakran ajánlják mint jó, nyílt forráskódú jelszókezelőt. Azok számára, akik nem ismerik, a KeePassX a KeePass Password Safe leágazása. Amikor a KeePassX-ben új jelszó adatbázist készítesz, választhatsz, hogy csak mester jelszót, csak kulcs fájlt, vagy mindkettőt használj. A KeePassX AES, vagy Twofish titkosítást használ az adatbázisánál. A KeePassX felhasználói felülete jó, a jelszavakat Androidra és iOS-re is van applikáció, ami képes könyvtárakba rendezi. Amikor új jelszó elemet viszel KeePass adatbázis használatára, ami azt jelenti, be, a KeePass készít hozzá egy véletlenszerű hogy a jelszavaid mindig veled lehetnek! Nos, mit jelszót. Az elemhez ikon is rendelhető. A KeePassX gondolsz a KeePass-ról? Szerintem kiváló képes böngésző kiegészítő nélkül a bejelentkező jelszókezelő.
    [Show full text]
  • An Architecture for Cryptography with Smart Cards and NFC Rings on Android
    OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android DOMINIK SCHÜRMANN, TU Braunschweig, Germany SERGEJ DECHAND, University of Bonn, Germany LARS WOLF, TU Braunschweig, Germany While many Android apps provide end-to-end encryption, the cryptographic keys are still stored on the device itself and can thus be stolen by exploiting vulnerabilities. External cryptographic hardware solves this issue, but is currently only used for two-factor authentication and not for communication encryption. In this paper, we design, implement, and evaluate an architecture for NFC-based cryptography on Android. Our high-level API provides cryptographic operations without requiring knowledge of public-key cryptography. By developing OpenKeychain, we were able to roll out this architecture for more than 100,000 users. It provides encryption for emails, messaging, and a password manager. We provide a threat model, NFC performance measurements, and discuss their impact on our architecture design. As an alternative form factor to smart cards, we created the prototype of an NFC signet ring. To evaluate the UI components and form factors, a lab study with 40 participants at a large company has been conducted. We measured the time required by the participants to set up the system and reply to encrypted emails. These measurements and a subsequent interview indicate that our NFC-based solutions are more user friendly in comparison to traditional password-protected keys. CCS Concepts: • Security and privacy → Usability in security and privacy; Key management; Hardware-based security protocols; • Human-centered computing → Mobile devices; Additional Key Words and Phrases: NFC, near-field communication, smart card, ring ACM Reference Format: Dominik Schürmann, Sergej Dechand, and Lars Wolf.
    [Show full text]
  • Keepass Password Safe Help
    KeePass Password Safe KeePass: Copyright © 2003-2011 Dominik Reichl. The program is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative. For more information see the License page. Introduction Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. He would have access to your e-mail account, website, etc. Unimaginable. But who can remember all those passwords? Nobody, but KeePass can. KeePass is a free, open source, light-weight and easy-to-use password manager for Windows. The program stores your passwords in a highly encrypted database. This database consists of only one file, so it can be easily transferred from one computer to another. KeePass supports password groups, you can sort your passwords (for example into Windows, Internet, My Website, etc.). You can drag&drop passwords into other windows. The powerful auto-type feature will type user names and passwords for you into other windows. The program can export the database to various formats. It can also import data from various other formats (more than 20 different formats of other password managers, a generic CSV importer, ...). Of course, you can also print the password list or current view. Using the context menu of the password list you can quickly copy password or user name to the Windows clipboard.
    [Show full text]
  • Keeper Security G2 Competitive Comparison Report
    Keeper Security G2 Competitive Comparison Report Keeper is the leading cybersecurity platform for preventing password-related data breaches and cyberthreats. This report is based on ratings and reviews from real G2 users. Keeper vs. Top Competitors: User Satisfaction Ratings See how Keeper wins in customer satisfaction based on the ratings in the below G2 categories. Keeper LastPass Dashlane 1Password 93% 85% Ease of Use 92% 91% 92% 82% Mobile App Usability 82% 88% 93% 83% Ease of Setup 89% 88% 95% 92% Meets Requirements 94% 94% 91% 82% Quality of Support 89% 90% 0% 20% 40% 60% 80% 100% See the full reports: Keeper vs. LastPass Keeper vs. Dashlane Keeper vs. 1Password G2 Grid: Keeper Listed as a Leader G2 scores products and vendors based on reviews gathered from the user community, as well as data aggregated from online sources and social networks. Together, these scores are mapped on the G2 Grid, which you can use to compare products. As seen on the grid, Keeper is currently rated as a “Leader,” scoring highly in both market presence and satisfaction. Contenders Leaders Market Presence Market Niche High Performers Satisfaction View the Expanded Grid Keeper User Reviews & Testimonials See what G2 users have to say about their experience with Keeper. Best password manager on the market “Keeper was the first password manager I could find that supported the U2F hardware keys that we use and this was a non-negotiable requirement at the time and still is. The support is really excellent and above expectations - On all my questions and concerns, I have received a reply within an hour and I am situated in Southern Africa.
    [Show full text]
  • Keepass Instructions
    Introduction to KeePass What is KeePass? KeePass is a safe place for all your usernames, passwords, software licenses, confirmations from vendors and even credit card information. Why Use a Password Safe? • It makes and remembers excellent passwords for every site you visit. These passwords will be random and long. • It is very dangerous to either try and remember your passwords or re-use the same password on multiple sites. Using KeePass eliminates these problems. • It helps you log into websites • It stores license codes and other critical information from software vendors • It protects all your licenses and passwords with state of the art encryption making it unbreakable as long as you have a good passphrase. I made a 5 minute introductory video screencast . Go ahead and watch it. http://www.screencast.com/t/RgJjbdYF0p Copyright(c) 2011 by Steven Shank Why switch from my OCS Passwords safe to Keepass? Keepass is much better than my program. It is much more secure. My OCS Passwords is not using state of the art encryption. My program is crackable. In addition to being safer, it is even easier to use than my program and has some great extra features. In short, while OCS passwords was a good program in its time, its time has passed. Among the many advanced features, KeePass lets you add fields, copy username and passwords into websites and programs more easily, group your passwords and launch websites directly from KeePass. How Do You Switch from OCS Password to KeePass? What I've done • I worked with a programmer to write a program to convert current password databases into a text file I could import into KeePass.
    [Show full text]
  • April, 2021 Spring
    VVoolulummee 116731 SeptemAbperril,, 22002201 Goodbye LastPass, Hello BitWarden Analog Video Archive Project Short Topix: New Linux Malware Making The Rounds Inkscape Tutorial: Chrome Text FTP With Double Commander: How To Game Zone: Streets Of Rage 4: Finaly On PCLinuxOS! PCLinuxOS Recipe Corner: Chicken Parmesan Skillet Casserole Beware! A New Tracker You Might Not Be Aware Of And More Inside... In This Issue... 3 From The Chief Editor's Desk... 4 Screenshot Showcase The PCLinuxOS name, logo and colors are the trademark of 5 Goodbye LastPass, Hello BitWarden! Texstar. 11 PCLinuxOS Recipe Corner: The PCLinuxOS Magazine is a monthly online publication containing PCLinuxOS-related materials. It is published primarily for members of the PCLinuxOS community. The Chicken Parmesean Skillet Casserole magazine staff is comprised of volunteers from the 12 Inkscape Tutorial: Chrome Text PCLinuxOS community. 13 Screenshot Showcase Visit us online at http://www.pclosmag.com 14 Analog Video Archive Project This release was made possible by the following volunteers: Chief Editor: Paul Arnote (parnote) 16 Screenshot Showcase Assistant Editor: Meemaw Artwork: ms_meme, Meemaw Magazine Layout: Paul Arnote, Meemaw, ms_meme 17 FTP With Double Commander: How-To HTML Layout: YouCanToo 20 Screenshot Showcase Staff: ms_meme Cg_Boy 21 Short Topix: New Linux Malware Making The Rounds Meemaw YouCanToo Pete Kelly Daniel Meiß-Wilhelm 24 Screenshot Showcase Alessandro Ebersol 25 Repo Review: MiniTube Contributors: 26 Good Words, Good Deeds, Good News David Pardue 28 Game Zone: Streets Of Rage 4: Finally On PCLinuxOS! 31 Screenshot Showcase 32 Beware! A New Tracker You Might Not Be Aware Of The PCLinuxOS Magazine is released under the Creative Commons Attribution-NonCommercial-Share-Alike 3.0 36 PCLinuxOS Recipe Corner Bonus: Unported license.
    [Show full text]
  • Win Big with [Insert Open Source App Here] Win Big with Open Source
    Win Big with [Insert Open Source App Here] Win Big With Open Source Introductions Dave Nevala – Lukins & Annis Jerry Askew – Askew Network Solutions Win Big With Open Source No Licensing Headaches High Quality – peer reviewed Paid Support Available If you want a feature, add it! OSS can’t be discontinued or sold Win Big With Open Source KeePass – Password Manager Zotero – Web Research Manager 7-Zip – Fast Archiver Truecrypt – Disk Encryption PDF Creator Ntop – Network Analyzer Prey – Loss Prevention Win Big With KeePass What is KeePass? Password Management Database Strong Password Generator Hot-key login Obfuscation techniques Multi-platform Download for free http://keepass.info/ Win Big With KeePass Password Database Strong Encryption Can be opened with single password Win Big With KeePass Why KeePass? No need for PostIt notes, slips of paper, etc. Easy to have unique strong passwords Turn off auto form fill Win Big With KeePass Ports KeePassPPC & KeePassSD – PassDrop - iPhone/iPad PocketPC KeePassDroid – Android 7Pass - Windows Phone KeePassMobile - J2ME MiniKeePass - iPhone/iPad KeePassJ2ME - J2ME SyncPass - iPhone/iPad KeePassBB – BlackBerry iKeePass - iPhone/iPad KeePassBB2 – BlackBerry MyKeePass - iPhone/iPad Export to Keyring - Palm OS KyPass - iPhone/iPad KeePassX - Linux / Mac OS X Win Big With KeePass Share with multiple devices Portable version (run from folder) Keep database on flash drive or dropbox Win Big With KeePass Alternatives Last pass (requires to be online) KeePassX (requires to be online) 1Password (Mac and Linux)
    [Show full text]
  • Privacy Handout by Bill Bowman & Katrina Prohaszka
    Privacy Handout By Bill Bowman & Katrina Prohaszka RECOMMENDED PROGRAM SETTINGS 2 WEB BROWSER SETTINGS 2 WINDOWS 10 4 SMARTPHONES & TABLETS 4 EMAIL 5 SOCIAL MEDIA SETTINGS 5 Instagram 5 TikTok 6 Twitter 6 Snapchat 7 Venmo 7 Facebook 8 RECOMMENDED PRIVACY TOOLS 10 WEB BROWSERS 10 SEARCH ENGINES 10 VIRTUAL PRIVATE NETWORKS (VPNS) 10 ANTI-VIRUS/ANTI-MALWARE 10 PASSWORD MANAGERS 11 TWO-FACTOR AUTHENTICATION 11 ADDITIONAL PRIVACY RESOURCES 12 1 RECOMMENDED PRIVACY TOOLS WEB BROWSERS ● Tor browser -- https://www.torproject.org/download/ (advanced users) ​ ​ ● Brave browser -- https://brave.com/ ​ ● Firefox -- https://www.mozilla.org/en-US/exp/firefox/ ​ ● Chrome & Microsoft Edge (Chrome-based) - Not recommended unless additional settings are changed SEARCH ENGINES ● DuckDuckGo -- https://duckduckgo.com/ ​ ● Qwant -- https://www.qwant.com/?l=en ​ ● Swisscows -- https://swisscows.com/ ​ ● Google -- Not private, uses algorithm based on your information VIRTUAL PRIVATE NETWORKS (VPNS) ● NordVPN -- https://nordvpn.com/ ​ ● ExpressVPN -- https://www.expressvpn.com/ ​ ● 1.1.1.1 -- https://1.1.1.1/ ​ ● Firefox VPN -- https://vpn.mozilla.org/ ​ ● OpenVPN -- https://openvpn.net/ ​ ● Sophos VPN -- https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx ANTI-VIRUS/ANTI-MALWARE ● Malwarebytes -- https://www.malwarebytes.com/ ​ ● Symantec -- https://securitycloud.symantec.com/cc/#/landing ​ ● CCleaner -- https://www.ccleaner.com/ ​ ● ESET -- https://www.eset.com/us/ ​ ● Sophos -- https://home.sophos.com/en-us.aspx ​ ● Windows Defender -- https://www.microsoft.com/en-us/windows/comprehensive-security (built-in to ​ Windows 10) 2 PASSWORD MANAGERS ● Lastpass -- https://www.lastpass.com/ ​ ● KeePass -- https://keepass.info/ ​ ● KeeWeb -- https://keeweb.info/ ​ ● Dashlane -- https://www.dashlane.com/ ​ TWO-FACTOR AUTHENTICATION ● Authy -- https://authy.com/ ​ ● Built-in two-factor authentication (some emails like Google mail, various social media, etc.
    [Show full text]
  • Online Security and Privacy
    Security & Privacy Guide Security and Privacy Guide When thinking about security and privacy settings you should consider: What do you want to protect? Who do you want to protect it from? Do you need to protect it? How bad are the consequences if you fail to protect it? How much trouble are you prepared to go to? These questions should be asked whilst considering what information you are accessing (which websites), how you are accessing the information, (what device you are using) and where you are accessing the information (at home, work, public place). Security & Privacy When looking at your Digital Security you are protecting your information against malicious attacks and malware. (Malware is software intentionally designed to cause damage to a computer). Digital Privacy is different as you are deciding what information you are prepared to share with a website or App (or its third party partners) that you are already using. Permission to share this information can be implicit once you start using a website or App. Some websites or Apps will allow you to control how they use your information. Security Physical access: How secure is the device you are using? Is it kept in a locked building, at home, or do you use it when you are out and about? Does anyone else have access to the device? Do you require a passcode or password to unlock your device? Virtual access: Have you updated your IOS software (on an iPad) or installed the latest anti-virus software on your device? Most devices will prompt you when an update is available.
    [Show full text]
  • Take Control of 1Password (5.0) SAMPLE
    EBOOK EXTRAS: v5.0 Downloads, Updates, Feedback TAKE CONTROL OF 1PASSWORD by JOE KISSELL $14.99 5th Click here to buy the full 180-page “Take Control of 1Password” for only $14.99! EDITION Table of Contents Read Me First ............................................................... 5 Updates and More ............................................................. 5 Basics .............................................................................. 6 What’s New in the Fifth Edition ............................................ 6 Introduction ................................................................ 8 1Password Quick Start .............................................. 10 Meet 1Password ........................................................ 11 Understand 1Password Versions ........................................ 11 License 1Password ........................................................... 13 Learn About 1Password Accounts ....................................... 15 Configure 1Password ........................................................ 17 Explore the 1Password Components ................................... 25 Learn How Logins Work .................................................... 36 Find Your Usage Pattern ................................................... 46 Set Up Syncing ............................................................... 49 Check for Updates ........................................................... 59 Learn What 1Password Isn’t Good For ................................ 59 Understand Password Security
    [Show full text]
  • Password Managers an Overview
    Peter Albin Lexington Computer and Technology Group March 13, 2019 Agenda One Solution 10 Worst Passwords of 2018 Time to Crack Password How Hackers Crack Passwords How Easy It Is To Crack Your Password How Do Password Managers Work What is a Password Manager Why use a Password Manager? Cloud Based Password Managers Paid Password Managers Free Password Managers How to Use LastPass How to Use Dashlane How to Use Keepass Final Reminder References March 13, 2019 2 One Solution March 13, 2019 3 10 Worst Passwords of 2018 1. 123456 2. password 3. 123456789 4. 12345678 5. 12345 6. 111111 7. 1234567 8. sunshine 9. qwerty 10. iloveyou March 13, 2019 4 Time to Crack Password March 13, 2019 5 Time to Crack Password March 13, 2019 6 Time to Crack Password March 13, 2019 7 Time to Crack Password Time to crack password "security1" 1600 1400 1200 1000 Days 800 Days 600 400 200 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Year March 13, 2019 8 How Hackers Crack Passwords https://youtu.be/YiRPt4vrSSw March 13, 2019 9 How Easy It Is To Crack Your Password https://youtu.be/YiRPt4vrSSw March 13, 2019 10 How Do Password Managers Work https://youtu.be/DI72oBhMgWs March 13, 2019 11 What is a Password Manager A password manager will generate, retrieve, and keep track of super-long, crazy-random passwords across countless accounts for you, while also protecting all your vital online info—not only passwords but PINs, credit-card numbers and their three-digit CVV codes, answers to security questions, and more … And to get all that security, you’ll only need to remember a single password March 13, 2019 12 Why use a Password Manager? We are terrible at passwords We suck at creating them the top two most popular remain “123456” and “password” We share them way too freely We forget them all the time We forget them all the time A password manager relieves the burden of thinking up and memorizing unique, complex logins—the hallmark of a secure password.
    [Show full text]