smash-the-firewall/slides/password.md

84 lines
2.3 KiB
Markdown
Raw Normal View History

2024-04-20 15:59:41 +02:00
2024-04-20 13:50:27 +02:00
<!-- .slide:
data-background="https://ak7.picdn.net/shutterstock/videos/25863227/thumb/5.jpg"
2024-04-20 15:59:41 +02:00
-->
## The basics: passwords
2024-04-20 13:50:27 +02:00
2024-04-24 13:58:22 +02:00
Passwords are the first barrier to accessing data that we want to keep to ourselves.
2024-04-20 13:50:27 +02:00
2024-04-24 13:58:22 +02:00
We use them to read our email, to withdraw cash at the ATM (PIN), to log into our computer, and to access the thousands of digital services we use.
2024-04-20 13:50:27 +02:00
--
2024-04-24 13:58:22 +02:00
![](/img/password-hint.jpg)
2024-04-20 13:50:27 +02:00
2024-04-24 13:58:22 +02:00
- <!-- .element: class="fragment" --> It's the gmail password ➜
**gmailpassword**
- <!-- .element: class="fragment" --> At least one capital letter ➜
**Gmailpassword**
- <!-- .element: class="fragment" --> At least one number ➜
**Gmailpassword1**
- <!-- .element: class="fragment" --> At least one symbol ➜
**Gmailpassword1!**
2024-04-20 13:50:27 +02:00
notes: Sono tutti schemi facilmente immaginabili.
--
2024-04-24 13:58:22 +02:00
### People are predictable
2024-04-20 13:50:27 +02:00
2024-04-24 13:58:22 +02:00
- Statistically some words are used more ofter
- We tend to use words that are connected to the website
- In the worst scenario, the password is reused
<!-- .element: class="fragment" -->
![scimmia](./img/scimmia.jpg)
<!-- .element: class="fragment" -->
notes: chiedere perche' e' un problema....
2024-04-20 13:50:27 +02:00
--
2024-04-24 13:58:22 +02:00
### Mamma Mia!
[Have I been PWNed](https://haveibeenpwned.com) gives an overview of **known** website breaches and contains millions of leaked passwords.
2024-04-20 13:50:27 +02:00
2024-04-24 13:58:22 +02:00
- On average, since 2013, a website is breached every ten days
- `123456` and `password` are the most common passwords
- there are a few recurrent schemas
- most accounts share passwords between websites
2024-04-20 13:50:27 +02:00
--
### Password Cracking
2024-04-24 13:58:22 +02:00
There are programs and services that repeatedly attempt passwords based on our predictability, commonly relying on dictionaries to which rules are applied.
2024-04-20 13:50:27 +02:00
2024-04-24 13:58:22 +02:00
Note that in targeted attacks, dictionary files are created ad-hoc, taking all the digital material of the target into consideration.
2024-04-20 13:50:27 +02:00
--
### Password manager
2024-04-24 13:58:22 +02:00
Generate random, hard to gues and crack passwords, unique for every website.
You need to remember a single password to access the manager.
2024-04-20 13:50:27 +02:00
notes: spiegare master password, che e' possibile fare piu' liste di
password, suggerire buone pratiche.
--
2024-04-24 13:58:22 +02:00
### What about the master password?
- Never share it
- Never write it down
- Use at least 4 common words, think of an image or story to memorize the password
2024-04-20 13:50:27 +02:00
2024-04-24 13:58:22 +02:00
![](https://imgs.xkcd.com/comics/password_strength.png)
<!-- .element: class="fragment" -->