smash-the-firewall/slides/password.md
2024-04-24 13:58:22 +02:00

83 lines
2.3 KiB
Markdown

<!-- .slide:
data-background="https://ak7.picdn.net/shutterstock/videos/25863227/thumb/5.jpg"
-->
## The basics: passwords
Passwords are the first barrier to accessing data that we want to keep to ourselves.
We use them to read our email, to withdraw cash at the ATM (PIN), to log into our computer, and to access the thousands of digital services we use.
--
![](/img/password-hint.jpg)
- <!-- .element: class="fragment" --> It's the gmail password ➜
**gmailpassword**
- <!-- .element: class="fragment" --> At least one capital letter ➜
**Gmailpassword**
- <!-- .element: class="fragment" --> At least one number ➜
**Gmailpassword1**
- <!-- .element: class="fragment" --> At least one symbol ➜
**Gmailpassword1!**
notes: Sono tutti schemi facilmente immaginabili.
--
### People are predictable
- Statistically some words are used more ofter
- We tend to use words that are connected to the website
- In the worst scenario, the password is reused
<!-- .element: class="fragment" -->
![scimmia](./img/scimmia.jpg)
<!-- .element: class="fragment" -->
notes: chiedere perche' e' un problema....
--
### Mamma Mia!
[Have I been PWNed](https://haveibeenpwned.com) gives an overview of **known** website breaches and contains millions of leaked passwords.
- On average, since 2013, a website is breached every ten days
- `123456` and `password` are the most common passwords
- there are a few recurrent schemas
- most accounts share passwords between websites
--
### Password Cracking
There are programs and services that repeatedly attempt passwords based on our predictability, commonly relying on dictionaries to which rules are applied.
Note that in targeted attacks, dictionary files are created ad-hoc, taking all the digital material of the target into consideration.
--
### Password manager
Generate random, hard to gues and crack passwords, unique for every website.
You need to remember a single password to access the manager.
notes: spiegare master password, che e' possibile fare piu' liste di
password, suggerire buone pratiche.
--
### What about the master password?
- Never share it
- Never write it down
- Use at least 4 common words, think of an image or story to memorize the password
![](https://imgs.xkcd.com/comics/password_strength.png)
<!-- .element: class="fragment" -->