85 lines
2.3 KiB
Markdown
85 lines
2.3 KiB
Markdown
|
|
<!-- .slide:
|
|
data-background="https://ak7.picdn.net/shutterstock/videos/25863227/thumb/5.jpg"
|
|
-->
|
|
## The basics: passwords
|
|
<br>
|
|
<br>
|
|
<br>
|
|
|
|
Passwords are the first barrier to accessing data that we want to keep to ourselves.
|
|
|
|
|
|
We use them to read our email, to withdraw cash at the ATM (PIN), to log into our computer, and to access the thousands of digital services we use.
|
|
|
|
--
|
|
|
|
|
|
![](./img/password-hint.jpg)
|
|
|
|
|
|
- <!-- .element: class="fragment" --> It's the gmail password ➜
|
|
**gmailpassword**
|
|
- <!-- .element: class="fragment" --> At least one capital letter ➜
|
|
**Gmailpassword**
|
|
- <!-- .element: class="fragment" --> At least one number ➜
|
|
**Gmailpassword1**
|
|
- <!-- .element: class="fragment" --> At least one symbol ➜
|
|
**Gmailpassword1!**
|
|
|
|
notes: Sono tutti schemi facilmente immaginabili.
|
|
|
|
--
|
|
|
|
### People are predictable
|
|
|
|
- Statistically some words are used more ofter
|
|
- We tend to use words that are connected to the website
|
|
- <a style="color:red;">In the worst scenario, the password is reused </a>
|
|
<!-- .element: class="fragment" -->
|
|
|
|
![scimmia](./img/scimmia.jpg)
|
|
<!-- .element: class="fragment" -->
|
|
notes: chiedere perche' e' un problema....
|
|
|
|
--
|
|
|
|
|
|
### Mamma Mia!
|
|
[Have I been PWNed](https://haveibeenpwned.com) gives an overview of **known** website breaches and contains millions of leaked passwords.
|
|
|
|
- On average, since 2013, a website is breached every ten days
|
|
- `123456` and `password` are the most common passwords
|
|
- there are a few recurrent schemas
|
|
- most accounts share passwords between websites
|
|
|
|
--
|
|
|
|
### Password Cracking
|
|
|
|
There are programs and services that repeatedly attempt passwords based on our predictability, commonly relying on dictionaries to which rules are applied.
|
|
|
|
Note that in targeted attacks, dictionary files are created ad-hoc, taking all the digital material of the target into consideration.
|
|
|
|
--
|
|
|
|
|
|
### Password manager
|
|
|
|
Generate random, hard to gues and crack passwords, unique for every website.
|
|
|
|
You need to remember a single password to access the manager.
|
|
|
|
|
|
notes: spiegare master password, che e' possibile fare piu' liste di
|
|
password, suggerire buone pratiche.
|
|
|
|
--
|
|
|
|
### What about the master password?
|
|
- Never share it
|
|
- Never write it down
|
|
- Use at least 4 common words, think of an image or story to memorize the password
|
|
|
|
![](https://imgs.xkcd.com/comics/password_strength.png)
|
|
<!-- .element: class="fragment" -->
|