Transcript Slide 1

Internet Security
Passwords
What Are Passwords?
• September 2008: Hacker steals password, breaks into
Vice-Presidential candidate Sarah Palin’s email account.
•
2005: Hacker steals file with customer passwords from
advertising company Acxiom.
• October 2009: Hackers steal thousands of passwords
from Hotmail, Gmail, and Yahoo accounts, then post
them online.
What Are Passwords?
• People need all sorts of keys for everyday life.
• Your family uses a key to lock the front door when
someone goes out, and to open the door to come
back inside.
• Keys are used to lock and unlock the doors and
trunk of a car.
• A store’s owner will use a key to open and close for
the day.
What Are Passwords?
• All of these keys are used to get to something; the
inside of a house, a car, a store.
• The keys also make these things safe, by keeping
out strangers.
• We use keys like this on the Internet too. Internet
keys used to open things for us and keep out
strangers are known as passwords.
What Are Passwords?
• Passwords are kind of different from everyday keys like your
house keys though.
• Passwords are also like nametags.
• People at work will sometimes wear tags with their name and
picture on them. This shows that they are really allowed to
work there.
• Passwords are like your nametag when you are on the Internet.
What Are Passwords?
• Like nametags, passwords are also made up of characters like
letters.
• Passwords are kind of different from nametags too.
• Instead of just using letters, passwords can use anything else
you might type in on a keyboard, like numbers or question
marks.
When Are They Used?
November 2005:
Private Info On Website For Papa John’s Pizza Is Leaked
Between Sept 29 and November 7th, personal comments by users
and company emails were displayed publicly on an online mailing
list.
Users’ names, addresses, phone numbers, and email addresses were exposed.
So were private discussions between managers.
This occurred because Papa John’s Pizza’s email system did not use
passwords. Since this occurred, they have now installed a password system.
http://news.cnet.com/Pizza-chain-caught-without-fully-baked-security/2100-7349_35938572.html?tag=lia;rcol
When Are They Used?
There are many websites that
may make you use a password.
Websites for talking to
friends like Facebook or
MySpace make you use
passwords.
Websites that let you email
people make you use
passwords.
You or a teacher might
need to use a password to
get on some school
related websites.
When Are They Used?
• When you make passwords to be able to use websites, you
have to give the websites facts about yourself.
• When you do this and make a password to use, these websites
make a personal “account” for you that only you can use.
• Now you can use these websites. The password you use keeps
the facts you gave safe.
• The password also shows that you have gotten special
permission from the website to use it.
When Are They Used?
• Sometimes you also need a password to be able to
use a computer.
• This is done to keep important files and personal
information private, so that only people with special
permission can see and use that stuff.
Reasons For Protecting Your Password
October 2009:
Man in Hazel Green, WI charged with identity theft.
According to local authorities, he found the pin # and
password to someone else’s PayPal account.
He then used the person’s account to buy 47 items, totaling
$1,753. 53.
http://www.wkowtv.com/Global/story.asp?S=11383665
Reasons for Protecting Passwords
•
Just like with regular keys, you don’t want to leave
your password out for someone to take.
• This could be bad for a number of reasons.
• The Internet is kind of different from everyday life, so
it is important to look at some of the reasons we
need to protect our passwords.
Reasons For Protecting Your Password
oSomeone could steal personal information from you
or your family. This might be
Your birthday, address, or phone number
Credit card numbers or bank account information
Important information about money or school.
Reasons For Protecting Your Passwords
A stranger could do bad things with
this stolen information like
Stealing money from your family’s bank
account.
Buying lots of things for themselves using
a family account instead of paying for it
themselves.
Damaging or stealing programs and files
on the computer you use.
Reasons For Protecting Your Passwords
Someone who has your password can also
Act up on an account to get you kicked off
or embarrass you
Give your personal information to other people
Use your account to attack other people using
computer viruses
Reasons For Protecting Your Passwords
• Remember that your password is like a nametag.
• If a stranger has it, they can pretend to be you
online.
•
If that person does anything bad online or to other
computers, you could be blamed for it.
How To Make A Safe Passwords
• Someone who wants to steal your password will usually try
guessing what it is
• There are special computer programs and viruses that a person
can use to guess other people’s passwords
• These programs only work well for unsafe passwords
• To protect yourself, you need strong passwords
How To Make Safe Passwords
• Passwords can be tricky, because you have to come
up with good ones yourself.
• Don’t worry though. There are rules you can follow
to help you make a good password
How To Make Safe Passwords
• Passwords that are longer are harder to guess.
• You should use at least 8 typed characters.
• Don’t just use upper or lower case letters. Mix them up.
• Passwords are hard to guess if they use more than one
kind of character.
• Don’t just use letters. Use symbols and numbers too, like 8 or
%.
How To Make Safe Passwords
•
Passwords are the safest when they look really mixed
up and
confusing to other people.
•
A good way you can do this is by chopping up real words and mixing
them with other characters.
•
You should also try to make passwords that you can remember
without too much trouble.
•
This can be done by making your own secret messages.
How To Make Safe Passwords
Here is an example to show how you can do these
things.
• Start with a message that means something to you: “ My cute
dog Argos is two years old.”
• Now write the message with just one letter from each word:
“mcdAityo”
• Now try to mix things up with other characters: M;c13D>Ai2_y0
• This is just an example. Remember, you have to come up with
your own.
What You Should
Not Do
The Most Common Passwords In 2007:
1.
password
6.
monkey
2.
123456
7.
myspace1
3.
qwerty
8.
password1
4.
abc123
9.
link182
5.
letmein
10. (your first name)
http://www.pcmag.com/article2/0,2817,2113976,00.asp
What You Should Not
Do
•
In October 2009, security researchers looked at over 10,000
passwords which had been captured by attackers from people’s
“accounts”.
•
Most of the passwords did not follow good password practice and
were easy to guess.
•
Many were still things like “123456” or first names.
•
Let’s go over common mistakes to avoid when you make your
passwords.
http://news.cnet.com/8301-27080_3-10371499-245.html
What You Should Not
Do
These are things you should not do when making a
password.
• Do not use words or names in any language.
• Do not use personal information like your birthday or phone
number.
• Do not use ordered characters, like “1,2,3,4,5,” or “abcdef”.
What You Should
Not Do
More things you should not do when making a
password.
• Don’t use basic words that have just been moved around, like
backwards words or anagrams.
• “Anagrams” are words made by moving around the letters of a
word. An anagram of “pepsi” would be “pipes”.
• A password isn’t safe unless it looks really mixed up. If it still
looks like a word, like “Pa55w0Rd”, its not safe.
Keeping Your Passwords Safe
July 2007:
Nevada governor’s email password accidentally posted
on state government website
Microsoft Word document is posted by the Nevada government on its
website, explaining how to send the governor’s email updates.
Document shows the governor’s password for his email.
Other documents on the website also show his password for some
time afterward.
http://news.cnet.com/8301-10784_3-9747705-7.html?tag=mncol;title
Keeping Your Passwords Safe
After you make passwords you still
have to keep them safe.
Here are some ways to do it.
Never let a computer remember your
password for you. Anyone else who
used that computer could easily get your
password.
Do not keep passwords anywhere
online, especially in emails.
Some websites have you come up with a
password recovery question in case you
forget your password. Make sure to pick
an answer for these questions that is
hard to guess.
Keeping Your Passwords Safe
Be careful if you have to write or type your password in public.
Make sure that no one can see it.
Don’t let anyone except an authorized adult know what your
password is.
If you have to give your password to someone, try to give it in
person.
Keeping Your Passwords Safe
Don’t use the same password for
more than one “account” or
computer.
Passwords can be hard to remember.
It’s OK if you write them down, but
make sure to keep them somewhere
safe.
Websites will make you change your
password every so often. Make sure
that when you do change passwords,
you make safe ones.
Keeping Your Passwords Safe
Remember,
if you think someone might have your password . . .
Change it ! !
Conclusion
• Passwords are very important because they are your Internet
keys and name tags.
• It is important to make them safe, to keep people from getting
sensitive information.
• Passwords might seem complicated and a lot of bother, but
they can actually be a lot of fun.
Why Don’t We Try Making Our Own Right Now ?
Sources
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
http://www.staysafeonline.info/content/cyber-security-materials
http://cybersmartcurriculum.org/safetysecurity/lessons/4-5/powerful_passwords/
http://cybersmartcurriculum.org/safetysecurity/lessons/9-12/managing_passwords/
http://it.unm.edu/accts/passwordinfo.html
http://www.tcnj.edu/~it/security/passwords.html
http://www.cs.unc.edu/cgi-bin/howto?howto=security-passwords
http://en.wikipedia.org/wiki/Passwords
http://www.microsoft.com/protect/fraud/passwords/create.aspx
http://www.cert.org/homeusers/HomeComputerSecurity/#6
http://www.securityfocus.com/infocus/1537
http://www.securityfocus.com/infocus/1192
http://news.cnet.com/8301-27080_3-10371499-245.html?tag=mncol;txt
http://www.cnn.com/2008/POLITICS/10/08/palin.hacker/index.html
http://news.cnet.com/Data-thief-gets-eight-years/2100-7348_3-6042290.html?tag=lia;rcol
http://www.pcworld.com/article/173210/stolen_hotmail_passwords_show_that_crooks_like
_webmail.html
Sources
•
•
•
•
http://news.cnet.com/Pizza-chain-caught-without-fully-baked-security/2100-7349_35938572.html?tag=lia;rcol
http://www.wkowtv.com/Global/story.asp?S=11383665
http://www.pcmag.com/article2/0,2817,2113976,00.asp
http://news.cnet.com/8301-10784_3-9747705-7.html?tag=mncol;title