Usable security How to be secure without PostIt
Usable security How to be secure without Post-It Notes
How do you hack a password? • Ask • Guess • Brute force • Common word • Dictionary
How we measure • This is based on how quickly it could be compromised • This is impacted by how many attempts can be made a second • Most web based systems could not accept more than 100 requests a second • Simple password like “sun” • Brute force: 3 minutes • Common word: 3 minutes • Dictionary: 1 hour 20 minutes
So what is good enough? 1 minute – too risky 10 minutes – not really any better 1 hour – still worth the effort for most 1 day – hitting the risk likelihood position. Are you really interesting enough? 1 month – dedicated hacker territory 1 year – you or your company are not that interesting, but still theoretically not enough • 10 years – only poor in theoretical terms • 100 years – you’d be dead. Does it really matter if they hack it then? Consider this “secure for life” • 1000 years – Let’s call this “secure forever” • • •
Let’s begin (and this is usually where your IT department ends) • This is where most of us meet the Post It Note
So how do I ditch the Post It? • Let me make a password I can remember in my head • Have a crypto expert test how hard it is to crack • The three word example above: • 1, 163, 859 years using a brute-force method • 2, 537 years using a common word attack • 39, 637, 240 years using a dictionary attack • Most security experts would say, that’s enough • Key take away: It is 10 times more secure to use "this is fun" as your password, than "J 4 f. S<2". (This is the talking point you want to approach you IT team with)
Is this the best we can do? • Use uncommon words • Another option: padding • If you control the app design you can make this even better with access limits • Time delay • Penalty period
Summary • Passwords can be highly secure and easy to remember Sources: https: //www. baekdal. com/trends/password-security-usability https: //www. grc. com/sn/past/2011. htm June 2, 2011 podcast
- Slides: 8