Two-Factor Authentication & Tools
for Password Management
August 29, 2014
Pang Chamreth, IT
Development Innovations
1
Objectives
•
•
•
•
•
•
Understand what is two-factor authentication
Define how to enable two-factor authentication for
Understand how to setup step by step
Understand most common worst password
Know how to securing your password
Understand what is password management
Pang Chamreth, IT
Development Innovations
2
What is Two-Factor Authentications
• Two-factor authentication adds a second level of
authentication to an account log-in.
• Two-factor authentication is used to increase security
by requiring:
“Something you know”
Pang Chamreth, IT
Development Innovations
AND “Something you have”
3
How to enable two factor
authentications for:
•
•
•
•
•
•
•
LinkedIn
Twitter
Microsoft
Apple
Google
Yahoo
Dropbox
Pang Chamreth, IT
Development Innovations
4
Benefits of Two-Factor Authentications
• Stronger security
• When logging in to your account, after typing in your
username and password, a second password sent to
you via text.
• If a hacker gets your username and password they
still won’t be able to get in to your account.
Pang Chamreth, IT
Development Innovations
5
Does loss of
control over
your email?
Pang Chamreth, IT
Development Innovations
6
How two-factor authentication can help
•
•
•
•
Can recovery your email’s password
Can protect your account from hacker
Easy to used with 1st password & 2nd mobile
See the practice to use 2-step verification on your
google account
Pang Chamreth, IT
Development Innovations
7
Practices to used two- factor authentication
Practices to used two- factor authentication with google
account.
Set up 2- Step Verifications
Pang Chamreth, IT
Development Innovations
8
2-step verification
Help to prevent hacker that try to use your account
when they know your username and password.
For best practices we will set up 2-Step Verification in
Gmail account.
Pang Chamreth, IT
Development Innovations
9
Why you should use 2-Step Verification
2-Step Verification adds an extra layer of security to
your Google Account, drastically reducing the chances
of having the personal information in your account
stolen.
To break into an account with 2-Step Verification,
hacker would not only have to know your username and
password, they'd also have to get a hold of your phone.
Pang Chamreth, IT
Development Innovations
10
How it work
• Enter your password
• Enter a code from your phone
• Keep it simple
Pang Chamreth, IT
Development Innovations
11
Set up 2-Step Verification
Sign in to your Google Account settings page by
clicking on your name or picture in the upper right
corner of the screen and then clicking Account.
Pang Chamreth, IT
Development Innovations
12
See Setup process
• At the top, click Security tab
• In the Password box, click Setup next to “2-Step
verification” This will bring your to the 2-Step
Verification settings page.
• You will then see a step-by-step guide which will help
you through the setup process.
Pang Chamreth, IT
Development Innovations
13
Set up a backup
• Once you’re done, you’ll be taken to the 2-Step
Verification settings page again. Be sure to review
your settings and Set up a backup phone numbers
and Get backup codes.
• You’re done! Next time you sign in, you’ll receive an
SMS with a verification code
Pang Chamreth, IT
Development Innovations
14
Common Techniques for Protecting
Emails
• The three common techniques adopted by most
internet users for protecting themselves are:
1. Logging out of accounts when they’re done, and not just
close your
2. Confirm it is a secure session or website (such as https://)
for “security”
3. Changing password periodically
Pang Chamreth, IT
Development Innovations
15
Best practices of password management
Why best practices of password management are
required?
Recently, most of people have their own password at
least three so they are difficult to remember all of it
because of they don’t know how to manage their
password properly. You will see the common password
that the hacker can easily to guess.
Pang Chamreth, IT
Development Innovations
16
Most Common Passwords
• Most people choose passwords that can too easily be
guessed. If your password can easily be guessed, or
it can easily be reset, you are at risk of identity theft.
Pang Chamreth, IT
Development Innovations
17
Most Common Passwords
Pang Chamreth, IT
Development Innovations
18
Password recommendations
• A good password are:
–
–
–
–
–
–
Private
Secret
Easily Remembered
At least 8 characters, complex
Not guessable
Changed regularly
• Beware that someone may see you typing it. If you
accidentally type your password instead of your login
name, it may appear in system log files
• Use 3rd party tools to encrypt password
Pang Chamreth, IT
Development Innovations
19
Sample how to put password
Combine 2 unrelated words
Mail + phone = m@!lf0n3
Abbreviate a phrase
My favorite color is blue=
Mfciblue
Music lyric
Happy birthday to you,
happy birthday to you,
happy birthday dear John,
happy birthday to you.
hb2uhb2uhbdJhb2u
Pang Chamreth, IT
Development Innovations
20
How are passwords stolen?
• Cracked
Brutef orce
Dictionary- based
Decryption
• Theft
Key loggers
Screen captures
Social engineering
Pang Chamreth, IT
Development Innovations
21
Securing your password
•
•
•
•
•
Do not share your password with others
Avoid recording your passwords in an insecure manner
Avoid saving passwords in Web browsers and other applications
Always delete e-mails that contain a password
Use a Web site’s logout feature rather than just closing your
browser
• Be smart with secret questions and answers
• Create strong passwords with a combination of number, special
symbols, and letters that cannot be guessed
• Always change passwords Once every three months is
recommended
Pang Chamreth, IT
Development Innovations
22
Password management
• Today you need to remember many passwords. You
need a password for:
-
Windows network logon,
Servers and Routers
E-mail account, Social account
your website's FTP password,
online passwords (like website member account), etc.
• Password Management(LastPass – KeePass)
Pang Chamreth, IT
Development Innovations
23
What is KeePass?
• Free open source for password manager
• No need remember many passwords
• Can bring along with you any where
Pang Chamreth, IT
Development Innovations
24
Q&A
***Security is everyone’s responsibility!
Pang Chamreth, IT
Development Innovations
25