Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 8

Cybersecurity Basics #3 - Passwords

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Morning, everybody. How's it going today? I know am I adopted a random time for this episode again. We are going to chalk that up on a to business travel. I'm currently in Anaheim for the AWS Summit here in town yet. Another glamorous generic hotel at the time. You don't get me wrong with getting great service at the property but still for a background originally when I thought about this topic for the basics and we're going to talk about the passwords and past phrases today what I thought into the camera into the mic for a good 25 minutes passwords are probably the example of everything that is wrong with security in the digital domain and let me just apologize for the last 40 Years of professional practice around this.

So what's the Give you a clear understanding of what passwords are what password is and why we use them that combines with a username that you're you write authentication is a security will cover authentication vs. Authorization in another Topic in making sure your you is really important because if you log into Facebook, you should only see yourself not under the understanding of okay.

We need some way of making sure that you are you is pretty clear for most the challenge prep solution, but they're the least of all the oceans. Is really hard to figure out who's who at scale and right and we try to I'll make sure that that idea is really difficult to forge like a password but it's obviously a Dream from the 60's where people were forging documents to me through there's a long history of internalized be around what makes a good password is all flat out wrong mathematically.

It is wrong psychologically it is wrong and everything that we've internalized about like eight characters or more needs to have a lowercase to uppercase at least one number and a symbol. Security passwords write the passwords security of those passwords are far worse. And then what the current times is, so there is a group in the States called the standards and now they are sorted are the gold standard for these kinds of standards in Psychology.

The goal of a good password is to make sure that it's really hard for anybody but you to guess The goal is to make it hard for a computer to brute-force it than Brute Force means that the computer just tried again and again and again again again really really fast.

I'm in the order of tens of thousands and thousands if not millions of times per second to guess your password. Now, there is a bunch of Defense has put in place on websites and applications to stop those gases from being so fast is obviously a human could ever do that you seen these breaches where somebody's gotten in and stolen the database of passwords are those passwords should be in crooked now in crooked music should be stored as passwords.

They should be stored as a cold mathematically One Way code of those passwords that if you only way you can get back to that code is if you type it in and it will cover the security of our encryption and hashing and things in the next episode of the important thing is to know that your password as you type it.

Also this rotating passwords every 30 days or more every 90 days to worst passwords. I'm in at least the worst security outcomes. So so far. We got a bad thing that we treat poorly that we'd have bad operational security around at least a bad outcomes. And so far more than what it says is that you shouldn't put a limit on how many specific you should strongly encourage minimums passwords and so were talking in 1624 characters or more the idea here to make it hard for gas.

Frase Del Paz frases just a sentence that you remember where two or three and that you can figure out I'm so the goal here is to have a something that is long and thanks to you. I'm making me a series of words that make sense. You using some random words what is because of something I am called entropy entropy is essentially and the challenges of round on designing our breaking passwords down because what we're talking about for the math sign this horrible example of entropy recover that online somewhere along password is to make it a problem space.

So the longer the password the bigger the possible space of passwords. So if you have a 1 letter password, and we know that that is got to be within a certain set of characters are within the bounds of all the possible characters you can type in which is, you know, somewhere upwards of like 15.

15000 characters and if you go to 2 now its 1 and thirty thousand characters are actually in that math is off its higher than that. I'm really not with it this morning. But the point is longer the password is the harder it is to love having a past with a passphrase is to keep it for as long as possible.

So the new recommendations that you change it once a year or if something happened, so if somebody broke into a war you think somebody broke in to see where you was in your password or if you think somebody saw it on your shoulder, then you should be changing the piece of software.

You can pay for them or you can find them on open sores and stores a bunch of passwords. And then in that both are bunch of automatically generated gobbledygook passwords that are really long and you don't have to worry about them into your web sites in that kind of thing.

And that's how you get a good strong and password security another goal here having different passwords for Sight. Is it at once I get breached your all of your sight Sinatra. So let's say your corporate website gets hacked Gmail and your Facebook or Twitter or Instagram and all this kind of stuff.

So it's not rest. But of course, you can't remember hunter that has a password manager. So, you know when you have those little stars or die during your password to the reason behind On your shoulder and they're physically looking or if they're able to record the screen somehow but they don't get access to your password.

So you see on some sites are notably amazon.com check. Show me my password. I'm to see what's going on on your phone. Keep it close to you so that only you can see it and nobody can see it from the proper research. You should always be able to paste into Security box, but not coffee from it for obvious reasons to be able to copy somebody's but you could always be able to implement that are the designer but that's good.

But remember if you come across that that's not yours. Mark MCA for those of you on the floor on the streaming channels and, as always everybody else email me at Mark n. C. A password is it when something happens or once a year and should be regularly rotated going to take a while for the rest of the distance to give me the place, but that's the way it where we should go better security outcomes.

I hope you have a fantastic day. I will see you on Monday traveling on the time tomorrow. So we will skip a day at a time and we'll be back at it after the weekend. Morning, everybody. How's it going today? I know am I adopted a random time for this episode again.

We are going to chalk that up on a to business travel. I'm currently in Anaheim for the AWS Summit here in town yet. Another glamorous generic hotel at the time. You don't get me wrong with getting great service at the property but still for a background originally when I thought about this topic for the basics and we're going to talk about the passwords and past phrases today what I thought into the camera into the mic for a good 25 minutes passwords are probably the example of everything that is wrong with security in the digital domain and let me just apologize for the last 40 Years of professional practice around this.

So what's the Give you a clear understanding of what passwords are what password is and why we use them that combines with a username that you're you write authentication is a security will cover authentication vs. Authorization in another Topic in making sure your you is really important because if you log into Facebook, you should only see yourself not under the understanding of okay.

We need some way of making sure that you are you is pretty clear for most the challenge prep solution, but they're the least of all the oceans. Is really hard to figure out who's who at scale and right and we try to I'll make sure that that idea is really difficult to forge like a password but it's obviously a Dream from the 60's where people were forging documents to me through there's a long history of internalized be around what makes a good password is all flat out wrong mathematically.

It is wrong psychologically it is wrong and everything that we've internalized about like eight characters or more needs to have a lowercase to uppercase at least one number and a symbol. Security passwords write the passwords security of those passwords are far worse. And then what the current times is, so there is a group in the States called the standards and now they are sorted are the gold standard for these kinds of standards in Psychology.

The goal of a good password is to make sure that it's really hard for anybody but you to guess The goal is to make it hard for a computer to brute-force it than Brute Force means that the computer just tried again and again and again again again really really fast.

I'm in the order of tens of thousands and thousands if not millions of times per second to guess your password. Now, there is a bunch of Defense has put in place on websites and applications to stop those gases from being so fast is obviously a human could ever do that you seen these breaches where somebody's gotten in and stolen the database of passwords are those passwords should be in crooked now in crooked music should be stored as passwords.

They should be stored as a cold mathematically One Way code of those passwords that if you only way you can get back to that code is if you type it in and it will cover the security of our encryption and hashing and things in the next episode of the important thing is to know that your password as you type it.

Also this rotating passwords every 30 days or more every 90 days to worst passwords. I'm in at least the worst security outcomes. So so far. We got a bad thing that we treat poorly that we'd have bad operational security around at least a bad outcomes. And so far more than what it says is that you shouldn't put a limit on how many specific you should strongly encourage minimums passwords and so were talking in 1624 characters or more the idea here to make it hard for gas.

Frase Del Paz frases just a sentence that you remember where two or three and that you can figure out I'm so the goal here is to have a something that is long and thanks to you. I'm making me a series of words that make sense. You using some random words what is because of something I am called entropy entropy is essentially and the challenges of round on designing our breaking passwords down because what we're talking about for the math sign this horrible example of entropy recover that online somewhere along password is to make it a problem space.

So the longer the password the bigger the possible space of passwords. So if you have a 1 letter password, and we know that that is got to be within a certain set of characters are within the bounds of all the possible characters you can type in which is, you know, somewhere upwards of like 15.

15000 characters and if you go to 2 now its 1 and thirty thousand characters are actually in that math is off its higher than that. I'm really not with it this morning. But the point is longer the password is the harder it is to love having a past with a passphrase is to keep it for as long as possible.

So the new recommendations that you change it once a year or if something happened, so if somebody broke into a war you think somebody broke in to see where you was in your password or if you think somebody saw it on your shoulder, then you should be changing the piece of software.

You can pay for them or you can find them on open sores and stores a bunch of passwords. And then in that both are bunch of automatically generated gobbledygook passwords that are really long and you don't have to worry about them into your web sites in that kind of thing.

And that's how you get a good strong and password security another goal here having different passwords for Sight. Is it at once I get breached your all of your sight Sinatra. So let's say your corporate website gets hacked Gmail and your Facebook or Twitter or Instagram and all this kind of stuff.

So it's not rest. But of course, you can't remember hunter that has a password manager. So, you know when you have those little stars or die during your password to the reason behind On your shoulder and they're physically looking or if they're able to record the screen somehow but they don't get access to your password.

So you see on some sites are notably amazon.com check. Show me my password. I'm to see what's going on on your phone. Keep it close to you so that only you can see it and nobody can see it from the proper research. You should always be able to paste into Security box, but not coffee from it for obvious reasons to be able to copy somebody's but you could always be able to implement that are the designer but that's good.

But remember if you come across that that's not yours. Mark MCA for those of you on the floor on the streaming channels and, as always everybody else email me at Mark n. C. A password is it when something happens or once a year and should be regularly rotated going to take a while for the rest of the distance to give me the place, but that's the way it where we should go better security outcomes.

I hope you have a fantastic day. I will see you on Monday traveling on the time tomorrow. So we will skip a day at a time and we'll be back at it after the weekend.