X-Git-Url: https://git.friedersdorff.com/?a=blobdiff_plain;f=slides.rst;h=2d143b7f59b1f6ab2cac67cf8293fa7432f42e97;hb=HEAD;hp=ae9e451615ecbc2d5bf76bf9ce7874a7721a852a;hpb=a3d2a9ad14d606464db3d45aeb9f36a4cabd2343;p=max%2Fintro_dice_and_pmgmnt.git diff --git a/slides.rst b/slides.rst index ae9e451..2d143b7 100644 --- a/slides.rst +++ b/slides.rst @@ -24,8 +24,8 @@ most places and the following common scenario: #. User registers an account with a careless service, eg Facebook, Yahoo, Google, Equifax etc. etc. -#. The service is hacked and the password database is leaked -#. The hacker logs in to the email accounts +#. The service is hacked and the password and email is leaked +#. The hacker logs in to the email account #. The hacker resets passwords on all important accounts tied to that email address @@ -109,10 +109,10 @@ Passphrases are better than passwords: * Tr0ub4dor&3 -> 28 bits of entropy, hard to remember * correct horse battery stable -> 44 bits of entropy, easy to remember -Use passphrases everywhere you have to remember. +If you have to remember it, use a passphrase. -Generate passphrases with Diceware -================================== +Generate passphrases with Diceware_ +=================================== 1. Roll 5, 6 sided, *physical* dice 2. Read the numbers left to right 3. Find the word with that number on a list 6^5 (7776) words @@ -144,8 +144,32 @@ In no particular order: green address bar, or a green lock icon or similar in your browser * Use two factor or two step authentication everywhere if possible * Turn of automatic image rendering. Better still, disable HTML rendering and - authoring entirely + authoring entirely in your email client * Be suspicious of *all* emails. Risky things: HTML email, images, unknown sender, poor spelling/grammer, 'Your email client can't display this email, click here to view in your browser' or similar attempts to coerce you to click on things + +Resources +--------- + +`EFF notes on Diceware`_ They generally have good advice for these kinds of +topics. + +`This Presentation`_ + +`Keepass`_, an offline password manager + +`1Password`_, a pay to use password manager with some nice features + +`LastPass`_, an online password manager with a gratis tier + +.. _Diceware: http://world.std.com/~reinhold/diceware.html +.. _EFF notes on Diceware: https://www.eff.org/dice +.. _This Presentation: https://git.friedersdorff.com/max/intro_dice_and_pmgmnt +.. _Keepass: https://keepass.info/ +.. _1Password: https://1password.com/ +.. _LastPass: https://www.lastpass.com/ + + +.. target-notes::