Online Privacy, Security and Password Management

Ohio Linuxfest
Saturday, 2019Nov02
15:00 in Union A

der.hans
CDE
Object Rocket, a rackspace company
https://www.ObjectRocket.com/

Finding Hans

First off,

IANAL

And,

Specifically…

More Importantly,

IANYL

If you need legal review for any ideas from this talk, talk to YOUR lawyer

Why do we need security?

— Spectre/Meltdown — Equifax admin/admin — Gentoo GitHub // password policy that mandates password managers is planned — Heartbleed — Apple SSL — Apple iCloud — Home Depot — Target — Yahoo! x 2 — LinkedIn x 3 — Eharmony — Last.FM — TJ Maxx / Marshalls — Adobe — Nieman Marcus — 7-eleven — Barnes and Noble — TriCare x 2

— Mat Honan — Jennifer Lawrence — Kate Upton — Rhianna

Cost

"They could have used my e-mail accounts to gain access to my online banking, or financial services. They could have used them to contact other people, and socially engineer them as well." – Mat Honan

What’s really at Stake?

"more than a year’s worth of photos, covering the entire lifespan of my daughter" – Mat Honan

"including those irreplaceable pictures of my family, of my child’s first year and relatives who have now passed from this life" – Mat Honan

Data Collection

First Things First

Encryption Demos

When to Use Encryption

What to Encrypt

Password Bleedover

Avoid the Domino Effect

Domino Effect: credentials stolen from one site used to compromise your other accounts

Really!

Use unique passwords for every site!

Are you you?

Unique

Random String

Random Word Salad

ERROR: /dev/brain read-write failure

But, Hans, that’s way too much to memorize and it’s not near as interesting as baseball stats…

Password Managers

Password Manager Requirements

Password Manager Bonuse Features

My Recommendations

One Password to Protect Them All

KeePassX_2.x.png

One Password to Hold Them All

keepitsecret300_preview.png

Memorizing Passphrases

password_strength.png

Pronounceable Strings

Are you you?

Authentification is identifying that you are you

How do you prove it?

4th Element: You’ve been tokenized

ID: Username

ID: Email Address

ID: Using Subaddressing

ID: Cookies

ID: Device ID

ID: Security Questions and Answers

The most important thing is …

Nonsense Is More Secure

LIE

ID: Security Questions and Answers

Multi-Factor Authentication (MFA)

MFA: TOTP ( Application or Token )

MFA: HOTP

MFA: Message - SMS

MFA: Message - Push Notification

MFA: Email

MFA: Phone Call

MFA: Body Part

ID: Birthdate

Other Data

Key Value Store

Backups

Going Forward

Nicht Vergessen!

Please use unique credentials for every site!

Glossary

Resources

Obtaining Software

Credits

Bonus Rounds

Data Escrow

Tips

Getting Help