SlideShare ist ein Scribd-Unternehmen logo

„The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups

Als ODP, PDF herunterladen
Kaido Kikkas
Kaido Kikkas

A presentation at the HCII 2013 conference in Las Vegas, July 25, 2013 (co-authored with Birgy Lorenz and Aare Klooster).

BildungTechnologie
1 von 17
„The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups Kaido Kikkas Birgy Lorenz Aare Klooster Estonian IT College Tallinn University Tallinn University & Tallinn University c Kaido Kikkas 2013. This document is distributed under the Creative Commons Attribution-ShareAlike 3.0 Estonia license.
This thing's got a beard ● The first widespread notion about password security (or lack thereof) – The Stockings Were Hung by the Chimney with Care by Bob Metcalfe from 1973 (RFC602) ● An even earlier case described by Richard M. Stallman from the MIT AI Lab in the 60s ● The quote with four common passwords comes from the movie Hackers from 1990 (yes, the one with geeky Angelina Jolie)
The Infamous Dumbuser (a.k.a. Ordinary Joe/Jane) ● A typical scenario: – Jane/Joe has to choose a password, picks something easy and obvious – Bad Guys guess it, resulting in SHTF – Jane/Joe gets a good thrashing from a local BOFH, followed by a long and grumpy lecture about password security – Jane/Joe gets a secure password – alas, it is impossible to remember and needs to be written down (to some obvious place) – Bad Guys intercept it with even more SHTF
The obligatory piece of geekiness http://imgs.xkcd.com/comics/authorization.png
Mitnick says ● Security = – Policies – People – Processes – Technology ● In password security, technology is often the least important
The study ● Stage I: password usage in Estonian schools among different user groups – Students (high school, vocational school, university) – Teachers/trainers – ICT specialists at schools – A large comparison group of 'average users' (convenience sample based on personal contacts)
... ● Stage II – e-safety training with different groups, based on the Stage I results – Password models – Strength testing – Safe storage options – General tips on e-safety ● This stage is still ongoing
Some results ● Stage I revealed the overall lack of security awareness – and especially among 'those who should know better' ● The behavioral patterns in different user groups were more similar than predicted
Examples ● Most respondents only use 4 or less different passwords (incl 54% of the ICT specialists) ● More than a half of the respondents use short passwords with 9 or less characters ● The only remarkable redeeming quality among ICT specialists was including special characters in passwords ● Teachers actually ranked below students
... ● Apparent lack of creativity – both in password and 'secret question' choices ● Password sharing among friends/family is widespread ● Overall awareness of computer security varies with some worrisome findings (e.g. 26% of the ICT specialists did not update their systems)
A parable of two tools... ● Cugnot's fardier à vapeur, 1771 ● Speed 2.25 mph ● Bugatti Veyron, 2010 ● Speed 250 mph Note: the pictures on this and next slide come from Wikimedia Commons
… and SHTFs ● 1771 ● 2010 ● What did break and what did survive?
e-stonia ● Among top countries in Internet freedom ● E-banking (used by ~70% of the population) ● E-declaration of income (~70%) ● E-voting (Riigikogu 2011 – 24.3%) ● National ID-card infrastructure with large and growing online application base ... ● BUGATTI VEYRON....??
Main things to do ● Quote Mitnick: technology is the least one – Promote the least bad choice for passwords – long passphrases that ● are in native language (if other than English; also applies to usernames) ● make sense as words, not as phrase (e.g. “TheViolinDoesNotComputeMacaroni”) ● contain some 1337 and punctuation – Train good password storage practices – Password security is just a part of the whole ● Lack of knowledge is curable, stupidity is not
No fool like an old fool ● Start young! ● Caution – the concept of secrecy can be hard to grasp for young children (and can contradict some other principles) ● Curiosity can be dangerous but is vital – especially when dealing with adolescents ● Overconfidence kills - “experienced users” are notably hard to (re)train – but “putting the nose into it” can help
Instead of conclusion http://imgs.xkcd.com/comics/security.png
Thank you These slides @ Slideshare (CC BY-SA): http://slideshare.net/UncleOwl The (upcoming) Digital Safety Lab @ Tallinn University: http://www.tlu.ee/dsl Contact: {first.last}@tlu.ee The research was supported by the European Social Fund’s Doctoral Studies and Internationalisation Programme DoRa (governed by the Archimedes Foundation) and by the Estonian Information Technology Foundation http://www.spreadshirt.net

Empfohlen

"If I Don't Like Your Online Profile, I Will Not Hire You!"
"If I Don't Like Your Online Profile, I Will Not Hire You!""If I Don't Like Your Online Profile, I Will Not Hire You!"
"If I Don't Like Your Online Profile, I Will Not Hire You!"Kaido Kikkas
 
Student Environment Powerpoint[2]
Student Environment Powerpoint[2]Student Environment Powerpoint[2]
Student Environment Powerpoint[2]Maryam_A_T
 
Shannon Morris PDLM presentation
Shannon Morris PDLM presentationShannon Morris PDLM presentation
Shannon Morris PDLM presentationshannoncmorris
 
Power point presentation digital citizenship
Power point presentation digital citizenshipPower point presentation digital citizenship
Power point presentation digital citizenshipSharda Mohamed
 
Star Kamal 9 B
Star Kamal 9 BStar Kamal 9 B
Star Kamal 9 Bjboulanger
 
Social and legal issues in i
Social and legal issues in iSocial and legal issues in i
Social and legal issues in iHassan Nasir
 
Everyone's a Coder Now: Reading and Writing Technical Code
Everyone's a Coder Now: Reading and Writing Technical CodeEveryone's a Coder Now: Reading and Writing Technical Code
Everyone's a Coder Now: Reading and Writing Technical CodeJulie Meloni
 
The Top Five Legal Pitfalls of Social Media for School Districts
The Top Five Legal Pitfalls of Social Media for School DistrictsThe Top Five Legal Pitfalls of Social Media for School Districts
The Top Five Legal Pitfalls of Social Media for School DistrictsDiana Benner
 

Empfohlen

"If I Don't Like Your Online Profile, I Will Not Hire You!"
"If I Don't Like Your Online Profile, I Will Not Hire You!""If I Don't Like Your Online Profile, I Will Not Hire You!"
"If I Don't Like Your Online Profile, I Will Not Hire You!"Kaido Kikkas
 
Student Environment Powerpoint[2]
Student Environment Powerpoint[2]Student Environment Powerpoint[2]
Student Environment Powerpoint[2]Maryam_A_T
 
Shannon Morris PDLM presentation
Shannon Morris PDLM presentationShannon Morris PDLM presentation
Shannon Morris PDLM presentationshannoncmorris
 
Power point presentation digital citizenship
Power point presentation digital citizenshipPower point presentation digital citizenship
Power point presentation digital citizenshipSharda Mohamed
 
Star Kamal 9 B
Star Kamal 9 BStar Kamal 9 B
Star Kamal 9 Bjboulanger
 
Social and legal issues in i
Social and legal issues in iSocial and legal issues in i
Social and legal issues in iHassan Nasir
 
Everyone's a Coder Now: Reading and Writing Technical Code
Everyone's a Coder Now: Reading and Writing Technical CodeEveryone's a Coder Now: Reading and Writing Technical Code
Everyone's a Coder Now: Reading and Writing Technical CodeJulie Meloni
 
The Top Five Legal Pitfalls of Social Media for School Districts
The Top Five Legal Pitfalls of Social Media for School DistrictsThe Top Five Legal Pitfalls of Social Media for School Districts
The Top Five Legal Pitfalls of Social Media for School DistrictsDiana Benner
 
Geo
GeoGeo
GeoMariella Azzato
 
EeNET: development and lessons
EeNET: development and lessonsEeNET: development and lessons
EeNET: development and lessonsKaido Kikkas
 
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäOpettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäKaido Kikkas
 
Kaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaido Kikkas
 
T2
T2T2
T2Mariella Azzato
 
Innovation Parkour TEDIndia
Innovation Parkour TEDIndiaInnovation Parkour TEDIndia
Innovation Parkour TEDIndiaMichael Dila
 
PR43 Advertisement
PR43 AdvertisementPR43 Advertisement
PR43 Advertisementpublicrelations43
 
T1 Expresion
T1 ExpresionT1 Expresion
T1 ExpresionMariella Azzato
 
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Kaido Kikkas
 
Rss Creative
Rss CreativeRss Creative
Rss CreativeMariella Azzato
 
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusSotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusKaido Kikkas
 
J.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmJ.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmKaido Kikkas
 
Vecchietti a spasso
Vecchietti a spassoVecchietti a spasso
Vecchietti a spassofranceo
 
Necessary freedoms for information society
Necessary freedoms for information societyNecessary freedoms for information society
Necessary freedoms for information societyKaido Kikkas
 
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Michael Dila
 
Eesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisEesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisKaido Kikkas
 
Code of Ethics in E-learning
Code of Ethics in E-learningCode of Ethics in E-learning
Code of Ethics in E-learningKaido Kikkas
 
Vabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidVabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidKaido Kikkas
 
Religious Symbols
Religious SymbolsReligious Symbols
Religious Symbolsashie22
 
Etl523 pres jj jarick
Etl523 pres jj jarickEtl523 pres jj jarick
Etl523 pres jj jarickjamesjarick
 
The birth of an online module about privacy - Schoutsen & van Putten
The birth of an online module about privacy - Schoutsen & van PuttenThe birth of an online module about privacy - Schoutsen & van Putten
The birth of an online module about privacy - Schoutsen & van PuttenIL Group (CILIP Information Literacy Group)
 
Cybersafety
Cybersafety Cybersafety
Cybersafety Sue Noor
 

Weitere ähnliche Inhalte

Andere mochten auch

EeNET: development and lessons
EeNET: development and lessonsEeNET: development and lessons
EeNET: development and lessonsKaido Kikkas
 
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäOpettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäKaido Kikkas
 
Kaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaido Kikkas
 
Innovation Parkour TEDIndia
Innovation Parkour TEDIndiaInnovation Parkour TEDIndia
Innovation Parkour TEDIndiaMichael Dila
 
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Kaido Kikkas
 
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusSotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusKaido Kikkas
 
J.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmJ.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmKaido Kikkas
 
Vecchietti a spasso
Vecchietti a spassoVecchietti a spasso
Vecchietti a spassofranceo
 
Necessary freedoms for information society
Necessary freedoms for information societyNecessary freedoms for information society
Necessary freedoms for information societyKaido Kikkas
 
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Michael Dila
 
Eesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisEesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisKaido Kikkas
 
Code of Ethics in E-learning
Code of Ethics in E-learningCode of Ethics in E-learning
Code of Ethics in E-learningKaido Kikkas
 
Vabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidVabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidKaido Kikkas
 
Religious Symbols
Religious SymbolsReligious Symbols
Religious Symbolsashie22
 

Andere mochten auch (19)

Geo
GeoGeo
Geo
 
EeNET: development and lessons
EeNET: development and lessonsEeNET: development and lessons
EeNET: development and lessons
 
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestäOpettajat ja oikeudet: vapaan kulttuurin tärkeydestä
Opettajat ja oikeudet: vapaan kulttuurin tärkeydestä
 
Kaks teistmoodi e-õpet
Kaks teistmoodi e-õpetKaks teistmoodi e-õpet
Kaks teistmoodi e-õpet
 
T2
T2T2
T2
 
Innovation Parkour TEDIndia
Innovation Parkour TEDIndiaInnovation Parkour TEDIndia
Innovation Parkour TEDIndia
 
PR43 Advertisement
PR43 AdvertisementPR43 Advertisement
PR43 Advertisement
 
T1 Expresion
T1 ExpresionT1 Expresion
T1 Expresion
 
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
Of Hobbits, Amish, Hackers and Technology (or, is technology for humans or vi...
 
Rss Creative
Rss CreativeRss Creative
Rss Creative
 
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustusSotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
Sotsiaalne tarkvara ja võrgukogukonnad: kursuse tutvustus
 
J.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailmJ.R.R. Tolkien ja tema maailm
J.R.R. Tolkien ja tema maailm
 
Vecchietti a spasso
Vecchietti a spassoVecchietti a spasso
Vecchietti a spasso
 
Necessary freedoms for information society
Necessary freedoms for information societyNecessary freedoms for information society
Necessary freedoms for information society
 
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
Persuasion, Presentation & Practice: Rotman Storytelling for Business worksho...
 
Eesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest EestisEesti Vabaks? Vaba tarkvara perspektiividest Eestis
Eesti Vabaks? Vaba tarkvara perspektiividest Eestis
 
Code of Ethics in E-learning
Code of Ethics in E-learningCode of Ethics in E-learning
Code of Ethics in E-learning
 
Vabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelidVabad litsentsid: motivatsioon ja ärimudelid
Vabad litsentsid: motivatsioon ja ärimudelid
 
Religious Symbols
Religious SymbolsReligious Symbols
Religious Symbols
 

Ähnlich wie „The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups

Etl523 pres jj jarick
Etl523 pres jj jarickEtl523 pres jj jarick
Etl523 pres jj jarickjamesjarick
 
Cybersafety
Cybersafety Cybersafety
Cybersafety Sue Noor
 
Tech integration
Tech integrationTech integration
Tech integrationSümeyye Ak
 
Prof Ed 10- Lesson 5.pptx
Prof Ed 10- Lesson 5.pptxProf Ed 10- Lesson 5.pptx
Prof Ed 10- Lesson 5.pptxJumairaSharief
 
Internet Awareness October 2013
Internet Awareness October 2013Internet Awareness October 2013
Internet Awareness October 2013Julie Esanu
 
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011Jason Hong
 
Digital security -mariamustelier
Digital security -mariamustelierDigital security -mariamustelier
Digital security -mariamustelierFrank Gilbert
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Hannah Jane del Castillo
 
Use of PLEs by security and investigation professionals
Use of PLEs by security and investigation professionalsUse of PLEs by security and investigation professionals
Use of PLEs by security and investigation professionalsTony Ratcliffe
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfMahdi_Fahmideh
 
Lessons Learned from the Safer Internet Program in Estonia
Lessons Learned from the Safer Internet Program in EstoniaLessons Learned from the Safer Internet Program in Estonia
Lessons Learned from the Safer Internet Program in EstoniaeLearning Papers
 
Five Reasons Not to Use EdTech
Five Reasons Not to Use EdTechFive Reasons Not to Use EdTech
Five Reasons Not to Use EdTechAndrew Campbell
 

Ähnlich wie „The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups (20)

Etl523 pres jj jarick
Etl523 pres jj jarickEtl523 pres jj jarick
Etl523 pres jj jarick
 
The birth of an online module about privacy - Schoutsen & van Putten
The birth of an online module about privacy - Schoutsen & van PuttenThe birth of an online module about privacy - Schoutsen & van Putten
The birth of an online module about privacy - Schoutsen & van Putten
 
Cybersafety
Cybersafety Cybersafety
Cybersafety
 
Tech integration
Tech integrationTech integration
Tech integration
 
Prof Ed 10- Lesson 5.pptx
Prof Ed 10- Lesson 5.pptxProf Ed 10- Lesson 5.pptx
Prof Ed 10- Lesson 5.pptx
 
Ethics andtel
Ethics andtelEthics andtel
Ethics andtel
 
Learning to use and sustaining use of ICTs by older people' Prof Leela Damod...
Learning to use and sustaining use of ICTs by older people' Prof Leela Damod...Learning to use and sustaining use of ICTs by older people' Prof Leela Damod...
Learning to use and sustaining use of ICTs by older people' Prof Leela Damod...
 
ICT and Citizenship
ICT and CitizenshipICT and Citizenship
ICT and Citizenship
 
Presentation
PresentationPresentation
Presentation
 
Internet Awareness October 2013
Internet Awareness October 2013Internet Awareness October 2013
Internet Awareness October 2013
 
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
Achieving Behavioral Change, for ISSA 2011 in San Francisco Feb 2011
 
Digital security -mariamustelier
Digital security -mariamustelierDigital security -mariamustelier
Digital security -mariamustelier
 
Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)Internet Issues (How to Deal on Internet Security)
Internet Issues (How to Deal on Internet Security)
 
Use of PLEs by security and investigation professionals
Use of PLEs by security and investigation professionalsUse of PLEs by security and investigation professionals
Use of PLEs by security and investigation professionals
 
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdfDigital Forensics for Artificial Intelligence (AI ) Systems.pdf
Digital Forensics for Artificial Intelligence (AI ) Systems.pdf
 
Dec2018 istanbul-2
Dec2018 istanbul-2Dec2018 istanbul-2
Dec2018 istanbul-2
 
DistanceEducation
DistanceEducationDistanceEducation
DistanceEducation
 
Lessons Learned from the Safer Internet Program in Estonia
Lessons Learned from the Safer Internet Program in EstoniaLessons Learned from the Safer Internet Program in Estonia
Lessons Learned from the Safer Internet Program in Estonia
 
Five Reasons Not to Use EdTech
Five Reasons Not to Use EdTechFive Reasons Not to Use EdTech
Five Reasons Not to Use EdTech
 
SAFETY ISSUES NOTES.docx
SAFETY ISSUES NOTES.docxSAFETY ISSUES NOTES.docx
SAFETY ISSUES NOTES.docx
 

Mehr von Kaido Kikkas

Alustav ettevõtja ja tarkvaralitsentsid 190522.pdf
Alustav ettevõtja ja tarkvaralitsentsid 190522.pdfAlustav ettevõtja ja tarkvaralitsentsid 190522.pdf
Alustav ettevõtja ja tarkvaralitsentsid 190522.pdfKaido Kikkas
 
Avatud e-kursuse kogemusi COVID-19 ajastul
Avatud e-kursuse kogemusi COVID-19 ajastulAvatud e-kursuse kogemusi COVID-19 ajastul
Avatud e-kursuse kogemusi COVID-19 ajastulKaido Kikkas
 
"Loll saab Internetis kah peksa"
"Loll saab Internetis kah peksa""Loll saab Internetis kah peksa"
"Loll saab Internetis kah peksa"Kaido Kikkas
 
Tants intellektuaalomandi ümber
Tants intellektuaalomandi ümberTants intellektuaalomandi ümber
Tants intellektuaalomandi ümberKaido Kikkas
 
Digital Survival Skills: A Course for TalTech Employees
Digital Survival Skills: A Course for TalTech EmployeesDigital Survival Skills: A Course for TalTech Employees
Digital Survival Skills: A Course for TalTech EmployeesKaido Kikkas
 
A Different Kind of E-Learning
A Different Kind of E-LearningA Different Kind of E-Learning
A Different Kind of E-LearningKaido Kikkas
 
Itti püsti & pikali
Itti püsti & pikaliItti püsti & pikali
Itti püsti & pikaliKaido Kikkas
 
One Flew Over the Hackers' Nest...
One Flew Over the Hackers' Nest...One Flew Over the Hackers' Nest...
One Flew Over the Hackers' Nest...Kaido Kikkas
 
Garage48 accessibility talk 261114
Garage48 accessibility talk 261114Garage48 accessibility talk 261114
Garage48 accessibility talk 261114Kaido Kikkas
 
Vaba ja tasuta...?
Vaba ja tasuta...?Vaba ja tasuta...?
Vaba ja tasuta...?Kaido Kikkas
 
Turvalise Interneti päev 11. veebruaril 2014
Turvalise Interneti päev 11. veebruaril 2014Turvalise Interneti päev 11. veebruaril 2014
Turvalise Interneti päev 11. veebruaril 2014Kaido Kikkas
 
Of Hobbits, Amish, Hackers and Technology 2014
Of Hobbits, Amish, Hackers and Technology 2014Of Hobbits, Amish, Hackers and Technology 2014
Of Hobbits, Amish, Hackers and Technology 2014Kaido Kikkas
 
Hüüru Teabetoa arvutikoolitus 16.02.13
Hüüru Teabetoa arvutikoolitus 16.02.13Hüüru Teabetoa arvutikoolitus 16.02.13
Hüüru Teabetoa arvutikoolitus 16.02.13Kaido Kikkas
 
Võrgustikuseminar 260412 wikiversity
Võrgustikuseminar 260412 wikiversityVõrgustikuseminar 260412 wikiversity
Võrgustikuseminar 260412 wikiversityKaido Kikkas
 
Teeme ise muinasjuttu - Wesnothi õpituba
Teeme ise muinasjuttu - Wesnothi õpitubaTeeme ise muinasjuttu - Wesnothi õpituba
Teeme ise muinasjuttu - Wesnothi õpitubaKaido Kikkas
 
Open Courses: The Next Big Thing in E-Learning?
Open Courses: The Next Big Thing in E-Learning?Open Courses: The Next Big Thing in E-Learning?
Open Courses: The Next Big Thing in E-Learning?Kaido Kikkas
 
IT Kolledži uudishimupäev 2011
IT Kolledži uudishimupäev 2011IT Kolledži uudishimupäev 2011
IT Kolledži uudishimupäev 2011Kaido Kikkas
 
Võrgumaailm kui kõverpeegel
Võrgumaailm kui kõverpeegelVõrgumaailm kui kõverpeegel
Võrgumaailm kui kõverpeegelKaido Kikkas
 
Mis ma andsin, see mul on
Mis ma andsin, see mul onMis ma andsin, see mul on
Mis ma andsin, see mul onKaido Kikkas
 
Creative Commons: väiteid ja näiteid
Creative Commons: väiteid ja näiteidCreative Commons: väiteid ja näiteid
Creative Commons: väiteid ja näiteidKaido Kikkas
 

Mehr von Kaido Kikkas (20)

Alustav ettevõtja ja tarkvaralitsentsid 190522.pdf
Alustav ettevõtja ja tarkvaralitsentsid 190522.pdfAlustav ettevõtja ja tarkvaralitsentsid 190522.pdf
Alustav ettevõtja ja tarkvaralitsentsid 190522.pdf
 
Avatud e-kursuse kogemusi COVID-19 ajastul
Avatud e-kursuse kogemusi COVID-19 ajastulAvatud e-kursuse kogemusi COVID-19 ajastul
Avatud e-kursuse kogemusi COVID-19 ajastul
 
"Loll saab Internetis kah peksa"
"Loll saab Internetis kah peksa""Loll saab Internetis kah peksa"
"Loll saab Internetis kah peksa"
 
Tants intellektuaalomandi ümber
Tants intellektuaalomandi ümberTants intellektuaalomandi ümber
Tants intellektuaalomandi ümber
 
Digital Survival Skills: A Course for TalTech Employees
Digital Survival Skills: A Course for TalTech EmployeesDigital Survival Skills: A Course for TalTech Employees
Digital Survival Skills: A Course for TalTech Employees
 
A Different Kind of E-Learning
A Different Kind of E-LearningA Different Kind of E-Learning
A Different Kind of E-Learning
 
Itti püsti & pikali
Itti püsti & pikaliItti püsti & pikali
Itti püsti & pikali
 
One Flew Over the Hackers' Nest...
One Flew Over the Hackers' Nest...One Flew Over the Hackers' Nest...
One Flew Over the Hackers' Nest...
 
Garage48 accessibility talk 261114
Garage48 accessibility talk 261114Garage48 accessibility talk 261114
Garage48 accessibility talk 261114
 
Vaba ja tasuta...?
Vaba ja tasuta...?Vaba ja tasuta...?
Vaba ja tasuta...?
 
Turvalise Interneti päev 11. veebruaril 2014
Turvalise Interneti päev 11. veebruaril 2014Turvalise Interneti päev 11. veebruaril 2014
Turvalise Interneti päev 11. veebruaril 2014
 
Of Hobbits, Amish, Hackers and Technology 2014
Of Hobbits, Amish, Hackers and Technology 2014Of Hobbits, Amish, Hackers and Technology 2014
Of Hobbits, Amish, Hackers and Technology 2014
 
Hüüru Teabetoa arvutikoolitus 16.02.13
Hüüru Teabetoa arvutikoolitus 16.02.13Hüüru Teabetoa arvutikoolitus 16.02.13
Hüüru Teabetoa arvutikoolitus 16.02.13
 
Võrgustikuseminar 260412 wikiversity
Võrgustikuseminar 260412 wikiversityVõrgustikuseminar 260412 wikiversity
Võrgustikuseminar 260412 wikiversity
 
Teeme ise muinasjuttu - Wesnothi õpituba
Teeme ise muinasjuttu - Wesnothi õpitubaTeeme ise muinasjuttu - Wesnothi õpituba
Teeme ise muinasjuttu - Wesnothi õpituba
 
Open Courses: The Next Big Thing in E-Learning?
Open Courses: The Next Big Thing in E-Learning?Open Courses: The Next Big Thing in E-Learning?
Open Courses: The Next Big Thing in E-Learning?
 
IT Kolledži uudishimupäev 2011
IT Kolledži uudishimupäev 2011IT Kolledži uudishimupäev 2011
IT Kolledži uudishimupäev 2011
 
Võrgumaailm kui kõverpeegel
Võrgumaailm kui kõverpeegelVõrgumaailm kui kõverpeegel
Võrgumaailm kui kõverpeegel
 
Mis ma andsin, see mul on
Mis ma andsin, see mul onMis ma andsin, see mul on
Mis ma andsin, see mul on
 
Creative Commons: väiteid ja näiteid
Creative Commons: väiteid ja näiteidCreative Commons: väiteid ja näiteid
Creative Commons: väiteid ja näiteid
 

Kürzlich hochgeladen

How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxCeline George
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...Nguyen Thanh Tu Collection
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Pooja Bhuva
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 

Kürzlich hochgeladen (20)

How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 

„The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups

  • 1. „The four most-used passwords are love, sex, secret, and God“: password security and training in different user groups Kaido Kikkas Birgy Lorenz Aare Klooster Estonian IT College Tallinn University Tallinn University & Tallinn University c Kaido Kikkas 2013. This document is distributed under the Creative Commons Attribution-ShareAlike 3.0 Estonia license.
  • 2. This thing's got a beard ● The first widespread notion about password security (or lack thereof) – The Stockings Were Hung by the Chimney with Care by Bob Metcalfe from 1973 (RFC602) ● An even earlier case described by Richard M. Stallman from the MIT AI Lab in the 60s ● The quote with four common passwords comes from the movie Hackers from 1990 (yes, the one with geeky Angelina Jolie)
  • 3. The Infamous Dumbuser (a.k.a. Ordinary Joe/Jane) ● A typical scenario: – Jane/Joe has to choose a password, picks something easy and obvious – Bad Guys guess it, resulting in SHTF – Jane/Joe gets a good thrashing from a local BOFH, followed by a long and grumpy lecture about password security – Jane/Joe gets a secure password – alas, it is impossible to remember and needs to be written down (to some obvious place) – Bad Guys intercept it with even more SHTF
  • 4. The obligatory piece of geekiness http://imgs.xkcd.com/comics/authorization.png
  • 5. Mitnick says ● Security = – Policies – People – Processes – Technology ● In password security, technology is often the least important
  • 6. The study ● Stage I: password usage in Estonian schools among different user groups – Students (high school, vocational school, university) – Teachers/trainers – ICT specialists at schools – A large comparison group of 'average users' (convenience sample based on personal contacts)
  • 7. ... ● Stage II – e-safety training with different groups, based on the Stage I results – Password models – Strength testing – Safe storage options – General tips on e-safety ● This stage is still ongoing
  • 8. Some results ● Stage I revealed the overall lack of security awareness – and especially among 'those who should know better' ● The behavioral patterns in different user groups were more similar than predicted
  • 9. Examples ● Most respondents only use 4 or less different passwords (incl 54% of the ICT specialists) ● More than a half of the respondents use short passwords with 9 or less characters ● The only remarkable redeeming quality among ICT specialists was including special characters in passwords ● Teachers actually ranked below students
  • 10. ... ● Apparent lack of creativity – both in password and 'secret question' choices ● Password sharing among friends/family is widespread ● Overall awareness of computer security varies with some worrisome findings (e.g. 26% of the ICT specialists did not update their systems)
  • 11. A parable of two tools... ● Cugnot's fardier à vapeur, 1771 ● Speed 2.25 mph ● Bugatti Veyron, 2010 ● Speed 250 mph Note: the pictures on this and next slide come from Wikimedia Commons
  • 12. … and SHTFs ● 1771 ● 2010 ● What did break and what did survive?
  • 13. e-stonia ● Among top countries in Internet freedom ● E-banking (used by ~70% of the population) ● E-declaration of income (~70%) ● E-voting (Riigikogu 2011 – 24.3%) ● National ID-card infrastructure with large and growing online application base ... ● BUGATTI VEYRON....??
  • 14. Main things to do ● Quote Mitnick: technology is the least one – Promote the least bad choice for passwords – long passphrases that ● are in native language (if other than English; also applies to usernames) ● make sense as words, not as phrase (e.g. “TheViolinDoesNotComputeMacaroni”) ● contain some 1337 and punctuation – Train good password storage practices – Password security is just a part of the whole ● Lack of knowledge is curable, stupidity is not
  • 15. No fool like an old fool ● Start young! ● Caution – the concept of secrecy can be hard to grasp for young children (and can contradict some other principles) ● Curiosity can be dangerous but is vital – especially when dealing with adolescents ● Overconfidence kills - “experienced users” are notably hard to (re)train – but “putting the nose into it” can help
  • 17. Thank you These slides @ Slideshare (CC BY-SA): http://slideshare.net/UncleOwl The (upcoming) Digital Safety Lab @ Tallinn University: http://www.tlu.ee/dsl Contact: {first.last}@tlu.ee The research was supported by the European Social Fund’s Doctoral Studies and Internationalisation Programme DoRa (governed by the Archimedes Foundation) and by the Estonian Information Technology Foundation http://www.spreadshirt.net