-
Recent Posts
- Tech Sharecase, 8 December 2017
- Technology Sharecase, 10 November 2017
- Tech Sharecase, 20 October 2017
- Tech Sharecase, 8 September 2017
- Tech Sharecase, 5 May 2017
- Tech Sharecase, 21 April 2017
- Tech Sharecase, 18 November 2016
- Tech Sharecase, 23 September 2016
- Tech Sharecase: 28 July 2016
- Tech Sharecase on 10 May 2016
-
Archives
- December 2017
- November 2017
- October 2017
- September 2017
- May 2017
- April 2017
- November 2016
- October 2016
- July 2016
- May 2016
- October 2015
- September 2015
- May 2015
- April 2015
- November 2014
- June 2014
- April 2014
- March 2014
- February 2014
- January 2014
- October 2013
- September 2013
- August 2013
- July 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- October 2012
- September 2012
- July 2012
- June 2012
- May 2012
- March 2012
- February 2012
- January 2012
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
-
Meta
Monthly Archives: September 2017
Tech Sharecase, 8 September 2017
For our first meeting of the fall semester, we had 22 attendees in the 9th floor conference room sharing ideas about ways to create and manage passwords.
We started the discussion by referring to this recent Wall Street Journal article in which the person responsible for writing a set of long-standing best practices for password creation decided his guidelines needed a complete overhaul:
McMillan, Robert. “The Man Who Wrote those Password Rules has a New Tip: N3v$r M1^d! Bill Burr’s 2003 Report Recommended using Numbers, Obscure Characters and Capital Letters and Updating Regularly–He Regrets the Error.”Wall Street Journal (Online), Aug 07, 2017, ABI/INFORM Global, http://remote.baruch.cuny.edu/login?url=https://search.proquest.com/docview/1926721443?accountid=8500.
During our discussion, a number of different options for password creation and management came up:
- Password management software (most will store your username/password credentials and help you create very strong passwords)
- Saving passwords in a local spreadsheet or text file (that may also be encrypted)
- Using Diceware to create strong passphrases
Some institutions have set up LastPass at the enterprise level, enabling all employees to have their own accounts and to share passwords with trusted colleagues. It was noted that LastPass has struggled in the past year with a security problem that is worrisome for its users.
We talked generally about what makes a strong password and how a long passphrase can actually be as secure if not more so than shorter password with a bunch of random characters, something this xchd cartoon by Randall Munroe illustrates well:
One amusing thing that came up in our discussion was a list of the most common passwords people use (“123456” is at the top of the list year after year).
We also talked about the way passwords get hacked by means of dictionary attacks (a brute force method in which a computer throws billions of words from dictionaries in every language at a login) and social engineering attacks in which users are tricked into giving away their login credentials.
It was noted that while two-factor authentication can offer an additional layer of security, it is not without weaknesses, too:
- Can be hard to implement at the enterprise level, as it requires every person to do something additional to log in beyond simply typing in a user name and password
- If the second layer of authentication involves sending a text message to the user’s phone with a unique PIN that has to be typed in after the password, the phone then becomes the weak point, as it is increasingly common for hackers to steal people’s cell phone numbers away from them and thus be able to hijack this additional security layer
- You can use a security key for two-factor authentication like this one from Yubico but not all systems will accept it
For two-factor authentication, authentication apps (like Authy) were suggested as being more secure than getting text messages with login codes.
Next Meeting
We looked at the list of topics already suggested for upcoming meetings:
- Sharing screens among students and instructor in a classroom
- Data management and preservation
- Faculty and staff options for file storage and sharing
- Slack
- Integrating LibGuides into Blackboard
- Open educational resources (OERs)
- Online and Hybrid Tools (Screencast-O-Matic, VoiceThread)
- What is blockchain?
- Intro to encryption and what are options for encryption (personal and work)
- Technology fatigue
- Internet of things
- Cybersecurity
- Digital archiving
Our next meeting will be a Friday in October (look for an announcement soon).