We all use passwords; for our banking cards, for our emails, to log into our work environment, to access our computers and mobile devices and for all the various apps on those devices, for our social media account, and more. They have become commonplace in our society, yet provide us with a false sense of security. This presentation will discuss the inherent failures when using passwords, how they are now being used against us to commit cyber-crimes, what we need to be doing currently to protect ourselves, and what the future of passwords may hold. Main points covered: • How criminals are using our passwords to commit cyber-crimes • Managing passwords and current ways to protect your data • What the future may hold for our passwords Presenter: Ryan Duquette is passionate about digital forensic investigations and with keeping others from being victimized. He's a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He founded Hexigent Consulting which is a firm focusing on digital investigations, cyber security consulting services and litigation support. Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches He is a sessional lecturer at the University of Toronto teaching digital forensics, holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications. Ryan is a director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide. Recorded webinar: https://youtu.be/WTIImiEu078

3. Rank 2011 2012 2013 2014 2015 2016 2017
1 password password 123456 123456 123456 123456 123456
2 123456 123456 password password password password password
3 12345678 12345678 12345678 12345 12345678 12345 12345678
4 qwerty abc123 qwerty 12345678 qwerty 12345678 qwerty
5 abc123 qwerty abc123 qwerty 12345 football 12345

4. NIST Special Publication 800-63A

6. P@ssw0rdJan18
P@ssw0rdDec18

7. NIST Special Publication 800-63B

9. • Default Passwords
• How criminals are using breach data
• How our emails and passwords can be used to
find our personal information
• Steps to mitigate those risks.

13. Breach Data

14. • Average Business User Has 191 Passwords
• The average 250-employee company has 47,750
passwords in use
• 61% of people to use the same or a similar password
everywhere, despite knowing that it's not a secure
practice
https://blog.lastpass.com/2017/11/lastpass-reveals-8-truths-about-passwords-in-the-new-password-expose.html/

17. From: Paton Reiner <jrrein*****@outlook.com>
Date: July 20, 2018 at 12:32:24 PM EDT
To: "__________________ (redacted)"
Subject: (redacted - this was the recipients
"username" and "password")

25. Current Landscape

27. (-1i3Zp9lNF6JhK^Ffg-
&CZ1xc4b=S.+bZUfV
v51g?M6v2BB`T

28. Two-Factor Authentication
Something you know: Password
Something you have:
One Time Password Token, or OTP app

30. Two Factor Authentication
https://twofactorauth.org/

34. The Password is dead, Long live the ?

36. Three-Factor Authentication
Something you know
Something you have
Something you are: biometrics, iris scan,
Voice/facial recognition

39. Four-Factor Authentication
Something you know
Something you have
Something you are
Somewhere you are: IP address, MAC address,
Geo location

41. Five-Factor Authentication
Something you know
Something you have
Something you are
Somewhere you are
Something you do: gestures, eye movement, breathing
patterns

44. ISO/IEC 27032
Training Courses
• ISO/IEC 27032 Introduction
1 Day Course
• ISO/IEC 27032 Foundation
2 Days Course
• ISO/IEC 27032 Lead Cybersecurity Manager
5 Days Course
Exam and certification fees are included in the training price.
www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
www.pecb.com/events

45. THANK YOU
?
ryanduquette@hexigent.com
www.Hexigent.com
linkedin.com/in/ryanduquettemsc