Making Passwords Secure
()
About this ebook
Passwords are not the problem.
The management of passwords is the real security nightmare.
User authentication is the most ignored risk to enterprise cybersecurity. When end users are allowed to generate, know, remember, type and manage their own passwords, IT has inadvertently surrendered the job title Network Security Manager to employees - the weakest link in the cybersecurity chain.
Dovell Bonnett reveals the truth about the elephant in the room that no one wants to mention: Expensive backend security is worthless when the virtual front door has a lousy lock!
Dovell proves that making passwords secure is not only possible, passwords can actually become an effective, cost efficient and user friendly feature of robust cybersecurity. After examining how encryption keys are secured, this book introduces a new strategy called Password Authentication Infrastructure (PAI) that rivals digital certificates.
Passwords are not going away. What needs to be fixed is how passwords are managed.
Making Passwords Secure: THE SIMPLE TRUTH About Multi-Factor Authentication (and how to make MFA fast, easy and affordable)!
Related to Making Passwords Secure
Related ebooks
Cracking the Fortress: Bypassing Modern Authentication Mechanism Rating: 0 out of 5 stars0 ratingsCyber Forensics Up and Running: A hands-on guide to digital forensics tools and technique (English Edition) Rating: 0 out of 5 stars0 ratingsZero Trust Proactive Cyber Security For Everyone: Protecting America Through Technology Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratingsInstant Netcat Starter Rating: 4 out of 5 stars4/5Speaking Their Language: The Non-Techie's Guide to Managing IT & Cybersecurity for Your Organization Rating: 0 out of 5 stars0 ratingsThe Core of Hacking Rating: 0 out of 5 stars0 ratingsKali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratingsThe Active Defender: Immersion in the Offensive Security Mindset Rating: 0 out of 5 stars0 ratingsThe Personal Digital Resilience Handbook: An essential guide to safe, secure and robust use of everyday technology Rating: 0 out of 5 stars0 ratingsPenetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsBlind Spot: Smartphone and Computer Personal Security Guide Rating: 3 out of 5 stars3/5Privileged Attack Vectors: Building Effective Cyber-Defense Strategies to Protect Organizations Rating: 0 out of 5 stars0 ratingsHacking Multifactor Authentication Rating: 0 out of 5 stars0 ratingsGray Hat: Vulnerability Scanning & Penetration Testing Rating: 0 out of 5 stars0 ratingsCyber Combat: Learn to Defend Against Cyber Attacks and Corporate Spying Rating: 0 out of 5 stars0 ratingsCybersecurity Policy A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsDefense in Depth: An Impractical Strategy for a Cyber-World Rating: 5 out of 5 stars5/5Overview of Some Windows and Linux Intrusion Detection Tools Rating: 0 out of 5 stars0 ratingshacktivist: Hacker School Attacked Rating: 0 out of 5 stars0 ratingsCybersecurity Regulations A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsPractical Malware Prevention Rating: 0 out of 5 stars0 ratingsBuilding Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsKali A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsLearning Network Forensics Rating: 5 out of 5 stars5/5Building a Pentesting Lab for Wireless Networks Rating: 0 out of 5 stars0 ratingsNetwork And Security Fundamentals For Ethical Hackers: Advanced Network Protocols, Attacks, And Defenses Rating: 0 out of 5 stars0 ratingsApplication Security Program Handbook Rating: 0 out of 5 stars0 ratings
Security For You
Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA CySA+ Study Guide: Exam CS0-003 Rating: 2 out of 5 stars2/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsThe Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsBlockchain Basics: A Non-Technical Introduction in 25 Steps Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 5 out of 5 stars5/5Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques Rating: 5 out of 5 stars5/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5
Reviews for Making Passwords Secure
0 ratings0 reviews
Book preview
Making Passwords Secure - Dovell Bonnett
Copyright © 2016 by Dovell Bonnett
All rights reserved. Except for appropriate use in critical reviews or works of scholarship, no part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or in any information storage and retrieval system without written permission from the author.
Library of Congress Cataloging-in-Publication Data
Bonnett, Dovell
Making Passwords Secure: Fixing the Weakest Link in Cybersecurity
ISBN: 978-1524269203
Cover Design: Fiona Jayde
Interior Design: Tamara Cribley
www.Access-Smart.com
1. Computers & Technology. 2. Security & Encryption. 3. Network Security.
To my beautiful, loving and supportive wife, Marguerite. Without your support and encouragement, this book would not have been possible.
And to every business owner, IT manager, and employee who experiences password fatigue.
Disclaimer
Because of the dynamic nature of the Internet, any Web addresses or links contained in this book may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.
The author of this book does not dispense legal advice or prescribe the use of any technology as a form of absolute protection from hackers. The intent of the author is only to offer information of a general nature to help you in your quest for computer security. In the event you use any of the information in this book for yourself, or your company, which is your constitutional right, the author and the publisher assume no responsibility for your actions.
Praise for Making Passwords Secure
I most highly recommend reading the timely and informative book by Dovell Bonnett, Making Passwords Secure: Fixing the Weakest Link in Cybersecurity
. As companies, individuals are increasingly being subjected to breaches and ransomware attacks, the need for cybersecurity awareness and safeguards have become paramount. Thankfully, Dovell, who has been creating computer security solutions for over 20 years, offers a one-stop guide book on how to mitigate cyber threats by explaining the basis and tactics of authentication security. The book is written in a concise style that provides useful information for both laymen and serious techies. It is a book that should be on everyone’s reading list!
~ Chuck Brooks, Vice President, Sutherland Government Solutions
If you want to find out about the world of multi-factor authentication in a less technical and more informative way, I can genuinely recommend this book.
~ Sandra Jones, Principal, Sandra Jones and Company
Addictive… Introduces readers to this brave new world of technology, where hackers roam free, and victims include nearly anyone on the Web. Dovell presents this myriad of cyber weaknesses and attack examples in a matter-of-fact voice with intriguing real world examples throughout. It’s both fun and informative.
~Eileen Kent, The Federal Sales Sherpa, President, Custom Keynotes, LLC
Understanding the weak points in cybersecurity allows IT to fill them, but not without a budget. CEOs need to understand what their CISOs are facing. No one points this out better than Dovell. Logging on to your computer network will have a new meaning after reading this book.
~Sherman Crancer, Microsoft PCDM
Dovell Bonnett urges business owners to take responsibility for their computer networks and cybersecurity. If you don’t get your employees out of the position of network security administrator, then the responsibility of a data breach will be on the owners.
~ William Yeadon, CEO, Chase Security Solutions, Australia
This book is a MUST-READ for any manager in the IT industry. While there are many, competing priorities in information technology, being conversant on the notion of a Password Authentication Infrastructure
is critical enough to demand everyone’s attention. I have received so many ah-ha
moments as I read this book; things that are right before my eyes that I have given little thought or to which I have paid little attention. Thank you Dovell for opening my eyes to the one commonly used, yet overlooked security vulnerability! Thank you for providing a road-map to addressing this is an effective way! Your writing style and appropriate humor made this topic very digestible!
~ Karen Clay, IT Director, Carlos Rosario International Public Charter School
Making Passwords Secure is a must-read for everyone. No matter what business you’re in, strong passwords and effective password management are critical for maintaining secure networks. Dovell Bonnett has done us all a favor by combining his knowledge, helpful stories, and extensive research in an easy-to-read format. Get this on your bookshelf today!
~ Dietrich Wecker, Security Software Developer
Multi-factor authentication is essential for good security, with a remembered password as a common factor. Dovell Bonnett writes in a clear, easy-to-understand, non-technical style, with useful information. This book claims to be A guide to understanding the weakest links, and appropriate solutions for cybersecurity.
I feel it meets these claims, and more.
~ Hitoshi Kokumai, President, Mnemonic Security, Inc.
In this thought-provoking work, Dovell Bonnett digs into the nuts-and-bolts of the authentication challenge and talks about why username-and-password isn’t going away anytime soon but can be made secure for many applications. As The Password Guy,
Dovell debunks many of the myths of infallibility surrounding multi-factor authentication and other high-technology solutions, in favor of a pragmatic approach to password management that is a 99% solution to this often vexing enterprise challenge.
~Chris Williams, co-author of Enterprise Cybersecurity: How to Build a Successful Cybersecurity Program Against Advanced Threats
Acknowledgements
I want to thank the many people who have helped make this book and my business possible. First and foremost, I want to acknowledge Dietrich and Christine Wecker, and Marc Jacquinot for their friendship and collaboration. They ignited my passion for secure password authentication and supported my mission to make ID badges do more than make a door go beep.
I also want to thank those people who, over my 25 years in the industry, have contributed to my knowledge and understanding of smartcards, cryptography, and the business ramifications of technology. Thank you, John Corbett, Jody Zimmerman, Juergen Hammerschmitt, Chris Goeltner, Robert Merkert, Steve Hamilton, Anne Gregory, Bob Gilson, Alex Giakoumis, Shirley Gonzalez, Mark McGovern, Bryan Ichikawa, Bruce Ross, Mike Dusche, Mark Scaparro, and Dominic Piperno for sharing your time, knowledge, and insight.
I also want to thank the many people within the Microsoft community who encouraged me to write this book. I first need to recognize Casey Watson who had to put up with my badgering question, So how do you log into Azure?
I also want to thank Sherman Crancer, Candy Stark, Justin Slagle, Maryam Al-Hammami, Kimberley Kenner, Jonathan Frieber, Lacy Finley, David Gersten, Dave Seibert, Veronica Place, Bill Hole, Eric Klauss, and all the other wonderful members of IAMCP. These people and many more who I am just getting to know are amazing, and it is my privilege to know them.
Finally, there are individuals whose guidance and insight have contributed to my business growth and professionalism who I also want to thank: Michael Jalaty, Diane Kehlenbeck, Eileen Kent, Chuck Brooks, Terry Gold, Chris Williams, Hitishi Kokumai, Tamara Bill, Denise Griffitts, Martin Kleckner, Dane Kinnear, Donald Kasle, Denzil Barber, Karen Clay, Mike Rudderow, Aaron Flick, Keith Cunningham, Tom Hope, and Dr. Neil Kalin.
I have been incredibly lucky to have so many people help me throughout my career. It would be impossible to thank them all. I offer this book in gratitude to them all, with my promise to pay it forward.
Table of Contents
Introduction
Chapter 1
The Real Problem with Passwords
Chapter 2
The Current State of Passwords
Chapter 3
The World of Ciphers
Chapter 4
Authentication
Chapter 5
Multi-Factor Authentication (MFA)
Chapter 6
Cyber Attacks and Best Defenses
Chapter 7
PKI: A Lock is Only as Secure as Its Key
Chapter 8
Cyber Authentication Infrastructures
Chapter 9
Return On Your Investment
Chapter 10
Implementing A Multi-Factor Password Authentication Infrastructure
Chapter 11
The Bottom Line
About The Author
Resources
Bibliography
A Closing Note from Me
I believe…
…that an individual’s personal information should ideally remain in their possession. When your identity is handed over to or managed by a third party, you can lose both your identity and your security.
Identity has become the technology that interfaces with digital devices, software, and the Internet. Technology has been changing and directing how we operate in the world for as long as it has been in existence. It’s time to turn the tide and begin directing technology to operate in ways that work for individuals. Humans should be telling digital devices not just what we want them to do, but also how we want them to do it, not the other way around.
Secure authentication is no exception. Instead of being a slave to passwords and the technologies that require them, let me show you how to make technology bend to your will by Making Passwords Secure.
Dovell Bonnett Founder and CEO of Access Smart
Introduction
The information in this book is a game changer for both business people and technical people. Business owners, corporate officers, agency managers, and financial decision makers will gain a high-level understanding about what the IT administrator or Chief Information and Security Officer (CISO) worries about and needs in order to protect the business.
The CISO, IT Administrator, and other technology recommenders will gain a greater appreciation for what the business side must have to create purchasing approvals and be better able to communicate what they need, without bogging the business folks down with tech speak.
By arming you with targeted information to make informed decisions about cybersecurity technology, this book is designed to help you implement the best security solution for your organization, become a hero in the boardroom, and protect against a security breach that would seriously damage your company.
It is essential for everyone to understand the one link in your company’s computer security chain that is the most ignored and overlooked hole in cybersecurity:
User Authentication and the Management of Passwords.
There are those in the computer security industry who claim that passwords are dead. They are wrong. You’ll learn why in Chapter 1. There are those who believe passwords are insecure. They, too, are wrong. That’s in Chapter 2. There are those who claim that certificate-based authentication is super-secure and is the only way to protect data. They are only partially correct because certificates are not as strong as they would like you to believe. That’s in Chapters 3 and 7. In Chapters 4 and 5, you will learn how many companies, even ones with extensive backend security, could be leaving their virtual front door unlocked. And if anyone ever tries to convince you there is no way to calculate cybersecurity’s Return On Investment, have them read Chapter 9. Finally, Chapter 10 will give you a step-by-step plan to implement the right cybersecurity infrastructure for your situation. These are just a few reasons to read this book.
The many mistaken and incomplete understandings about cybersecurity that are commonplace today drove me to write this book. The truth in this book may not set you free, but it will save you time, money, and valuable resources.
In November 2014, I was invited by a very large computer software company to learn about their newest product and the latest security features they had implemented to protect their customers’ information. While the presenter spoke, I sat quietly listening and nodding, but expressing no excitement or praise for what they were conveying. Afterward, the presenter came over to me and asked me point-blank if I was impressed with what they had done. I told him I was impressed, but I had one simple question. The conversation went something like this:
Dovell: How do you log in to your software?
Presenter: With a confused, but also ‘you’re an idiot’ look on his face, he said, With your computer.
Dovell: Yes, I understand. But how do you log in to your software?
Presenter: In a perturbed voice, he said, With your user account information.
Dovell: Right. That’s great. But how do you log in to the software?
Presenter: Now, in a tone of almost pure disgust and a ‘Why am I wasting my time with you’ attitude, he said, With your user name and password.
Dovell: Exactly! And as soon as my password is stolen, all that amazing backend security no longer matters.
That was the moment when he finally understood the importance of secure authentication. The software was Microsoft’s Azure. After that meeting, I worked with Microsoft to put out a press release announcing how Power LogOn® and Azure together secures your data from fingertips to storage.
Cybersecurity needs to start when the computer is first turned on. If just anyone can turn on your computer, all security bets are off. If you wait until the user is past the firewall to authenticate him, you are too late.
As the owner, manager, or chief officer of a business or agency, you are responsible for funding cybersecurity investments. If you don’t understand what you are buying and why you need it (or don’t need it,) then how can you know if you are making the right