BE READY FOR CLASS Your laptop is required (tablets will not work for what you’re doing in this class.) Make sure you have a secured Internet connection.
SECURE PASSWORD MANAGEMENT
Malicious Hackers Steal Passwords: Discover How to Secure Your Passwords Now! a NAMS10 Workshop by Regina Smola and Christine Cobb @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
2
REGINA SMOLA
•
•
Web Security Expert • Hacker Attacker WordPress Security Consultant • Instructor & Speaker
Regina specializes in WordPress security services, website malware removal, individual consultations, and group training. @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
3
CHRISTINE COBB
• • •
•
WordPress Consultant Membership Site Developer Digital Content Producer Author & Speaker
Christine works with small businesses, coaches, authors and consultants to build and maintain effective business websites. @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
4
ARE YOUR PASSWORDS SECURE? If
a website is hacked and your combination of username and password is stolen, does the hacker have the keys to your kingdom?
How
quickly could a hacker guess your password? https://howsecureismypassword.net
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
5
TOP 20 PASSWORDS OF 2012 password 2. 123456 3. 12345678 4. abc123 5. qwerty 6. monkey 7. letmein 8. dragon 9. 111111 10. baseball 1.
iloveyou 12. trustno1 13. 1234567 14. sunshine 15. master 16. 123123 17. welcome 18. shadow 19. ashley 20. football 11.
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
6
WHAT IS A STRONG PASSWORD?
18 characters – or the longest the site allows if less
Minimum Every
password should be unique
Combination
of uppercase, lower case, numbers, AND symbols (if allowed)
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
7
WHAT IS A STRONG PASSWORD? It’s
too hard to remember
No
words in the dictionary, your dogs name, kids name, birthday, phone number, website name, etc.
Immediately
changing your password if a site is hacked (i.e. Twitter, Yahoo)
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
8
QUESTION
What’s the biggest reason people do not use strong passwords? Answer: They can’t remember them. @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
9
QUESTION
What’s the solution to using strong passwords that you can’t remember? Answer: Regina is going to show you how she solved this problem several years ago. @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
10
LASTPASS - PASSWORD MANAGER
Easily manage all your passwords with military-strength security! @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
11
WHY USE LASTPASS?
You only have to remember ONE master password Login with only one click It’s free to use on all computers Use on mobile devices – requires Premium Version $12/year @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
12
WHY USE LASTPASS?
Synchronizes your logins across all Internet browsers Protects you from phishing scams and online fraud Share passwords with your team – no more emailing passwords @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
13
INSTALL LASTPASS 1.
Go to http://lastpass.com
2.
Click “Download LastPass” button
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
14
INSTALL LASTPASS 3.
4.
Right-Click the next “Download” button
Save to your Desktop
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
15
INSTALL LASTPASS 5.
Go to your computer’s Desktop and find the LastPass file
6.
Click it to run (open) the program installation
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
16
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
17
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
18
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
19
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
20
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
21
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
22
MASTER PASSWORD EXAMPLE 1.
Write a phrase that you can remember with at least 6 words, example: Four score and seven years ago
2.
Write down the first initial of each word, capitalizing only the first one, example: Fsasya
3.
Add your year of birth to the end, example: Fsasya1964
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
23
MASTER PASSWORD EXAMPLE 4.
Add 2 symbols to the end, such as #, !, @, & *, etc. Example: Fsasya1964#!
Tada! You now have a 12 character strong Master password! IMPORTANT! DO NOT USE THIS PASSWORD ANYWHERE ELSE @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
24
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
25
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
26
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
27
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
28
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
29
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
30
YEAH! LASTPASS IS INSTALLED
You can now open your browser to login to LastPass (Chrome, Firefox, Internet Explorer, etc.) @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
31
LOCATE LASTPASS TOOLBAR ICON
LastPass icon not logged in:
LastPass icon logged in:
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
32
3 WAYS TO LOGIN TO LASTPASS 1.
Go to http://lastpass.com and click “Sign in to LastPass”
Note: For demonstration purposes, do not login this way for now. @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
33
3 WAYS TO LOGIN TO LASTPASS 2.
Click the LastPass icon in your browser:
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
34
3 WAYS TO LOGIN TO LASTPASS 3.
Install LastPass app on your mobile device (requires Premium upgrade $12/yr) – (for a discount, contact us at http://passwordhelp.me)
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
35
PRACTICE SITE LOGIN 1.
Click the LastPass icon
2.
Click “Sites”
3.
Click a site to automagically login
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
36
GENERATE SECURE PASSWORDS
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
37
GENERATE SECURE PASSWORDS
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
38
ORGANIZE YOUR LOGINS 1.
Click on your LastPass icon
2.
Then click on “My LastPass Vault”
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
39
ORGANIZE YOUR LOGINS Open
the (none) group
◦ Think about what types of groups you want (i.e. Business, Clients, Social, Personal, etc.) ◦ You can have sub-groups too.
Note: If you don’t have any sites in the (none) group, think about the sites you visit most often. @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
40
ORGANIZE YOUR LOGINS Create
Groups and Sub-Groups (aka Folders) such as Business,
Social, Clients, Personal, etc.
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
41
ORGANIZE YOUR LOGINS Go
back to your (none) Group and drag and drop into the groups that you just set up
Delete
any obsolete or duplicate logins by clicking the Trash Can icon
Note: If you didn’t import browser logins, spend this time to setup a few new ones. @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
42
LASTPASS ICONS
Edit | Share | Delete
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
43
WAYS TO ACCESS YOUR SITES 1.
Accessing your sites from the LastPass icon > Sites > Group Name > sitename
2.
Go to the site you want to visit to automagically login
3.
Click the sitename from your LastPass Vault
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
44
RECOVERING DELETED SITES 1.
From inside your Vault, click the larger LastPass icon
2.
Click “Show Deleted Sites”
Note: **Deleted sites will be auto-purged (GONE) after 30 days of deletion. @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
45
PASSWORD SHARING TIPS Only
share with people you trust
◦ Is their computer secure? ◦ Are they using a secured network? ◦ Would you trust them to watch your child, pet, or house? Never
email passwords. Use LastPass Sharing – requires a LastPass account
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
46
PRACTICE SHARING 1.
From your Vault, click “Add Site”
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
47
PRACTICE SHARING 2.
Are you sure you want to add a site, click “Yes”
3.
URL: http://test.com
4.
Name: this is a test
5.
Group: Choose a group from the dropdown
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
48
PRACTICE SHARING 6.
Username: test
7.
Password: test
8.
Under Password, click [Show] (this is how you see your password)
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
49
PRACTICE SHARING
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
50
PRACTICE SHARING 1.
Inside your Vault, find your practice site “this is a test”
2.
Click the Share button
3.
Fill in the appropriate options
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
51
PRACTICE SHARING
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
52
PREMIUM SHARE FEATURES
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
53
UNSHARE / FIRE YOUR SHAREE 1.
From your Vault, click the “Share” tab
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
54
UNSHARE / FIRE YOUR SHAREE 2.
Click on the email address of the person that you want to unshare
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
55
UNSHARE / FIRE YOUR SHAREE 3.
Under the Action column, click the “Unshare” link
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
56
UNSHARE / FIRE YOUR SHAREE 4.
Let’s practice – Unshare the test login you just shared with someone
Note: Don’t forget to delete your test account when you’re done @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
57
EXPORT YOUR LOGIN DATA Backup
your logins at least quarterly in a CSV spreadsheet (Excel)
Store
backups in a safe location
◦ Protect the backup file with a password ◦ Don’t use your Master password ◦ Don’t name it password or lastpass @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
58
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
59
PERFORM SECURITY CHECK 1.
Open your LastPass Vault
2.
Click the “Security Check” button
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
60
PERFORM SECURITY CHECK 3.
In the new window, scroll down and click “Start the Challenge”
We will demonstrate how to run a live security check now @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
61
WOOHOO, YOU DID IT! You’ve just… Secured your logins Improved browser security Increased your security score Made it harder for bad guys to break in and steal your hard-earned cash! @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
62
Q&A
@2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
63
GET MORE PASSWORD HELP AND SECURITY TIPS http://passwordhelp.me PLEASE LEAVE YOUR FEEDBACK http://nams.ws/n10feedback @2013 Regina Smola, WPSecurityLock.com, Christine Cobb, ChrisCobbMarketing.com. All rights reserved.
64
64