Code for DC CryptoParty Agenda
July 31, 2018
Passwords and MFA
Bring your phone, tablet, computer, or pen/paper to follow along!
Code for DC CryptoParty Ethos
Privacy is a fundamental human right. It is recognized in many countries to be as central to individual human dignity and social values as Freedom of Association and Freedom of Speech. Privacy is where we draw the line on how far a society can intrude into our personal lives. It is user-defined and varies between individuals. You are the steward of your identity. You are the only person who has the right to disclose your personal story.
Remember to join
#cryptoparty on Code for DC's Slack.
Passwords are a primary point of vulnerability.
Some general guidelines for creating strong passwords include:
- Passwords shouldn’t relate to personal details.
- Passwords should contain a mix of more than 8 letters and other characters.
- Create strong, random passwords with a
password generator, like the one found at https://passwordsgenerator.net/.
- Avoid using the same password across multiple platforms.
Use a password manager to store your passwords. A good password manager is
encrypted(end-to-end if cloud-based). Some good examples of password managers include:
- Google Passwords
20 minutes break to eat pizza, chat, and change passwords
After you've strengthened your passwords, an additional step can be taken towards improving security hygiene through multi-factor authentication. The "multi-factor" term refers to using an additional step in conjunction with a strong password. Similar to turning two keys to launch a missile, setting up MFA provides an added layer of security in the event a password is compromised. Most common services support MFA. You can use email or SMS to receive MFA codes, but these can be more easily intercepted, particularly if your email is compromised. Skimming SMS messages off the air is fairly simple.
A recommended practice is to use an authenticator app such as:
Instructions for some common platforms can be found below:
Want to lead a CryptoParty?
Is there a topic in digital security you're particularly interested in? Leading a CryptoParty is a great way to learn more about emerging cryptographic and security concepts. We are looking for folks with all kinds of backgrounds and interests to share their knowledge and interest. Talk to
@Ed O. on Slack if you're interested!