Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
48 lines (38 sloc) 3.74 KB

Code for DC CryptoParty Agenda

July 31, 2018

Passwords and MFA

Intro

Bring your phone, tablet, computer, or pen/paper to follow along!

Code for DC CryptoParty Ethos

Privacy is a fundamental human right. It is recognized in many countries to be as central to individual human dignity and social values as Freedom of Association and Freedom of Speech. Privacy is where we draw the line on how far a society can intrude into our personal lives. It is user-defined and varies between individuals. You are the steward of your identity. You are the only person who has the right to disclose your personal story.

Remember to join #cryptoparty on Code for DC's Slack.

Passwords

Passwords are a primary point of vulnerability.
Some general guidelines for creating strong passwords include:

  • Passwords shouldn’t relate to personal details.
  • Passwords should contain a mix of more than 8 letters and other characters.
  • Create strong, random passwords with a password generator, like the one found at https://passwordsgenerator.net/.
  • Avoid using the same password across multiple platforms. Use a password manager to store your passwords. A good password manager is encrypted (end-to-end if cloud-based). Some good examples of password managers include:
  • 1Password
  • LastPass
  • Google Passwords

20 minutes break to eat pizza, chat, and change passwords

MFA

Multi-Factor Authentication
After you've strengthened your passwords, an additional step can be taken towards improving security hygiene through multi-factor authentication. The "multi-factor" term refers to using an additional step in conjunction with a strong password. Similar to turning two keys to launch a missile, setting up MFA provides an added layer of security in the event a password is compromised. Most common services support MFA. You can use email or SMS to receive MFA codes, but these can be more easily intercepted, particularly if your email is compromised. Skimming SMS messages off the air is fairly simple.

A recommended practice is to use an authenticator app such as:

Instructions for some common platforms can be found below:

Next Time

August 20, 2018

  • Off-the-record messaging with Signal and browsing with TOR.

Want to lead a CryptoParty?

Is there a topic in digital security you're particularly interested in? Leading a CryptoParty is a great way to learn more about emerging cryptographic and security concepts. We are looking for folks with all kinds of backgrounds and interests to share their knowledge and interest. Talk to @csethna or @Ed O. on Slack if you're interested!

You can’t perform that action at this time.