密码管理器：治标不治本？.pdf

1、#SECTORCA SecTorCAPassword Managers:A Band-Aid to Cure a Headache?Olivier Bilodeau&Andreanne Bergeron|October 2024#SECTORCA SecTorCAAndranne BergeronCybersecurity Researcher Director,GoSecureAffiliate Professor,Universit de MontralCo-VP Engagement and Outreach,NorthSecBoard Member,Canadian Cybersecu

2、rity NetworkOlivier BilodeauCybersecurity Researcher,FlarePresident,NorthSecTraining sessions,Conference and CTF in MontralCo-founder of MontrHackApplied Security Workshops Enthusiastic Serial Speaker(7thSecTor)#SECTORCA SecTorCA#SECTORCA SecTorCAPassword ManagersStore and manage credentialsGenerate

3、 random passwordsEncrypted databaseCan keep other secrets#SECTORCA SecTorCAProtect Non-Experts#SECTORCA SecTorCAAwarenessMany non-expert users are not aware that it existsBetween 70 and 80%of people do not use a password manager.#SECTORCA SecTorCAAwarenessMany non-expert users are not aware that it

4、exists9q#SECTORCA SecTorCAAn analogySource#SECTORCA SecTorCAAwarenessNon-expert users do not see the added value of using it69%of online adults say they do not worry about how secure their online passwords are#SECTORCA SecTorCAAwareness#SECTORCA SecTorCAYet ANOTHER toolExtra effort15#SECTORCA SecTor

5、CAYet ANOTHER toolExtra effort#SECTORCA SecTorCAAn AnalogyAn analogy#SECTORCA SecTorCAYet ANOTHER great toolPassword generator built-inPassword rotation easy and secure(generate,store,use)Allows for gradual roll-out19#SECTORCA SecTorCAWhich One Are You?#SECTORCA SecTorCAYet ANOTHER toolNot a solutio

6、n against all other security recommendationsExample:Password rotationMFA#SECTORCA SecTorCAYet ANOTHER toolNot a solution against all other security recommendationsExample:Password rotationMFA#SECTORCA SecTorCAPassword Rotation#SECTORCA SecTorCAMulti-Factor Authentication#SECTORCA SecTorCAThe Single