Talks/passwortmanager/slides.html

<!doctype html>
<html>
	<head>
		<meta charset="utf-8">
		<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">

		<title>reveal.js</title>

		<link rel="stylesheet" href="../reveal.js-4.3.1/dist/reset.css">
		<link rel="stylesheet" href="../reveal.js-4.3.1/dist/reveal.css">
		<link rel="stylesheet" href="../reveal.js-4.3.1/dist/theme/serif.css">

		<!-- Theme used for syntax highlighted code -->
		<link rel="stylesheet" href="../reveal.js-4.3.1/plugin/highlight/monokai.css">
	</head>
	<body>
		<div class="reveal">
			<div class="slides">
<!-- begin slides -->

				<section>
					<h3>Schlüsselbrett</h3>
					<img class="stretch plain" src="res/keys.jpg" />
					<h4>Passwortsicherheit und Passwortmanager</h4>
					<small>
						<p>CC-BY-SA 2022-08 Helix/RaumZeitLabor</p>
						<p>Dauer: ca. 20 min</p>
					</small>
				</section>
				
				<section>
					<section>
						<h3>Was definiert ein sicheres Passwort?</h3>
						<ul class="fragment">
							<li>Passwortlänge</li>
							<li class="fragment">Komplexität / Erratbarkeit</li>
							<li class="fragment">Merkbarkeit / Übertragbarkeit</li>
							<li class="fragment">Einzigartigkeit.</li>
						</ul>
					</section>
					
				</section>

				<section>
					<h4>Je länger, desto besser</h4>
					<div class="fragment">
						<p>aber:</p>
						<small><p>passwort passwort passwort passwort passwort passwort</p></small>
					</div>
				</section>
					
				<section>
					<h4>Komplexität / Erratbarkeit</h4>
					<p class="fragment">Leicht zu erratende Passwörter:</p>
					<ul class="fragment">
						<li>Passwortlisten, Namen, Wörterbücher</li>
						<li class="fragment">Sequenzen <i>(abcde, 13579)</i></li>
						<li class="fragment">Wiederholungen <i>(aaa, 111, 131313)</i></li>
						<li class="fragment">Transformationen <i>(1337$peak)</i></li>
						<li class="fragment">Tastatur <i>(qwertz, iuhbv, xvlcw)</i></li>
						<li class="fragment">Jahreszahlen und Kalenderdaten</li>
					</ul>
				</section>
				
				<section>
					<section>
						<h4>Merkbarkeit / Übertragbarkeit</h4>
					</section>

					<section>
						<h4>korrekt pferd batterie stapel</h4>
					</section>
					
					<section  data-transition="fade-in">
						<img class="plain" src="res/password_strength-1.png" />
					</section>
					
					<section data-transition="fade-in">
						<img class="plain" src="res/password_strength-2.png" />
					</section>
					
					<section data-transition="fade-in">
						<img class="plain" src="res/password_strength-3.png" />
					</section>
					
					<section data-transition="fade-in">
						<img class="plain" src="res/password_strength-4.png" />
					</section>
					
					<section data-transition="fade-in">
						<img class="plain" src="res/password_strength-5.png" />
					</section>
					
					<section data-transition="fade-in">
						<img class="plain" src="res/password_strength-6.png" />
					</section>
					
					<section data-transition="fade-in">
						<img class="plain" src="res/password_strength-7.png" />
					</section>
				</section>
				
				<section>
					<h4>Einzigartigkeit</h4>
					<h3>Jedes Passwort nur ein Mal benutzen!</h3>
				</section>
				
				<section>
					<section>
						<h3>Passwortmanager</h3>
					</section>
					
					<section>
						<h4><img class="plain" style="height:1em;margin:0 0 -.15em 0" src="res/keepassxc-logo.png" /> KeePassXC</h4>
						<ul class="fragment">
							<li>Frei und Open Source</li>
							<li class="fragment">für Windows, GNU/Linux, macOS</li>
							<li class="fragment">Download auf <a target="_blank" href="https://keepassxc.org">keepassxc.org</a></li>
						</ul>
					</section>
					
					<section>
						<h4>Screenshot von KeePassXC</h4>
						<img class="stretch plain" src="res/keepassxc-screenshot.png" />
					</section>
					
					<section>
						<h4>Wie funktioniert ein Passwortmanager?</h4>
						<ul class="fragment">
							<li>Datenbank aller Passwörter</li>
							<li class="fragment">Verschlüsselt</li>
							<li class="fragment">Geschützt mit: Masterpasswort, Keyfile, <abbr title="Timed One Time Password">TOTP</abbr></li>
						</ul>
					</section>
				</section>
				
				<section>
					<section>
						<h3>Tipps zum Umgang mit Passwörtern und Passwort-Datenbanken</h3>
					</section>
					
					<section>
						<h4>Passwörter</h4>
						<ul class="fragment">
							<li>ausreichend lang</li>
							<li class="fragment">schwer erratbar (von Mensch <i>und</i> Maschine)</li>
							<li class="fragment">leicht übertragbar <small>wenn es sein muss</small></li>
							<li class="fragment">nicht mehrfach verwenden!</li>
						</ul>
					</section>
					
					<section>
						<h4>Einmalpasswörter</h4>
						<ul class="fragment">
							<li>mit Google Authenticator oder FreeOTP generieren</li>
							<li class="fragment">sichern (Seeds)</li>
							<li class="fragment">das Gerät nicht verlieren</li>
						</ul>
					</section>
				</section>
				
				<section><!-- sources -->
					<h4>Quellen</h4>
					<small>
						<ul>
							<li>Titelbild: <a target="_blank" href="https://www.flickr.com/photos/ke-dickinson/7159943526">keys – ke-dickinson @ flickr</a></li>
							<li><a target="_blank" href="https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/wheeler">zxcvbn: Low-Budget Password Strength Estimation</a></li>
							<li><a target="_blank" href="https://xkcd.com/936/">XKCD-Comic "Password Strength"</a></li>
							<li><a target="_blank" href="https://diogomonica.com/2014/10/11/password-security-why-the-horse-battery-staple-is-not-correct/">Why the horse battery staple is not correct</a></li>
						</ul>
					</small>
					<hr />
					<h3>Danke für's Zuhören!</h3>
				</section><!-- /sources -->

<!-- end slides -->
			</div>
		</div>

		<script src="../reveal.js-4.3.1/dist/reveal.js"></script>
		<script src="../reveal.js-4.3.1/plugin/notes/notes.js"></script>
		<script src="../reveal.js-4.3.1/plugin/markdown/markdown.js"></script>
		<script src="../reveal.js-4.3.1/plugin/highlight/highlight.js"></script>
		<script>
			// More info about initialization & config:
			// - https://revealjs.com/initialization/
			// - https://revealjs.com/config/
			Reveal.initialize({
				hash: true,

				// Learn about plugins: https://revealjs.com/plugins/
				plugins: [ RevealMarkdown, RevealHighlight, RevealNotes ]
			});
		</script>
	</body>
</html>