Why Passwords Sucks and What Can You Do About It

Transcript

1. A N D W H AT Y O U C

   A N D O A B O U T I T W H Y PA S S W O R D S S U C K S

2. PA S S W O R D S Universal means

   of getting 
 ACCESS to ANYTHING
3. None
4. None
5. None

6. S E V E R A L A C C

   O U N T S L AT E R …
7. None

8. A L L I S G O O D U

   N T I L …
9. None
10. None

11. …

12. L E T ’ S T RY A G A

    I N R E L A X
13. None

14. T H I S W O R K S .

15. None
16. None
17. None
18. None
19. None
20. None
21. None
22. None
23. None
24. None
25. None

26. W H AT I F I H AV E O

    N E PA S S W O R D T H AT I S L I K E R E A L LY S T R O N G , Y O U K N O W ?

27. W H AT I F I H AV E O

    N E PA S S W O R D T H AT I S L I K E R E A L LY S T R O N G , Y O U K N O W ?

28. T H E R E A L P R O

    B L E M Password Reuse
29. None
30. None
31. None
32. None
33. None

34. PA S S W O R D C R A

    C K I N G

35. PA S S W O R D C R A

    C K I N G • The ability to crack passwords using computer programs is also a function of the number of possible passwords per second which can be checked. • For some password hash, desktop computer can test over a hundred million passwords per second or billions per second if a GPU-based cracking tool is used. • The rate of guessing heavily depends on the hashing function used and how strong the password is.

36. • A user selected 8 character password with numbers, mixed

    case and symbols with commonly selected password filtered out can be cracked in seconds if the hashing function is naive. • Some commercial products claim the ability to test almost 3 billion passwords per second on a desktop computer using a high-end graphics processor. Cracking a 10 letter single-case password in one day.

37. E A S Y T O R E M E

    M B E R , H A R D T O G U E S S • A password that is easy to remember is generally easy for an attacker to guess • A password that is difficult to remember reduce the security of a system since they are more likely to be written out, frequently reset or reused. Strict requirements on password creation usually cause this effect as well.

38. C L E A R LY, T H I S

    I S N O T W O R K I N G .
39. None

40. Tell me the Hard Way

41. Simple Formula for Strong Passwords

42. Input Rules Results in

43. None
44. None
45. None

46. – S I G M U N N . P

    O R T E R ( S O R TA ) “What about a Passphrase?”

47. A Passphrase is similar to a password in usage, but

    is generally longer for added security.

48. Passwords Passphrases Short 6-15 characters Frequently changed Longer 20-30 characters

    Resistent against dictionary attacks

49. Passwords Passphrases 12345 qwerty un4uth0r1z3d $s0m3P4ssw0rd$ The quick brown fox

    jumps over the lazy dog Now is the time for all good men to come to the aid of their country If you want to test a man's character give him power

50. T E S T I T ?

51. https://howsecureismypassword.net/

52. T W O FA C T O R A U

    T H E N T I C AT I O N 2 FA

53. https://twofactorauth.org/

54. Its based in 2 questions: What do you know? What

    do you have?

55. The Easy Way

56. PA S S W O R D M A N

    A G E R S
57. None
58. None
59. None
60. None