Why your password sucks

•Télécharger en tant que PPTX, PDF•

0 j'aime•445 vues

Jerry Gamblin

Why your password sucks and how to fix it talk from the Ignite COMO event last night.

Technologie Divertissement et humour

Rank These Passwords by “secureness” Missouri Fr33 b33r F(3)*4%1q1Ff! hotwings are awesome

Ranked by security… hotwings are awesome F(3)*4%1q1Ff! Fr33 b33r Missouri

We told you a great password is.. 8 Characters Long. Has a few symbols. Has uppercase letters. Has lowercase letters. Has a number in it.

We told you a great password isn't… A word in the dictionary. Your dogs name. Your kids names. Your favorite sports team. Anything easy to remember

We told you these rocked… 2K1ds@hm <3Truman

The truth is they suck… 2K1ds@hm Can be cracked in 1.12 Minutes <3Truman Can be cracked in 1.22 Minutes All times taken from https://www.grc.com/haystack

Why did we lie to you? 5 years ago brute forcing passwords was nearly impossible. If your password wasn’t in the dictionary you were pretty safe.

Then along came Amazon $1.60 an hour I can have the power of8 3.0 GHZ server at my disposal. Can processes a billion passwords attempts second.

At that speed… A 8 character password can be brute forced in under 90 seconds.

How do we fix it? BY NEVER USING THE WORD “PASSWORD” AGAIN.

How do we fix it? INSTEAD THE NEW WORD IS:PASSPHRASE

Rules for a good passphrase At least 15 characters long. The longer the better. “That’s what she said?” Use whatever words you want. Make it easy to remember.

My last passphrase was… Landon loves to swing

That passphrase is… 21 characters long It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster.

In five years… Computers will be faster and passphrases will be as crappy as passwords. Sorry

2FA is next! Two Factor Authenticationis something you know, and something you have.

Thank you for your time… Go change your passphrases!

Contenu connexe

En vedette

Chapter4.6

Youtubeři v Čechách

Em Dash Usage

Chapter2.6

Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...

NAFCU Services Corporation

The Consumer Marketplace in an Ageing Society

ILC- UK

Notes 2.6 2013

nglaze10

2012 Ford Mustang For Sale NE | Ford Dealer Nebraska

Parts of body

цахим 2в

Walla faces dinner

Licence to Play interactive E-brochure

Annemarie Steen

Metlifewebsitepresentation

ashleymannes

Intro to Pattern Lab

Paul Stonier

Email Split Testing is Essential for Profitability

Email Delivered

New week 4

nglaze10

En vedette (16)

Chapter4.6

Youtubeři v Čechách

Em Dash Usage

Chapter2.6

Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...

The Consumer Marketplace in an Ageing Society

Notes 2.6 2013

2012 Ford Mustang For Sale NE | Ford Dealer Nebraska

Parts of body

цахим 2в

Walla faces dinner

Licence to Play interactive E-brochure

Metlifewebsitepresentation

Intro to Pattern Lab

Email Split Testing is Essential for Profitability

New week 4

Similaire à Why your password sucks

Computer Privacy:Passwords-Mike B.

Mike Barker

Passphrases presentation rev1

Dale Rapp

Password Policies

allengalvan

How to Create a Quality Password

Patrick Dierschke

Passwords, Passwords and more Passwords

clcewing

UX of Passwords | Refresh Seattle | Claire Carlson

TheNextUX

Similaire à Why your password sucks (6)

Computer Privacy:Passwords-Mike B.

Passphrases presentation rev1

Password Policies

How to Create a Quality Password

Passwords, Passwords and more Passwords

UX of Passwords | Refresh Seattle | Claire Carlson

Dernier

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

This presentation explores the impact of HTML injection attacks on web applications, detailing how attackers exploit vulnerabilities to inject malicious code into web pages. Learn about the potential consequences of such attacks and discover effective mitigation strategies to protect your web applications from HTML injection vulnerabilities. for more information visit https://bostoninstituteofanalytics.org/category/cyber-security-ethical-hacking/

HTML Injection Attacks: Impact and Mitigation Strategies

Boston Institute of Analytics

Advantages of Hiring UIUX Design Service Providers for Your Business

Pixlogix Infotech

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

[2024]Digital Global Overview Report 2024 Meltwater.pdf

hans926745

Dernier (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024

How to Troubleshoot Apps for the Modern Connected Worker

Apidays New York 2024 - The value of a flexible API Management solution for O...

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

Handwritten Text Recognition for manuscripts and early printed texts

Boost PC performance: How more available memory can improve productivity

The 7 Things I Know About Cyber Security After 25 Years | April 2024

A Year of the Servo Reboot: Where Are We Now?

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

What Are The Drone Anti-jamming Systems Technology?

HTML Injection Attacks: Impact and Mitigation Strategies

Advantages of Hiring UIUX Design Service Providers for Your Business

Boost Fertility New Invention Ups Success Rates.pdf

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Exploring the Future Potential of AI-Enabled Smartphone Processors

Driving Behavioral Change for Information Management through Data-Driven Gree...

GenAI Risks & Security Meetup 01052024.pdf

[2024]Digital Global Overview Report 2024 Meltwater.pdf

Why your password sucks

1. Why Your Password Sucks And how to fix it.

2. Rank These Passwords by “secureness” Missouri Fr33 b33r F(3)*4%1q1Ff! hotwings are awesome

3. Ranked by security… hotwings are awesome F(3)*4%1q1Ff! Fr33 b33r Missouri

4. We told you a great password is.. 8 Characters Long. Has a few symbols. Has uppercase letters. Has lowercase letters. Has a number in it.

5. We told you a great password isn't… A word in the dictionary. Your dogs name. Your kids names. Your favorite sports team. Anything easy to remember

6. We told you these rocked… 2K1ds@hm <3Truman

7. We were wrong!!!!(Seriously)

8. The truth is they suck… 2K1ds@hm Can be cracked in 1.12 Minutes <3Truman Can be cracked in 1.22 Minutes All times taken from https://www.grc.com/haystack

9. Why did we lie to you? 5 years ago brute forcing passwords was nearly impossible. If your password wasn’t in the dictionary you were pretty safe.

10. Then along came Amazon $1.60 an hour I can have the power of8 3.0 GHZ server at my disposal. Can processes a billion passwords attempts second.

11. At that speed… A 8 character password can be brute forced in under 90 seconds.

12. How do we fix it? BY NEVER USING THE WORD “PASSWORD” AGAIN.

13. How do we fix it? INSTEAD THE NEW WORD IS:PASSPHRASE

14. Rules for a good passphrase At least 15 characters long. The longer the better. “That’s what she said?” Use whatever words you want. Make it easy to remember.

15. My last passphrase was… Landon loves to swing

16. That passphrase is… 21 characters long It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster.

17. In five years… Computers will be faster and passphrases will be as crappy as passwords. Sorry

18. 2FA is next! Two Factor Authenticationis something you know, and something you have.

19. Free 2FA Facebook Google Most Banks

20. Thank you for your time… Go change your passphrases!

Why your password sucks

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (16)

Similaire à Why your password sucks

Similaire à Why your password sucks (6)

Dernier

Dernier (20)

Why your password sucks