Explore the complexities of password security in this 32-minute conference talk from BSidesLV 2017. Delve into the limitations of traditional password strength metrics, examining why entropy calculations and brute-force resistance alone are insufficient. Investigate the impact of password rotation policies, the fallacy of relying solely on length, and the importance of considering human behavior in password creation. Learn about alternative approaches to measuring password strength, including the diceware method, and gain insights into creating more effective security policies. Discover why common practices like using usernames as passwords pose significant risks, and understand how to better educate users on secure password practices.
Rethinking Password Strength Beyond Brute-force Entropy
Overview
Syllabus
Intro
Why Do I Password?
Entropy of Password Lists
I hate rotating passwords!
Long Passwords Won't Save You
Alice Teaches Bob About Security
Bad Passwords, Usernames
Measuring Entropy
What was that diceware thing?
Taught by
BSidesLV
Related Courses
-
What's Wrong with Your Pa$$w0rd?
-
The Effect of Constraints on the Number of Viable Permutations of Passwords
-
Modern Times Passwords
-
Sex, Secret and God - A Brief History of Bad Passwords
-
Think Complex Passwords Will Save You?
-
Keep it Simple, Stupid - Why the Usual Password Policies Don't Work, and What to Do About It
