Explore the latest research on preventing weak passwords in this conference talk from PasswordsCon 2014. Dive into the current state of password security, examining password requirements, measuring security, and analyzing guessability. Learn about the collection and responsible handling of real, high-value passwords, and compare their characteristics to simulated data. Discover techniques for measuring password strength, including the use of Probabilistic Context-Free Grammars (PCFGs) for long passwords. Investigate the effectiveness of password strength meters and gain insights into ongoing work in the field. Join Sean Segreti and Blase Ur as they present highlights from Carnegie Mellon University's recent work on creating more secure and usable password policies.
Overview
Syllabus
The posswords
Current state of affairs Password Requirements
Measuring security
Weir et al.'s PCFG
Guess number graphs
Usability metrics
Collecting passwords
Real, high-value passwords
Accessing data responsibly
Collected vs. real passwords Real CMU passwords
Metrics for comparison
Characteristics vs. strength
Guessability by affiliation
Measuring password strength by simulating password-cracking algorithms
PCFG for long passwords
Long password policies
Visual differences
Scoring differences
Password strength meters
Ongoing work
The continuing quest for secure and usable passwords
