SlideShare una empresa de Scribd logo

Why your password sucks

Descargar como PPTX, PDF
Jerry Gamblin
Jerry Gamblin

Why your password sucks and how to fix it talk from the Ignite COMO event last night.

TecnologíaEntretenimiento y humor
1 de 20
Why Your Password Sucks And how to fix it.
Rank These Passwords by “secureness” Missouri Fr33 b33r F(3)*4%1q1Ff! hotwings are awesome
Ranked by security… hotwings are awesome F(3)*4%1q1Ff! Fr33 b33r Missouri
We told you a great password is.. 8 Characters Long. Has a few symbols. Has uppercase letters. Has lowercase letters. Has a number in it.
We told you a great password isn't… A word in the dictionary. Your dogs name. Your kids names. Your favorite sports team. Anything easy to remember
We told you these rocked… 2K1ds@hm <3Truman
We were wrong!!!!(Seriously)
The truth is they suck… 2K1ds@hm Can be cracked in 1.12 Minutes <3Truman Can be cracked in 1.22 Minutes All times taken from https://www.grc.com/haystack
Why did we lie to you? 5 years ago brute forcing passwords was nearly impossible. If your password wasn’t in the dictionary you were pretty safe.
Then along came Amazon $1.60 an hour I can have the power of8 3.0 GHZ server at my disposal. Can processes a billion passwords attempts second.
At that speed… A 8 character password can be brute forced in under 90 seconds.
How do we fix it? BY NEVER USING THE WORD “PASSWORD” AGAIN.
How do we fix it? INSTEAD THE NEW WORD IS:PASSPHRASE
Rules for a good passphrase At least 15 characters long. The longer the better. “That’s what she said?” Use whatever words you want. Make it easy to remember.
My last passphrase was… Landon loves to swing
That passphrase is… 21 characters long It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster.
In five years… Computers will be faster and passphrases will be as crappy as passwords. Sorry
2FA is next! Two Factor Authenticationis something you know, and something you have.
Free 2FA Facebook Google Most Banks
Thank you for your time… Go change your passphrases!

Recomendados

Why your password sucks
Why your password sucksWhy your password sucks
Why your password sucksScott Wendling
 
Unmasking You
Unmasking YouUnmasking You
Unmasking YouJoshua Abraham
 
BelmarGomezCoverLetter
BelmarGomezCoverLetterBelmarGomezCoverLetter
BelmarGomezCoverLetterBelmar Gomez-Santiago
 
G3 Social Media Security
G3 Social Media SecurityG3 Social Media Security
G3 Social Media SecurityJerry Gamblin
 
NightLight Social Media and You
NightLight Social Media and YouNightLight Social Media and You
NightLight Social Media and YouJerry Gamblin
 
Facebook Security SMCMIDMO
Facebook Security SMCMIDMOFacebook Security SMCMIDMO
Facebook Security SMCMIDMOJerry Gamblin
 
Poch dela rosa_how to use google call phone.ppt
Poch dela rosa_how to use google call phone.pptPoch dela rosa_how to use google call phone.ppt
Poch dela rosa_how to use google call phone.pptpocholo_dlr
 
Bretelle1
Bretelle1Bretelle1
Bretelle1AJPagans
 

Recomendados

Why your password sucks
Why your password sucksWhy your password sucks
Why your password sucksScott Wendling
 
Unmasking You
Unmasking YouUnmasking You
Unmasking YouJoshua Abraham
 
BelmarGomezCoverLetter
BelmarGomezCoverLetterBelmarGomezCoverLetter
BelmarGomezCoverLetterBelmar Gomez-Santiago
 
G3 Social Media Security
G3 Social Media SecurityG3 Social Media Security
G3 Social Media SecurityJerry Gamblin
 
NightLight Social Media and You
NightLight Social Media and YouNightLight Social Media and You
NightLight Social Media and YouJerry Gamblin
 
Facebook Security SMCMIDMO
Facebook Security SMCMIDMOFacebook Security SMCMIDMO
Facebook Security SMCMIDMOJerry Gamblin
 
Poch dela rosa_how to use google call phone.ppt
Poch dela rosa_how to use google call phone.pptPoch dela rosa_how to use google call phone.ppt
Poch dela rosa_how to use google call phone.pptpocholo_dlr
 
Bretelle1
Bretelle1Bretelle1
Bretelle1AJPagans
 
Chapter4.6
Chapter4.6Chapter4.6
Chapter4.6nglaze10
 
Youtubeři v Čechách
Youtubeři v ČecháchYoutubeři v Čechách
Youtubeři v ČecháchTomas Pflanzer
 
Em Dash Usage
Em Dash UsageEm Dash Usage
Em Dash UsageAdvisors4Advisors
 
Chapter2.6
Chapter2.6Chapter2.6
Chapter2.6nglaze10
 
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...NAFCU Services Corporation
 
The Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing SocietyThe Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing SocietyILC- UK
 
Notes 2.6 2013
Notes 2.6 2013Notes 2.6 2013
Notes 2.6 2013nglaze10
 
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer NebraskaSidDillon Crete
 
Parts of body
Parts of bodyParts of body
Parts of bodydianallan
 
цахим 2в
цахим 2вцахим 2в
цахим 2вZaya80
 
Walla faces dinner
Walla faces dinnerWalla faces dinner
Walla faces dinnerdebhig
 
Licence to Play interactive E-brochure
Licence to Play interactive E-brochureLicence to Play interactive E-brochure
Licence to Play interactive E-brochureAnnemarie Steen
 
Metlifewebsitepresentation
MetlifewebsitepresentationMetlifewebsitepresentation
Metlifewebsitepresentationashleymannes
 
Intro to Pattern Lab
Intro to Pattern LabIntro to Pattern Lab
Intro to Pattern LabPaul Stonier
 
Email Split Testing is Essential for Profitability
Email Split Testing is Essential for ProfitabilityEmail Split Testing is Essential for Profitability
Email Split Testing is Essential for ProfitabilityEmail Delivered
 
New week 4
New week 4New week 4
New week 4nglaze10
 
Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.Mike Barker
 
Passphrases presentation rev1
Passphrases presentation rev1Passphrases presentation rev1
Passphrases presentation rev1Dale Rapp
 
Password Policies
Password PoliciesPassword Policies
Password Policiesallengalvan
 
How to Create a Quality Password
How to Create a Quality PasswordHow to Create a Quality Password
How to Create a Quality PasswordPatrick Dierschke
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwordsclcewing
 
UX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire CarlsonUX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire CarlsonTheNextUX
 

Más contenido relacionado

Destacado

Chapter4.6
Chapter4.6Chapter4.6
Chapter4.6nglaze10
 
Youtubeři v Čechách
Youtubeři v ČecháchYoutubeři v Čechách
Youtubeři v ČecháchTomas Pflanzer
 
Chapter2.6
Chapter2.6Chapter2.6
Chapter2.6nglaze10
 
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...NAFCU Services Corporation
 
The Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing SocietyThe Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing SocietyILC- UK
 
Notes 2.6 2013
Notes 2.6 2013Notes 2.6 2013
Notes 2.6 2013nglaze10
 
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer NebraskaSidDillon Crete
 
Parts of body
Parts of bodyParts of body
Parts of bodydianallan
 
цахим 2в
цахим 2вцахим 2в
цахим 2вZaya80
 
Walla faces dinner
Walla faces dinnerWalla faces dinner
Walla faces dinnerdebhig
 
Licence to Play interactive E-brochure
Licence to Play interactive E-brochureLicence to Play interactive E-brochure
Licence to Play interactive E-brochureAnnemarie Steen
 
Metlifewebsitepresentation
MetlifewebsitepresentationMetlifewebsitepresentation
Metlifewebsitepresentationashleymannes
 
Intro to Pattern Lab
Intro to Pattern LabIntro to Pattern Lab
Intro to Pattern LabPaul Stonier
 
Email Split Testing is Essential for Profitability
Email Split Testing is Essential for ProfitabilityEmail Split Testing is Essential for Profitability
Email Split Testing is Essential for ProfitabilityEmail Delivered
 
New week 4
New week 4New week 4
New week 4nglaze10
 

Destacado (16)

Chapter4.6
Chapter4.6Chapter4.6
Chapter4.6
 
Youtubeři v Čechách
Youtubeři v ČecháchYoutubeři v Čechách
Youtubeři v Čechách
 
Em Dash Usage
Em Dash UsageEm Dash Usage
Em Dash Usage
 
Chapter2.6
Chapter2.6Chapter2.6
Chapter2.6
 
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
 
The Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing SocietyThe Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing Society
 
Notes 2.6 2013
Notes 2.6 2013Notes 2.6 2013
Notes 2.6 2013
 
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
 
Parts of body
Parts of bodyParts of body
Parts of body
 
цахим 2в
цахим 2вцахим 2в
цахим 2в
 
Walla faces dinner
Walla faces dinnerWalla faces dinner
Walla faces dinner
 
Licence to Play interactive E-brochure
Licence to Play interactive E-brochureLicence to Play interactive E-brochure
Licence to Play interactive E-brochure
 
Metlifewebsitepresentation
MetlifewebsitepresentationMetlifewebsitepresentation
Metlifewebsitepresentation
 
Intro to Pattern Lab
Intro to Pattern LabIntro to Pattern Lab
Intro to Pattern Lab
 
Email Split Testing is Essential for Profitability
Email Split Testing is Essential for ProfitabilityEmail Split Testing is Essential for Profitability
Email Split Testing is Essential for Profitability
 
New week 4
New week 4New week 4
New week 4
 

Similar a Why your password sucks

Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.Mike Barker
 
Passphrases presentation rev1
Passphrases presentation rev1Passphrases presentation rev1
Passphrases presentation rev1Dale Rapp
 
Password Policies
Password PoliciesPassword Policies
Password Policiesallengalvan
 
How to Create a Quality Password
How to Create a Quality PasswordHow to Create a Quality Password
How to Create a Quality PasswordPatrick Dierschke
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwordsclcewing
 
UX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire CarlsonUX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire CarlsonTheNextUX
 

Similar a Why your password sucks (6)

Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.
 
Passphrases presentation rev1
Passphrases presentation rev1Passphrases presentation rev1
Passphrases presentation rev1
 
Password Policies
Password PoliciesPassword Policies
Password Policies
 
How to Create a Quality Password
How to Create a Quality PasswordHow to Create a Quality Password
How to Create a Quality Password
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwords
 
UX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire CarlsonUX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire Carlson
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbuapidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

Último (20)

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Why your password sucks

  • 1. Why Your Password Sucks And how to fix it.
  • 2. Rank These Passwords by “secureness” Missouri Fr33 b33r F(3)*4%1q1Ff! hotwings are awesome
  • 3. Ranked by security… hotwings are awesome F(3)*4%1q1Ff! Fr33 b33r Missouri
  • 4. We told you a great password is.. 8 Characters Long. Has a few symbols. Has uppercase letters. Has lowercase letters. Has a number in it.
  • 5. We told you a great password isn't… A word in the dictionary. Your dogs name. Your kids names. Your favorite sports team. Anything easy to remember
  • 6. We told you these rocked… 2K1ds@hm <3Truman
  • 8. The truth is they suck… 2K1ds@hm Can be cracked in 1.12 Minutes <3Truman Can be cracked in 1.22 Minutes All times taken from https://www.grc.com/haystack
  • 9. Why did we lie to you? 5 years ago brute forcing passwords was nearly impossible. If your password wasn’t in the dictionary you were pretty safe.
  • 10. Then along came Amazon $1.60 an hour I can have the power of8 3.0 GHZ server at my disposal. Can processes a billion passwords attempts second.
  • 11. At that speed… A 8 character password can be brute forced in under 90 seconds.
  • 12. How do we fix it? BY NEVER USING THE WORD “PASSWORD” AGAIN.
  • 13. How do we fix it? INSTEAD THE NEW WORD IS:PASSPHRASE
  • 14. Rules for a good passphrase At least 15 characters long. The longer the better. “That’s what she said?” Use whatever words you want. Make it easy to remember.
  • 15. My last passphrase was… Landon loves to swing
  • 16. That passphrase is… 21 characters long It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster.
  • 17. In five years… Computers will be faster and passphrases will be as crappy as passwords. Sorry
  • 18. 2FA is next! Two Factor Authenticationis something you know, and something you have.
  • 19. Free 2FA Facebook Google Most Banks
  • 20. Thank you for your time… Go change your passphrases!