Difference between revisions of "Is That Password Long Enough?"

From 35C3 Wiki

(lecture slides added)
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
{{Session
 
{{Session
 
|Is for kids=No
 
|Is for kids=No
|Has description=Is my 8-character long password secure? Why or why not? This talk looks into reasonable password lengths.
+
|Has description=Is my 8-character long password secure? Why or why not? This talk looks into how passwords are threatened by brute-forcing and credential stuffing and what this means for password length - or not.
 +
|Has website=https://docdro.id/TAFudE8
 
|Has session keywords=network, web, hacking, security, safety
 
|Has session keywords=network, web, hacking, security, safety
 
|Is organized by=Tjal
 
|Is organized by=Tjal
Line 7: Line 8:
 
}}
 
}}
 
{{Event
 
{{Event
|Has subtitle=Entry to medium level talk
+
|Has subtitle=Entry to medium level talk on whether long passwords really are that important.
 
|Has start time=2018/12/28 20:30
 
|Has start time=2018/12/28 20:30
 
|Has duration=45
 
|Has duration=45
Line 13: Line 14:
 
|GUID=9f3a6677-5d19-40f7-8476-3f55daeec545
 
|GUID=9f3a6677-5d19-40f7-8476-3f55daeec545
 
}}
 
}}
;Topic
+
==Lecture Slides==
 +
PDF at https://docdro.id/TAFudE8
 +
 
 +
==Topic==
 +
 
 
How long does a password have to be in order to be safe: 6 chars, 8, 12, or 20?  
 
How long does a password have to be in order to be safe: 6 chars, 8, 12, or 20?  
 
 
How many  special characters  does it need to include?  
 
How many  special characters  does it need to include?  
  
There is a consensus that passwords should generally be "long" and "complex" but what level of length/complexity is ''''actually'''' useful?
+
There is a consensus that passwords should generally be "long" and "complex" but what level of length/complexity is necessary, and will it safe us - from what exactly?
 
 
  
In this talk I want to talk about reasonable password lengths for passwords that you may use personally or professionally. We will look into how passwords are threatened by brute-forcing and credential stuffing and what influence this should have on a password's length - or not.
+
In this talk I want to talk about why a password's length can no longer be considered as the most important precondition for its security. We will look into what other threats there are to passwords and how they can be mitigated by increasing a password's length - or not.
Other aspects of the talk include two-factor authentification, passwords used for encryption versus passwords used in web services, and strategies against password reusage.
+
Other aspects of the talk include passwords used for encryption versus passwords used in web services and differences between threats that target users individually (such as activists, journalists, etc.) and threats that target everyone online.
  
 
;Level
 
;Level
This presentation is an easy to mid-level talk aimed at endusers of the internet, journalists, activists but also software developers, system administrators, and those interested in IT security.  People with advanced knowledge of IT security may not learn anything new.
+
This presentation is an easy to mid-level talk aimed at end users of the internet, journalists, activists but also software developers, system administrators, and those interested in IT security.  People with advanced knowledge of IT security may not learn anything new.
  
 
;Time
 
;Time
30 Minutes talk, 15 minutes for discussion.
+
35 Minutes talk, 10 minutes for discussion.
  
 
;Contact
 
;Contact
 
Twitter: @tuikc or  [[User:tjal]]
 
Twitter: @tuikc or  [[User:tjal]]

Latest revision as of 23:27, 28 December 2018

Description Is my 8-character long password secure? Why or why not? This talk looks into how passwords are threatened by brute-forcing and credential stuffing and what this means for password length - or not.
Website(s) https://docdro.id/TAFudE8
Type
Kids session No
Keyword(s) network, web, hacking, security, safety
Person organizing Tjal
Language en - English
en - English
Other sessions... ... further results

(Click here to refresh this page.)

Subtitle Entry to medium level talk on whether long passwords really are that important.
Starts at 2018/12/28 20:30
Ends at 2018/12/28 21:15
Duration 45 minutes
Location Room:Lecture room M1

Lecture Slides

PDF at https://docdro.id/TAFudE8

Topic

How long does a password have to be in order to be safe: 6 chars, 8, 12, or 20? How many special characters does it need to include?

There is a consensus that passwords should generally be "long" and "complex" but what level of length/complexity is necessary, and will it safe us - from what exactly?

In this talk I want to talk about why a password's length can no longer be considered as the most important precondition for its security. We will look into what other threats there are to passwords and how they can be mitigated by increasing a password's length - or not. Other aspects of the talk include passwords used for encryption versus passwords used in web services and differences between threats that target users individually (such as activists, journalists, etc.) and threats that target everyone online.

Level

This presentation is an easy to mid-level talk aimed at end users of the internet, journalists, activists but also software developers, system administrators, and those interested in IT security. People with advanced knowledge of IT security may not learn anything new.

Time

35 Minutes talk, 10 minutes for discussion.

Contact

Twitter: @tuikc or User:tjal