Is That Password Long Enough?
From 35C3 Wiki
Revision as of 22:27, 28 December 2018 by Tjal (lecture slides added)
|Description||Is my 8-character long password secure? Why or why not? This talk looks into how passwords are threatened by brute-forcing and credential stuffing and what this means for password length - or not.|
|Keyword(s)||network, web, hacking, security, safety|
|Language||en - English |
en - English
(Click here to refresh this page.)
|Subtitle||Entry to medium level talk on whether long passwords really are that important.|
|Starts at||2018/12/28 20:30|
|Ends at||2018/12/28 21:15|
|Location||Room:Lecture room M1|
PDF at https://docdro.id/TAFudE8
How long does a password have to be in order to be safe: 6 chars, 8, 12, or 20? How many special characters does it need to include?
There is a consensus that passwords should generally be "long" and "complex" but what level of length/complexity is necessary, and will it safe us - from what exactly?
In this talk I want to talk about why a password's length can no longer be considered as the most important precondition for its security. We will look into what other threats there are to passwords and how they can be mitigated by increasing a password's length - or not. Other aspects of the talk include passwords used for encryption versus passwords used in web services and differences between threats that target users individually (such as activists, journalists, etc.) and threats that target everyone online.
This presentation is an easy to mid-level talk aimed at end users of the internet, journalists, activists but also software developers, system administrators, and those interested in IT security. People with advanced knowledge of IT security may not learn anything new.
35 Minutes talk, 10 minutes for discussion.
Twitter: @tuikc or User:tjal