SlideShare ist ein Scribd-Unternehmen logo

Nicholas Dorans - The Evolution of Passwords

Als PPTX, PDF herunterladen
CSNP
CSNP

CSNP Chicago March 2020

Technologie
1 von 11
The Evolution of Passwords By Nicholas Dorans
Brief Overview • Introduction • Brief history of passwords • Best practices for passwords • Current state and future of passwords
I am Nicholas Dorans • Originally from New Jersey • Software developer for last 5 years • Password user for roughly 25 years • Main passions are biking, traveling and tacos
A Brief History of Passwords • First used in 1961, at MIT for use with the Compatible Time- Sharing System by Fernando Corbató • In 1962, Ph.D. researcher Allan Scherr “hacked” that system by printing out all of the passwords in plain text • In the 1970’s, Robert Morris developed a one-way encryption function for his UNIX operating system known as “hashing” • Bill Gates declares that the password is dead in 2004
Different Types of Password Cryptography • Encryption – two-way function that uses a key to encrypt and decrypt a password • Hashing – one-way function that will convert a password into a jumbled non-human readable string of letters and numbers • Hashing + salting – same as hashing but with a random characters pre-pended (or appended) to the password before it is hashed.
Problems With Passwords • Short ones are easy to remember but easy to hack • Long ones are harder to crack but harder to remember • Average computer user has roughly 90 different online accounts each with their own username/password - this can be overwhelming and lead to poor password hygiene
Best Practices for a User • Never use the same password for 2 or more accounts • Use strong passwords – combination of numbers, uppercase/lowercase letters, special characters with a minimum length of 8 (12 is better) • Use a password manager to help create strong unique passwords for each account
Best Password Ever????
Best Practices for Development • If you can avoid it, NEVER store passwords in your own database – use third party authentication services • If you can’t avoid it, apply hashing + salting to store passwords using well-designed key stretching algorithms such as PBKDF2, bcrypt or scrypt • Perform all hashing on the server side • Don’t accept top 200 commonly used passwords
Current and Future State of Passwords • Biometric options are available on most new smart phones – fingerprint, face and iris scanning • Strong standards for password creation on most online services • 2 factor authentication using rsa tokens or a physical device such as Yubikey • Research is currently opening the way for new types of biometrics, such as ear shape or facial thermography.
FIN

Empfohlen

2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptxssuser2f0fb0
 
Electronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordElectronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordNicholas Davis
 
Electronic authentication more than just a password
Electronic authentication more than just a passwordElectronic authentication more than just a password
Electronic authentication more than just a passwordNicholas Davis
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Electronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordElectronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordNicholas Davis
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
Password Management
Password ManagementPassword Management
Password ManagementRick Chin
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 

Empfohlen

2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptx2 Laymans Course - LAMP V2.pptx
2 Laymans Course - LAMP V2.pptxssuser2f0fb0
 
Electronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordElectronic Authentication More Than Just A Password
Electronic Authentication More Than Just A PasswordNicholas Davis
 
Electronic authentication more than just a password
Electronic authentication more than just a passwordElectronic authentication more than just a password
Electronic authentication more than just a passwordNicholas Davis
 
User authentication
User authenticationUser authentication
User authenticationCAS
 
Electronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordElectronic Authentication, More Than Just a Password
Electronic Authentication, More Than Just a PasswordNicholas Davis
 
CNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementCNIT 125 6. Identity and Access Management
CNIT 125 6. Identity and Access ManagementSam Bowne
 
Password Management
Password ManagementPassword Management
Password ManagementRick Chin
 
CISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementCISSP Prep: Ch 6. Identity and Access Management
CISSP Prep: Ch 6. Identity and Access ManagementSam Bowne
 
5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
International Data Privacy Day 2017
International Data Privacy Day 2017International Data Privacy Day 2017
International Data Privacy Day 2017Cherlowe Reinard Ramirez, MCTS
 
Internet security
Internet securityInternet security
Internet securityAntony Mathew
 
2018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 82018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 8FRSecure
 
Information and network security 28 blowfish
Information and network security 28 blowfishInformation and network security 28 blowfish
Information and network security 28 blowfishVaibhav Khanna
 
Security and Privacy Brown Bag
Security and Privacy Brown BagSecurity and Privacy Brown Bag
Security and Privacy Brown Bag501 Commons
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
 
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Jason Hong
 
Access Control System, BMS
Access Control System, BMSAccess Control System, BMS
Access Control System, BMSMohammad Azam Khan
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Hai Nguyen
 
password.ppt
password.pptpassword.ppt
password.pptKaxa5
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologiesNicholas Davis
 
Crypto academy
Crypto academyCrypto academy
Crypto academyPaul Gillingwater, MBA
 
2018 FRSecure CISSP Mentor Program- Session 5
2018 FRSecure CISSP Mentor Program- Session 52018 FRSecure CISSP Mentor Program- Session 5
2018 FRSecure CISSP Mentor Program- Session 5FRSecure
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsSecurity Innovation
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.pptajajkhan16
 
P1141218183
P1141218183P1141218183
P1141218183Ashraf Aboshosha
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaOlajide Kuku
 
Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)CSNP
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 

Weitere ähnliche Inhalte

Ähnlich wie Nicholas Dorans - The Evolution of Passwords

5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access ManagementSam Bowne
 
2018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 82018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 8FRSecure
 
Information and network security 28 blowfish
Information and network security 28 blowfishInformation and network security 28 blowfish
Information and network security 28 blowfishVaibhav Khanna
 
Security and Privacy Brown Bag
Security and Privacy Brown BagSecurity and Privacy Brown Bag
Security and Privacy Brown Bag501 Commons
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEChris Gates
 
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Jason Hong
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Hai Nguyen
 
password.ppt
password.pptpassword.ppt
password.pptKaxa5
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication TechnologiesNicholas Davis
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologiesNicholas Davis
 
2018 FRSecure CISSP Mentor Program- Session 5
2018 FRSecure CISSP Mentor Program- Session 52018 FRSecure CISSP Mentor Program- Session 5
2018 FRSecure CISSP Mentor Program- Session 5FRSecure
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsSecurity Innovation
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.pptajajkhan16
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application SecurityBruce Abernethy
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaOlajide Kuku
 

Ähnlich wie Nicholas Dorans - The Evolution of Passwords (20)

5. Identity and Access Management
5. Identity and Access Management5. Identity and Access Management
5. Identity and Access Management
 
International Data Privacy Day 2017
International Data Privacy Day 2017International Data Privacy Day 2017
International Data Privacy Day 2017
 
Internet security
Internet securityInternet security
Internet security
 
2018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 82018 FRSecure CISSP Mentor Program Session 8
2018 FRSecure CISSP Mentor Program Session 8
 
Information and network security 28 blowfish
Information and network security 28 blowfishInformation and network security 28 blowfish
Information and network security 28 blowfish
 
Security and Privacy Brown Bag
Security and Privacy Brown BagSecurity and Privacy Brown Bag
Security and Privacy Brown Bag
 
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINEPENETRATION TESTING FROM A HOT TUB TIME MACHINE
PENETRATION TESTING FROM A HOT TUB TIME MACHINE
 
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
 
Access Control System, BMS
Access Control System, BMSAccess Control System, BMS
Access Control System, BMS
 
Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01Authenticationtechnologies 120711134100-phpapp01
Authenticationtechnologies 120711134100-phpapp01
 
password.ppt
password.pptpassword.ppt
password.ppt
 
Authentication Technologies
Authentication TechnologiesAuthentication Technologies
Authentication Technologies
 
Authentication technologies
Authentication technologiesAuthentication technologies
Authentication technologies
 
Crypto academy
Crypto academyCrypto academy
Crypto academy
 
2018 FRSecure CISSP Mentor Program- Session 5
2018 FRSecure CISSP Mentor Program- Session 52018 FRSecure CISSP Mentor Program- Session 5
2018 FRSecure CISSP Mentor Program- Session 5
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software Systems
 
20-security.ppt
20-security.ppt20-security.ppt
20-security.ppt
 
P1141218183
P1141218183P1141218183
P1141218183
 
Fun with Application Security
Fun with Application SecurityFun with Application Security
Fun with Application Security
 
Authentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthauthaAuthentication Methods authauthauthauthauthautha
Authentication Methods authauthauthauthauthautha
 

Mehr von CSNP

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)CSNP
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareCSNP
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsCSNP
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyCSNP
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsTarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsCSNP
 
Elliptic Curves in Cryptography
Elliptic Curves in CryptographyElliptic Curves in Cryptography
Elliptic Curves in CryptographyCSNP
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareCSNP
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...CSNP
 
Complyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskComplyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskCSNP
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesCSNP
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsCSNP
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationCSNP
 

Mehr von CSNP (12)

Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)Brian Sanders - Business Electronic Compromise (BEC)
Brian Sanders - Business Electronic Compromise (BEC)
 
David Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & RansomwareDavid Klein - Defending Against Nation Sate Attackers & Ransomware
David Klein - Defending Against Nation Sate Attackers & Ransomware
 
Neil Desai - Data Driven Analytics
Neil Desai - Data Driven AnalyticsNeil Desai - Data Driven Analytics
Neil Desai - Data Driven Analytics
 
Emily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum CryptographyEmily Stamm - Post-Quantum Cryptography
Emily Stamm - Post-Quantum Cryptography
 
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World SystemsTarik Moataz - Encrypted Search: from Research to Real-World Systems
Tarik Moataz - Encrypted Search: from Research to Real-World Systems
 
Elliptic Curves in Cryptography
Elliptic Curves in CryptographyElliptic Curves in Cryptography
Elliptic Curves in Cryptography
 
DefendEdge - Negotiating Ransomware
DefendEdge - Negotiating RansomwareDefendEdge - Negotiating Ransomware
DefendEdge - Negotiating Ransomware
 
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
Cambridge Quantum Computing - The Need for Certifiable Quantum Encryption and...
 
Complyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber RiskComplyify Car Hacking & Cyber Risk
Complyify Car Hacking & Cyber Risk
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Aon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber CriminalsAon - Cyber Insurance in the World of Cyber Criminals
Aon - Cyber Insurance in the World of Cyber Criminals
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
 

Kürzlich hochgeladen

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Kürzlich hochgeladen (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Nicholas Dorans - The Evolution of Passwords

  • 1. The Evolution of Passwords By Nicholas Dorans
  • 2. Brief Overview • Introduction • Brief history of passwords • Best practices for passwords • Current state and future of passwords
  • 3. I am Nicholas Dorans • Originally from New Jersey • Software developer for last 5 years • Password user for roughly 25 years • Main passions are biking, traveling and tacos
  • 4. A Brief History of Passwords • First used in 1961, at MIT for use with the Compatible Time- Sharing System by Fernando Corbató • In 1962, Ph.D. researcher Allan Scherr “hacked” that system by printing out all of the passwords in plain text • In the 1970’s, Robert Morris developed a one-way encryption function for his UNIX operating system known as “hashing” • Bill Gates declares that the password is dead in 2004
  • 5. Different Types of Password Cryptography • Encryption – two-way function that uses a key to encrypt and decrypt a password • Hashing – one-way function that will convert a password into a jumbled non-human readable string of letters and numbers • Hashing + salting – same as hashing but with a random characters pre-pended (or appended) to the password before it is hashed.
  • 6. Problems With Passwords • Short ones are easy to remember but easy to hack • Long ones are harder to crack but harder to remember • Average computer user has roughly 90 different online accounts each with their own username/password - this can be overwhelming and lead to poor password hygiene
  • 7. Best Practices for a User • Never use the same password for 2 or more accounts • Use strong passwords – combination of numbers, uppercase/lowercase letters, special characters with a minimum length of 8 (12 is better) • Use a password manager to help create strong unique passwords for each account
  • 9. Best Practices for Development • If you can avoid it, NEVER store passwords in your own database – use third party authentication services • If you can’t avoid it, apply hashing + salting to store passwords using well-designed key stretching algorithms such as PBKDF2, bcrypt or scrypt • Perform all hashing on the server side • Don’t accept top 200 commonly used passwords
  • 10. Current and Future State of Passwords • Biometric options are available on most new smart phones – fingerprint, face and iris scanning • Strong standards for password creation on most online services • 2 factor authentication using rsa tokens or a physical device such as Yubikey • Research is currently opening the way for new types of biometrics, such as ear shape or facial thermography.
  • 11. FIN