SlideShare uma empresa Scribd logo

Passphrases presentation rev1

Transferir como PPTX, PDF
Dale Rapp
Dale Rapp

This document discusses replacing passwords with passphrases and how passphrases provide stronger security than typical passwords. It notes that a passphrase like "Cafeteria fish sticks are awesome!" containing 5 words and 34 characters would take over 35.64 billion trillion centuries to crack, whereas a typical 8 character password can now be cracked in under 90 seconds using cloud computing resources. The document recommends using passphrases that are at least 15 characters long, include a variety of words, uppercase and lowercase letters, and are easy for the user to remember to provide strong security for accounts.

Tecnologia
1 de 13
Passphrases Replacing your passwords with passphrases
Rank these passwords by secureness • parkway • t3ach3r • h1ghSch@@l • Cafeteria fish sticks are awesome!
Ranked by security • Cafeteria fish sticks are awesome! • h1ghSch@@l • t3ach3r • parkway
How fast can they be cracked • parkway (regular word) ▫ Under one second  P@rkw@y – 28 seconds • t3ach3r (some substitution) ▫ Under one minute  T3ach3r12 – 3 minutes • h1ghSch@@l (capital, substitution, number, symbols) ▫ 1 week  h1ghSch@@l!! – to over a year • Cafeteria fish sticks are awesome! (passphrase) ▫ 35.64 billion trillion centuries!
Great password was… • 8 characters long • 3 of 4 requirements ▫ Has uppercase letters ▫ Has lowercase letters ▫ Has a number in it ▫ Has punctuation or a symbol in it
Password cracking has advanced • Better cracking programs • Tons of dictionary files ▫ Available on internet for anyone to download • Brute force password cracking ▫ Try every character, number, and symbol combination until password is cracked
Amazon power… • The power of the cloud! • For $1.60 an hour I can have 8 3.0 GHZ servers at my disposal • Can process a billion password attempts per a second • At that speed a 8 character password can be brute forced in under 90 seconds
How do we fix it? • Replace passwords with passphrases ▫ Short sentences ▫ Using multiple non-connected words  KittenFootballSnow  Spaces or no spaces  Some sites or systems may not support passwords with spaces or all the special characters available
What makes a good passphrase • At least 15 characters long ▫ The longer the better • Use what ever words you like • Make it easy to remember • Our example ▫ Cafeteria fish sticks are awesome!  5 words  34 characters with spaces  Uppercase, lowercase letters, special character  Easy to remember
What's next? • Technology evolves • Computers become faster • Better cracking methods • When passphrases are as bad passwords
Two factor authentication • Something you know, and something you have ▫ Have a pin texted to your phone that must be submitted to complete the login process  Gmail  Facebook  Banks and finance sites
Questions?
Thank You!

Recomendados

Graphical Password authentication using Hmac
Graphical Password authentication using HmacGraphical Password authentication using Hmac
Graphical Password authentication using Hmac
Arpana shree
 
User Authentication Based on Representative Users
User Authentication Based on Representative UsersUser Authentication Based on Representative Users
User Authentication Based on Representative Users
saddamhusain hadimani
 
Fortigate Hand Book
Fortigate Hand BookFortigate Hand Book
Fortigate Hand Book
Yusuf Usmani
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
Asim Kumar Pathak
 
Password Management
Password ManagementPassword Management
Password Management
Rick Chin
 
Why your password sucks
Why your password sucksWhy your password sucks
Why your password sucks
Jerry Gamblin
 
Why your password sucks
Why your password sucksWhy your password sucks
Why your password sucks
Scott Wendling
 
Passwords
PasswordsPasswords
Passwords
GrittyCC
 

Recomendados

Graphical Password authentication using Hmac
Graphical Password authentication using HmacGraphical Password authentication using Hmac
Graphical Password authentication using Hmac
Arpana shree
 
User Authentication Based on Representative Users
User Authentication Based on Representative UsersUser Authentication Based on Representative Users
User Authentication Based on Representative Users
saddamhusain hadimani
 
Fortigate Hand Book
Fortigate Hand BookFortigate Hand Book
Fortigate Hand Book
Yusuf Usmani
 
Graphical password authentication
Graphical password authenticationGraphical password authentication
Graphical password authentication
Asim Kumar Pathak
 
Password Management
Password ManagementPassword Management
Password Management
Rick Chin
 
Why your password sucks
Why your password sucksWhy your password sucks
Why your password sucks
Jerry Gamblin
 
Why your password sucks
Why your password sucksWhy your password sucks
Why your password sucks
Scott Wendling
 
Passwords
PasswordsPasswords
Passwords
GrittyCC
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
Christopher Allen
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
Yurii Bilyk
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
vishalgohel12195
 
everybody-password-cracking-101.pdf bbgg
everybody-password-cracking-101.pdf bbggeverybody-password-cracking-101.pdf bbgg
everybody-password-cracking-101.pdf bbgg
ankomahg434
 
cryptography.ppt
cryptography.pptcryptography.ppt
cryptography.ppt
AkshayaPriyaJanartha
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
Ghamdan5
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
akamkhalidmohammed
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
RaghavRathi40
 
RSA.ppt
RSA.pptRSA.ppt
RSA.ppt
LakshayYadav46
 
the art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.pptthe art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.ppt
jamkhan10
 
This is the presentation ofcryptography.ppt
This is the presentation ofcryptography.pptThis is the presentation ofcryptography.ppt
This is the presentation ofcryptography.ppt
vimalguptaofficial
 
7 cryptography
7 cryptography7 cryptography
7 cryptography
Upinder Kaur
 
Crytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.pptCrytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.ppt
MuhammadShajid1
 
Best book for the cryptography doctor.ppt
Best book for the cryptography doctor.pptBest book for the cryptography doctor.ppt
Best book for the cryptography doctor.ppt
nicolausalex722
 
detailed presentation on cryptography analysis
detailed presentation on cryptography analysisdetailed presentation on cryptography analysis
detailed presentation on cryptography analysis
BARATH800940
 
7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff
maninthemirrorrror
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
apidays
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Mais conteúdo relacionado

Semelhante a Passphrases presentation rev1

everybody-password-cracking-101.pdf bbgg
everybody-password-cracking-101.pdf bbggeverybody-password-cracking-101.pdf bbgg
everybody-password-cracking-101.pdf bbgg
ankomahg434
 
detailed presentation on cryptography analysis
detailed presentation on cryptography analysisdetailed presentation on cryptography analysis
detailed presentation on cryptography analysis
BARATH800940
 
7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff
maninthemirrorrror
 

Semelhante a Passphrases presentation rev1 (16)

Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
 
Password cracking and brute force
Password cracking and brute forcePassword cracking and brute force
Password cracking and brute force
 
everybody-password-cracking-101.pdf bbgg
everybody-password-cracking-101.pdf bbggeverybody-password-cracking-101.pdf bbgg
everybody-password-cracking-101.pdf bbgg
 
cryptography.ppt
cryptography.pptcryptography.ppt
cryptography.ppt
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
 
7-cryptography.ppt
7-cryptography.ppt7-cryptography.ppt
7-cryptography.ppt
 
RSA.ppt
RSA.pptRSA.ppt
RSA.ppt
 
the art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.pptthe art of the fking dum crypto_basic.ppt
the art of the fking dum crypto_basic.ppt
 
This is the presentation ofcryptography.ppt
This is the presentation ofcryptography.pptThis is the presentation ofcryptography.ppt
This is the presentation ofcryptography.ppt
 
7 cryptography
7 cryptography7 cryptography
7 cryptography
 
Crytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.pptCrytography CertCourse Module 1 & 2.ppt
Crytography CertCourse Module 1 & 2.ppt
 
Best book for the cryptography doctor.ppt
Best book for the cryptography doctor.pptBest book for the cryptography doctor.ppt
Best book for the cryptography doctor.ppt
 
detailed presentation on cryptography analysis
detailed presentation on cryptography analysisdetailed presentation on cryptography analysis
detailed presentation on cryptography analysis
 
7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff7-cryptography.pptfffffffffffffffffffffffffffffffffff
7-cryptography.pptfffffffffffffffffffffffffffffffffff
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 

Passphrases presentation rev1

  • 2. Rank these passwords by secureness • parkway • t3ach3r • h1ghSch@@l • Cafeteria fish sticks are awesome!
  • 3. Ranked by security • Cafeteria fish sticks are awesome! • h1ghSch@@l • t3ach3r • parkway
  • 4. How fast can they be cracked • parkway (regular word) ▫ Under one second  P@rkw@y – 28 seconds • t3ach3r (some substitution) ▫ Under one minute  T3ach3r12 – 3 minutes • h1ghSch@@l (capital, substitution, number, symbols) ▫ 1 week  h1ghSch@@l!! – to over a year • Cafeteria fish sticks are awesome! (passphrase) ▫ 35.64 billion trillion centuries!
  • 5. Great password was… • 8 characters long • 3 of 4 requirements ▫ Has uppercase letters ▫ Has lowercase letters ▫ Has a number in it ▫ Has punctuation or a symbol in it
  • 6. Password cracking has advanced • Better cracking programs • Tons of dictionary files ▫ Available on internet for anyone to download • Brute force password cracking ▫ Try every character, number, and symbol combination until password is cracked
  • 7. Amazon power… • The power of the cloud! • For $1.60 an hour I can have 8 3.0 GHZ servers at my disposal • Can process a billion password attempts per a second • At that speed a 8 character password can be brute forced in under 90 seconds
  • 8. How do we fix it? • Replace passwords with passphrases ▫ Short sentences ▫ Using multiple non-connected words  KittenFootballSnow  Spaces or no spaces  Some sites or systems may not support passwords with spaces or all the special characters available
  • 9. What makes a good passphrase • At least 15 characters long ▫ The longer the better • Use what ever words you like • Make it easy to remember • Our example ▫ Cafeteria fish sticks are awesome!  5 words  34 characters with spaces  Uppercase, lowercase letters, special character  Easy to remember
  • 10. What's next? • Technology evolves • Computers become faster • Better cracking methods • When passphrases are as bad passwords
  • 11. Two factor authentication • Something you know, and something you have ▫ Have a pin texted to your phone that must be submitted to complete the login process  Gmail  Facebook  Banks and finance sites

Notas do Editor

  1. Don’t use common dictionary words, names, phone numbers, etc…
  2. Estimated by website https://www.grc.com/haystack.htm
  3. Password security used to be!!!If it wasn’t in the dictionary you were golden!
  4. Better and more cracking programs, multi platform, Linux, PC, MAC
  5. Yay cloud!Sony play station breach traced to hackers using Amazon cloud services
  6. Can add complexityKittenFootballSnow22$
  7. Easy to remember is keyIf its hard to remember we will see sticky notes under keyboards and on monitors
  8. Keep adding to character length of password will not work
  9. Two factor or multi-factor could involve several different options