SlideShare uma empresa Scribd logo

Why your password sucks

Transferir como PPTX, PDF
Jerry Gamblin
Jerry Gamblin

Why your password sucks and how to fix it talk from the Ignite COMO event last night.

TecnologiaDiversão e humor
1 de 20
Why Your Password Sucks And how to fix it.
Rank These Passwords by “secureness” Missouri Fr33 b33r F(3)*4%1q1Ff! hotwings are awesome
Ranked by security… hotwings are awesome F(3)*4%1q1Ff! Fr33 b33r Missouri
We told you a great password is.. 8 Characters Long. Has a few symbols. Has uppercase letters. Has lowercase letters. Has a number in it.
We told you a great password isn't… A word in the dictionary. Your dogs name. Your kids names. Your favorite sports team. Anything easy to remember
We told you these rocked… 2K1ds@hm <3Truman
We were wrong!!!!(Seriously)
The truth is they suck… 2K1ds@hm Can be cracked in 1.12 Minutes <3Truman Can be cracked in 1.22 Minutes All times taken from https://www.grc.com/haystack
Why did we lie to you? 5 years ago brute forcing passwords was nearly impossible. If your password wasn’t in the dictionary you were pretty safe.
Then along came Amazon $1.60 an hour I can have the power of8 3.0 GHZ server at my disposal. Can processes a billion passwords attempts second.
At that speed… A 8 character password can be brute forced in under 90 seconds.
How do we fix it? BY NEVER USING THE WORD “PASSWORD” AGAIN.
How do we fix it? INSTEAD THE NEW WORD IS:PASSPHRASE
Rules for a good passphrase At least 15 characters long. The longer the better. “That’s what she said?” Use whatever words you want. Make it easy to remember.
My last passphrase was… Landon loves to swing
That passphrase is… 21 characters long It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster.
In five years… Computers will be faster and passphrases will be as crappy as passwords. Sorry
2FA is next! Two Factor Authenticationis something you know, and something you have.
Free 2FA Facebook Google Most Banks
Thank you for your time… Go change your passphrases!

Recomendados

Why your password sucks
Why your password sucksWhy your password sucks
Why your password sucks
Scott Wendling
 
Unmasking You
Unmasking YouUnmasking You
Unmasking You
Joshua Abraham
 
BelmarGomezCoverLetter
BelmarGomezCoverLetterBelmarGomezCoverLetter
BelmarGomezCoverLetter
Belmar Gomez-Santiago
 
G3 Social Media Security
G3 Social Media SecurityG3 Social Media Security
G3 Social Media Security
Jerry Gamblin
 
NightLight Social Media and You
NightLight Social Media and YouNightLight Social Media and You
NightLight Social Media and You
Jerry Gamblin
 
Facebook Security SMCMIDMO
Facebook Security SMCMIDMOFacebook Security SMCMIDMO
Facebook Security SMCMIDMO
Jerry Gamblin
 
Poch dela rosa_how to use google call phone.ppt
Poch dela rosa_how to use google call phone.pptPoch dela rosa_how to use google call phone.ppt
Poch dela rosa_how to use google call phone.ppt
pocholo_dlr
 
Bretelle1
Bretelle1Bretelle1
Bretelle1
AJPagans
 

Recomendados

Why your password sucks
Why your password sucksWhy your password sucks
Why your password sucks
Scott Wendling
 
Unmasking You
Unmasking YouUnmasking You
Unmasking You
Joshua Abraham
 
BelmarGomezCoverLetter
BelmarGomezCoverLetterBelmarGomezCoverLetter
BelmarGomezCoverLetter
Belmar Gomez-Santiago
 
G3 Social Media Security
G3 Social Media SecurityG3 Social Media Security
G3 Social Media Security
Jerry Gamblin
 
NightLight Social Media and You
NightLight Social Media and YouNightLight Social Media and You
NightLight Social Media and You
Jerry Gamblin
 
Facebook Security SMCMIDMO
Facebook Security SMCMIDMOFacebook Security SMCMIDMO
Facebook Security SMCMIDMO
Jerry Gamblin
 
Poch dela rosa_how to use google call phone.ppt
Poch dela rosa_how to use google call phone.pptPoch dela rosa_how to use google call phone.ppt
Poch dela rosa_how to use google call phone.ppt
pocholo_dlr
 
Bretelle1
Bretelle1Bretelle1
Bretelle1
AJPagans
 
Chapter4.6
Chapter4.6Chapter4.6
Chapter4.6
nglaze10
 
Youtubeři v Čechách
Youtubeři v ČecháchYoutubeři v Čechách
Youtubeři v Čechách
Tomas Pflanzer
 
Em Dash Usage
Em Dash UsageEm Dash Usage
Em Dash Usage
Advisors4Advisors
 
Chapter2.6
Chapter2.6Chapter2.6
Chapter2.6
nglaze10
 
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
NAFCU Services Corporation
 
The Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing SocietyThe Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing Society
ILC- UK
 
Notes 2.6 2013
Notes 2.6 2013Notes 2.6 2013
Notes 2.6 2013
nglaze10
 
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
SidDillon Crete
 
Parts of body
Parts of bodyParts of body
Parts of body
dianallan
 
цахим 2в
цахим 2вцахим 2в
цахим 2в
Zaya80
 
Walla faces dinner
Walla faces dinnerWalla faces dinner
Walla faces dinner
debhig
 
Licence to Play interactive E-brochure
Licence to Play interactive E-brochureLicence to Play interactive E-brochure
Licence to Play interactive E-brochure
Annemarie Steen
 
Metlifewebsitepresentation
MetlifewebsitepresentationMetlifewebsitepresentation
Metlifewebsitepresentation
ashleymannes
 
Intro to Pattern Lab
Intro to Pattern LabIntro to Pattern Lab
Intro to Pattern Lab
Paul Stonier
 
Email Split Testing is Essential for Profitability
Email Split Testing is Essential for ProfitabilityEmail Split Testing is Essential for Profitability
Email Split Testing is Essential for Profitability
Email Delivered
 
New week 4
New week 4New week 4
New week 4
nglaze10
 
Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.
Mike Barker
 
Passphrases presentation rev1
Passphrases presentation rev1Passphrases presentation rev1
Passphrases presentation rev1
Dale Rapp
 
Password Policies
Password PoliciesPassword Policies
Password Policies
allengalvan
 
How to Create a Quality Password
How to Create a Quality PasswordHow to Create a Quality Password
How to Create a Quality Password
Patrick Dierschke
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwords
clcewing
 
UX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire CarlsonUX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire Carlson
TheNextUX
 

Mais conteúdo relacionado

Destaque

Chapter4.6
Chapter4.6Chapter4.6
Chapter4.6
nglaze10
 
Chapter2.6
Chapter2.6Chapter2.6
Chapter2.6
nglaze10
 
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
NAFCU Services Corporation
 
Notes 2.6 2013
Notes 2.6 2013Notes 2.6 2013
Notes 2.6 2013
nglaze10
 
Parts of body
Parts of bodyParts of body
Parts of body
dianallan
 
цахим 2в
цахим 2вцахим 2в
цахим 2в
Zaya80
 
Metlifewebsitepresentation
MetlifewebsitepresentationMetlifewebsitepresentation
Metlifewebsitepresentation
ashleymannes
 
New week 4
New week 4New week 4
New week 4
nglaze10
 

Destaque (16)

Chapter4.6
Chapter4.6Chapter4.6
Chapter4.6
 
Youtubeři v Čechách
Youtubeři v ČecháchYoutubeři v Čechách
Youtubeři v Čechách
 
Em Dash Usage
Em Dash UsageEm Dash Usage
Em Dash Usage
 
Chapter2.6
Chapter2.6Chapter2.6
Chapter2.6
 
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
Striking the Right Balance: Free vs. Fee Account Strategies (Recorded Webinar...
 
The Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing SocietyThe Consumer Marketplace in an Ageing Society
The Consumer Marketplace in an Ageing Society
 
Notes 2.6 2013
Notes 2.6 2013Notes 2.6 2013
Notes 2.6 2013
 
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
2012 Ford Mustang For Sale NE | Ford Dealer Nebraska
 
Parts of body
Parts of bodyParts of body
Parts of body
 
цахим 2в
цахим 2вцахим 2в
цахим 2в
 
Walla faces dinner
Walla faces dinnerWalla faces dinner
Walla faces dinner
 
Licence to Play interactive E-brochure
Licence to Play interactive E-brochureLicence to Play interactive E-brochure
Licence to Play interactive E-brochure
 
Metlifewebsitepresentation
MetlifewebsitepresentationMetlifewebsitepresentation
Metlifewebsitepresentation
 
Intro to Pattern Lab
Intro to Pattern LabIntro to Pattern Lab
Intro to Pattern Lab
 
Email Split Testing is Essential for Profitability
Email Split Testing is Essential for ProfitabilityEmail Split Testing is Essential for Profitability
Email Split Testing is Essential for Profitability
 
New week 4
New week 4New week 4
New week 4
 

Semelhante a Why your password sucks

Semelhante a Why your password sucks (6)

Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.Computer Privacy:Passwords-Mike B.
Computer Privacy:Passwords-Mike B.
 
Passphrases presentation rev1
Passphrases presentation rev1Passphrases presentation rev1
Passphrases presentation rev1
 
Password Policies
Password PoliciesPassword Policies
Password Policies
 
How to Create a Quality Password
How to Create a Quality PasswordHow to Create a Quality Password
How to Create a Quality Password
 
Passwords, Passwords and more Passwords
Passwords, Passwords and more PasswordsPasswords, Passwords and more Passwords
Passwords, Passwords and more Passwords
 
UX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire CarlsonUX of Passwords | Refresh Seattle | Claire Carlson
UX of Passwords | Refresh Seattle | Claire Carlson
 

Último

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 

Why your password sucks

  • 1. Why Your Password Sucks And how to fix it.
  • 2. Rank These Passwords by “secureness” Missouri Fr33 b33r F(3)*4%1q1Ff! hotwings are awesome
  • 3. Ranked by security… hotwings are awesome F(3)*4%1q1Ff! Fr33 b33r Missouri
  • 4. We told you a great password is.. 8 Characters Long. Has a few symbols. Has uppercase letters. Has lowercase letters. Has a number in it.
  • 5. We told you a great password isn't… A word in the dictionary. Your dogs name. Your kids names. Your favorite sports team. Anything easy to remember
  • 6. We told you these rocked… 2K1ds@hm <3Truman
  • 8. The truth is they suck… 2K1ds@hm Can be cracked in 1.12 Minutes <3Truman Can be cracked in 1.22 Minutes All times taken from https://www.grc.com/haystack
  • 9. Why did we lie to you? 5 years ago brute forcing passwords was nearly impossible. If your password wasn’t in the dictionary you were pretty safe.
  • 10. Then along came Amazon $1.60 an hour I can have the power of8 3.0 GHZ server at my disposal. Can processes a billion passwords attempts second.
  • 11. At that speed… A 8 character password can be brute forced in under 90 seconds.
  • 12. How do we fix it? BY NEVER USING THE WORD “PASSWORD” AGAIN.
  • 13. How do we fix it? INSTEAD THE NEW WORD IS:PASSPHRASE
  • 14. Rules for a good passphrase At least 15 characters long. The longer the better. “That’s what she said?” Use whatever words you want. Make it easy to remember.
  • 15. My last passphrase was… Landon loves to swing
  • 16. That passphrase is… 21 characters long It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster.
  • 17. In five years… Computers will be faster and passphrases will be as crappy as passwords. Sorry
  • 18. 2FA is next! Two Factor Authenticationis something you know, and something you have.
  • 19. Free 2FA Facebook Google Most Banks
  • 20. Thank you for your time… Go change your passphrases!