Easy Passwords = Easy Break-Ins

Presented at DerbyCon 2.0 Reunion (2012), Sept. 30, 2012, 11 a.m. (30 minutes)

It is no secret that people tend to be lazy. There is no better demonstration of this fact than people’s password selection. This presentation will discuss trends and common unique passwords that have been identified from analyzing tens of thousands of accounts and passwords in use in today’s corporate environments. This is not password analysis of the lame public breaches of some unheard of websites. The passwords were obtained by real penetration assessments and the passwords are what corporate users believe are secure passwords. This will highlight the different types of passwords users choose when faced with varying complexity requirements. Chris Murrey and Jake Garlie put this knowledge to use in every penetration test and have had phenomenal success in breaking in to a wide variety of organizations.

Presenters:

• Jake Garlie (jagar)
  As a Penetration Tester on SecureState’s Profiling Team, Jake Garlie performs many assessments including Penetration Tests, Web Application Security Assessments, and Wireless Assessments. In his tenure with SecureState, Mr. Garlie has worked with organizations across a variety of industries, providing him with the expertise and knowledge of the different ways each industry secures their data.
• Chris Murrey (f8lerror)
  As a Penetration Tester, Chris Murrey is passionate about the role he plays in ethical hacking. Mr. Murrey performs technical security assessments on a weekly basis, specifically Web Application Security Assessments and Internal/External Penetration Tests.

Similar Presentations:

• BSidesLV 2023 / Passwords: Policies, Securing, Cracking, and More
• 31C3 (2014) / UNHash - Methods for better password cracking
• BSidesLV 2019 / An investigation of the security of passwords derived from African languages