Quit Blaming The Damned Passwords

Presented at BSides Austin 2016, April 1, 2016, 1 p.m. (60 minutes)

For as long as non-security-minded-people have been using the Internet, there have been insecure passwords. But what really is an insecure password and are they really the problem? The talk will open with a review of password history starting with the rise of commercial UNIX systems (mid-'80s) to the present and close with a discussion of why passwords, 2-factor authorization schemes and other protection at the front door won't protect us, and that we need to get serious about writing trustworthy code.

Presenters:

  • Julie Haugh
    I wrote the Shadow Password Suite back in 1987 and led the first few security O/S evaluations of the IBM AIX operating system between 1997 and 2004 at the C2 (TCSEC) and various EAL (Common Criteria) levels. Today I'm part of a three person security team working for AgileBits, Inc where I work with pentesting and other security vendors to ensure our products are secure.

Links:

Similar Presentations: