Making Password Meters Great Again

Presented at BSidesLV 2016, Aug. 3, 2016, 11 a.m. (50 minutes)

Password meters have become ubiquitous, some are decent, but the majority are actually harmful. While attempts have been made to create strength meters that better reflect the realities of how passwords are cracked, most meters though are naive to such a degree that they give an incredibly dangerous false since of security.

This talk looks at the best and worst of current password meters - from the useful education they provide, to the absurd feedback that has become so common. To address the flaws in current methods, a new method for calculating the real-world strength of passwords is introduced. Based on the techniques used in cracking passwords, including hashing details, a new method has been developed to provide more useful information about the actual strength of a password.

Presenters:

• Adam Caudill - Senior Application Security Consultant - AppSec Consulting
  Adam Caudill is a security consultant with over 15 years of experience in security and software development; with a focus on application security, secure communications, and cryptography. Active blogger, open source contributor, and advocate for user privacy and protection. His work has been cited by many media outlets and publications around the world, from CNN to Wired and countless others.

Links:

• https://bsideslv2016.sched.com/event/7Yc3/making-password-meters-great-again

Similar Presentations:

• CackalackyCon 2 (2023) / Password Attacks 101: Exploiting Human Weaknesses
• 31C3 (2014) / UNHash - Methods for better password cracking
• AppSec USA 2014 / Your Password Complexity Requirements are Worthless