Why does everyone want to kill my passwords?

Presented at BSidesLV 2016, Aug. 2, 2016, 6 p.m. (50 minutes)

We get it, passwords are a problem. They're a pain to remember, they're always too short (or too long), and the people we trust them with can't even seem to keep them out of hackers' hands. But are the alternatives any better? 

Hardly a day goes by that I don't see an article claiming that it's time to kill the password and some new product promises to finally do just that. But how secure and usable are these solutions? 

I set out to find this out for myself, trying out as many password killers as I could find for an extended review of how well they work in real-life scenarios. 

Some of these products are meant to make passwords easier to use, some make them more secure, and some intend to replace them completely. Some of the products really sucked, but others do show some potential. 

In this talk will explain what it was like living with these various authentication tools and what I learned about multifactor authentication.

Presenters:

• Mark Burnett - Consultant - Mark Burnett
  Mark Burnett is an infosec consultant and author. He has spent most of the last twenty years researching, consulting, writing, and sometimes just ranting about how to secure the software and operating systems we work with every day. Mark has written several books, published numerous magazine and online articles, and produced software developer training courses. Mark has a particular passion for passwords and wrote the book Perfect Passwords which gives advice and tips on dealing with passwords in our daily lives.

Links:

• https://bsideslv2016.sched.com/event/7YOa/why-does-everyone-want-to-kill-my-passwords

Similar Presentations:

• CackalackyCon 2 (2023) / Password Attacks 101: Exploiting Human Weaknesses
• 31C3 (2014) / UNHash - Methods for better password cracking
• DEF CON 19 (2011) / My password is: #FullOfFail! - The Core Problem with Authentication and How We Can Overcome It