Your Users Passwords Are Already Stolen

Presented at BSidesSF 2015, April 19, 2015, 3 p.m. (60 minutes)

Attackers have long exploited human weakness such as the lack of password complexity and vulnerability to phishing. As organizations improved defenses, attackers shifted to breaching websites to steal user databases. Their goal is to access your organization undetected. Common weaknesses in user database implementations will be explained and real world examples presented. To accent the problem, a well known database dump from 2014 containing passwords securely salted and hashed with multiple rounds will be used as a case study showing that password reuse and weak passwords are human behaviors that cannot be fixed.

Presenters:

• Lucas Zaichkowsky
  Lucas Zaichkowsky is the Enterprise Defense Architect at Resolution1 Security, responsible for providing expert guidance on the topic of cybersecurity. Prior to joining Resolution1 Security, Lucas was a Technical Engineer at Mandiant where he worked with Fortune 500 organizations, the Defense Industrial Base, and government institutions to deploy measures designed to defend against the worlds most sophisticated attack groups.

Links:

• https://bsidessf2015.sched.com/event/2t2T/your-users-passwords-are-already-stolen

Similar Presentations:

• CackalackyCon 2 (2023) / Password Attacks 101: Exploiting Human Weaknesses
• DerbyCon 2.0 Reunion (2012) / Easy Passwords = Easy Break-Ins
• 31C3 (2014) / UNHash - Methods for better password cracking