Sex, Secret and God: A Brief History of Bad Passwords

Kyle Rankin

VP of Engineering Operations

Final, Inc.

Author of Linux Hardening in Hostile Networks

@kylerankin


https://kylerank.in/talks/security/bad_passwords.html

Agenda

Introduction

RMS and the MIT Password Revolt

RMS and the MIT Password Revolt

RMS and the MIT Password Revolt

Golden Age of Computer Passwords

Golden Age of Computer Passwords

Golden Age of Computer Passwords

Golden Age of Computer Passwords

Golden Age of Computer Passwords

Dotcom Boom Password Policies

Dotcom Boom Password Policies

Minimum Password Length

Dotcom Boom Password Policies

Password Complexity

Dotcom Boom Password Policies

Password Complexity

Dotcom Boom Password Policies

Password Complexity

Dotcom Boom Password Policies

Password Complexity

Dotcom Boom Password Policies

1337 5P34K

Dotcom Boom Password Policies

Password Rotation

Dotcom Boom Password Policies

Policy Problems

XKCD and the Password Renaissance

XKCD and the Password Renaissance

XKCD and the Password Renaissance

We Will RockYou: Modern Cracking

We Will RockYou: Modern Cracking

The RockYou Hack

We Will RockYou: Modern Cracking

Advanced Cracking

New Password Approaches

2FA

2FA

Password Reset Attacks

Questions?

Additional Resources