Why your password sucks

  • 655 views
Uploaded on

Jerry Gamblin, network admin for the state of Missouri's slide show about password safety and email.

Jerry Gamblin, network admin for the state of Missouri's slide show about password safety and email.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
655
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Why Your Password Sucks
    And how to fix it.
    Jerry.Gamblin@gmail.com
  • 2. Rank These Passwords by “secureness”
    Missouri
    Fr33 b33r
    F(3)*4%1q1Ff!
    hotwings are awesome
  • 3. Ranked by security…
    hotwings are awesome
    F(3)*4%1q1Ff!
    Fr33 b33r
    Missouri
  • 4. We told you a great password is..
    8 Characters Long.
    Has a few symbols.
    Has uppercase letters.
    Has lowercase letters.
    Has a number in it.
  • 5. We told you a great password isn't…
    A word in the dictionary.
    Your dogs name.
    Your kids names.
    Your favorite sports team.
    Anything easy to remember
  • 6. We told you these rocked…
    2K1ds@hm
    <3Truman
  • 7. We were wrong!!!!(Seriously)
  • 8. The truth is they suck…
    2K1ds@hm
    Can be cracked in 1.12 Minutes
    <3Truman
    Can be cracked in 1.22 Minutes
    All times taken from https://www.grc.com/haystack
  • 9. Why did we lie to you?
    5 years ago brute forcing passwords was nearly impossible.
    If your password wasn’t in the dictionary you were pretty safe.
  • 10. Then along came Amazon
    $1.60 an hour I can have the power of 8 3.0 GHZ server at my disposal.
    Can processes a billion passwords attempts second.
  • 11. At that speed…
    Most 8 character passwords can be brute forced in under 90 seconds.
  • 12. How do we fix it?
    BY NEVER USING THE WORD “PASSWORD” AGAIN.
  • 13. How do we fix it?
    INSTEAD THE NEW WORD IS:PASSPHRASE
  • 14. Rules for a good passphrase
    At least 15 characters long.
    The longer the better.
    “That’s what she said?”
    Use whatever words you want.
    Make it easy to remember.
  • 15. My last passphrase was…
    Landon loves to swing
  • 16. That passphrase is…
    21 characters long
    It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster.
    All times taken from https://www.grc.com/haystack
  • 17. In five years…
    Computers will be faster and passphrases will be as crappy as passwords.
    Sorry
  • 18. 2FA is next!
    Two Factor Authenticationis something you know, and something you have.
  • 19. Free 2FA
    Facebook
    Google
    Most Banks
  • 20. Thank you for your time…
    Go change your passphrases!
    Jerry.Gamblin@gmail.com