Why Your Password Sucks<br />And how to fix it. <br />
Rank These Passwords by “secureness”<br />Missouri<br />Fr33 b33r<br />F(3)*4%1q1Ff!<br />hotwings are awesome<br />
Ranked by security… <br />hotwings are awesome<br />F(3)*4%1q1Ff!<br />Fr33 b33r<br />Missouri<br />
We told you a great password is..<br />8 Characters Long.<br />Has a few symbols.<br />Has uppercase letters.<br />Has low...
We told you a great password isn't…<br />A word in the dictionary.<br />Your dogs name.<br />Your kids names.<br />Your fa...
   We told you these rocked…<br />2K1ds@hm<br /><3Truman<br />
We were wrong!!!!(Seriously)<br />
The truth is they suck…<br />2K1ds@hm<br />Can be cracked in 1.12 Minutes<br /><3Truman<br />Can be cracked in 1.22 Minute...
 Why did we lie to you?<br />5 years ago brute forcing passwords was nearly impossible.<br />If your password wasn’t in th...
 Then along came Amazon<br />$1.60 an hour I can have the power of8 3.0 GHZ server at my disposal. <br />Can processes a b...
   At that speed…<br />A 8 character password can be brute forced in under 90 seconds. <br />
 How do we fix it? <br />BY NEVER USING THE WORD “PASSWORD” AGAIN.<br />
 How do we fix it?<br />INSTEAD THE NEW WORD IS:PASSPHRASE<br />
   Rules for a good passphrase<br />At least 15 characters long.<br />The longer the better.<br />“That’s what she said?”<...
 My last passphrase was…<br />Landon loves to swing<br />
That passphrase is…<br />21 characters long<br />It would take 1.06 hundred thousand trillion centuries to brute force usi...
 In five years… <br />Computers will be faster and passphrases will be as crappy as passwords.<br />Sorry<br />
  2FA is next! <br />Two Factor Authenticationis something you know, and something you have. <br />
   Free 2FA<br />Facebook <br />Google<br />Most Banks<br />
  Thank you for your time…<br />Go change your passphrases! <br />
Upcoming SlideShare
Loading in …5
×

Why your password sucks

509 views

Published on

Why your password sucks and how to fix it talk from the Ignite COMO event last night.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
509
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Why your password sucks

  1. 1. Why Your Password Sucks<br />And how to fix it. <br />
  2. 2. Rank These Passwords by “secureness”<br />Missouri<br />Fr33 b33r<br />F(3)*4%1q1Ff!<br />hotwings are awesome<br />
  3. 3. Ranked by security… <br />hotwings are awesome<br />F(3)*4%1q1Ff!<br />Fr33 b33r<br />Missouri<br />
  4. 4. We told you a great password is..<br />8 Characters Long.<br />Has a few symbols.<br />Has uppercase letters.<br />Has lowercase letters.<br />Has a number in it.<br />
  5. 5. We told you a great password isn't…<br />A word in the dictionary.<br />Your dogs name.<br />Your kids names.<br />Your favorite sports team. <br />Anything easy to remember<br />
  6. 6. We told you these rocked…<br />2K1ds@hm<br /><3Truman<br />
  7. 7. We were wrong!!!!(Seriously)<br />
  8. 8. The truth is they suck…<br />2K1ds@hm<br />Can be cracked in 1.12 Minutes<br /><3Truman<br />Can be cracked in 1.22 Minutes<br />All times taken from https://www.grc.com/haystack<br />
  9. 9. Why did we lie to you?<br />5 years ago brute forcing passwords was nearly impossible.<br />If your password wasn’t in the dictionary you were pretty safe.<br />
  10. 10. Then along came Amazon<br />$1.60 an hour I can have the power of8 3.0 GHZ server at my disposal. <br />Can processes a billion passwords attempts second. <br />
  11. 11. At that speed…<br />A 8 character password can be brute forced in under 90 seconds. <br />
  12. 12. How do we fix it? <br />BY NEVER USING THE WORD “PASSWORD” AGAIN.<br />
  13. 13. How do we fix it?<br />INSTEAD THE NEW WORD IS:PASSPHRASE<br />
  14. 14. Rules for a good passphrase<br />At least 15 characters long.<br />The longer the better.<br />“That’s what she said?”<br />Use whatever words you want.<br />Make it easy to remember. <br />
  15. 15. My last passphrase was…<br />Landon loves to swing<br />
  16. 16. That passphrase is…<br />21 characters long<br />It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster. <br />
  17. 17. In five years… <br />Computers will be faster and passphrases will be as crappy as passwords.<br />Sorry<br />
  18. 18. 2FA is next! <br />Two Factor Authenticationis something you know, and something you have. <br />
  19. 19. Free 2FA<br />Facebook <br />Google<br />Most Banks<br />
  20. 20. Thank you for your time…<br />Go change your passphrases! <br />

×