Boring PasswordStatistics<br />Per Thorsheim<br />CISA, CISM, CISSP-ISSAP<br />
Passwords^XX - Archives<br />http://ftp.ii.uib.no/pub/passwords10/<br />/pub/finse2011/<br />/pub/passwords11/<br />
«The Exception»<br />
The Exception - #1<br />Minimum length<br />Changefrequency<br />Password age<br />Passwordhistory<br />Account lockout<br...
The Exception - #2<br /># ofaccounts<br />Username = password<br />Password never expires<br />No Pwdchange > 14m+<br />63...
The Exception - #3<br />
The Exception - #4<br />Minimum<br />Length<br />
The Exception - #5<br />RockYoustatistics: Second most commonpassword in theworld<br />
«176»<br />
176 humans<br />Up to 24 generationsofpasswordsavailable<br />
Lengthdistribution<br />Minimum lengthrequirement<br />
Per PositionEntropy – LM/NTLM<br />LM (case insensitive)<br />NTLM (Case Sensitive)<br />
# UniqueCharacters (NTLM)<br />
Password formats (NTLM)<br />
Passwordchanges<br />
«Blondes have the…»<br />
ThankYou! ;-)<br />Questions?<br />
Upcoming SlideShare
Loading in …5
×

Boring password statistics

1,758
-1

Published on

This is my presentation from Passwords11, a 2-day conference only on passwords & pins. It was held at the University of Bergen in Norway, June 7-8, 2011.

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,758
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Boring password statistics

  1. 1. Boring PasswordStatistics<br />Per Thorsheim<br />CISA, CISM, CISSP-ISSAP<br />
  2. 2.
  3. 3. Passwords^XX - Archives<br />http://ftp.ii.uib.no/pub/passwords10/<br />/pub/finse2011/<br />/pub/passwords11/<br />
  4. 4. «The Exception»<br />
  5. 5. The Exception - #1<br />Minimum length<br />Changefrequency<br />Password age<br />Passwordhistory<br />Account lockout<br />Reset logoncount<br />Lockout duration<br />3<br />90<br />0 (days)<br />0<br />5 attempts<br />30 minutes<br />30 minutes<br />
  6. 6. The Exception - #2<br /># ofaccounts<br />Username = password<br />Password never expires<br />No Pwdchange > 14m+<br />632<br />193<br />215<br />305<br />
  7. 7. The Exception - #3<br />
  8. 8. The Exception - #4<br />Minimum<br />Length<br />
  9. 9. The Exception - #5<br />RockYoustatistics: Second most commonpassword in theworld<br />
  10. 10. «176»<br />
  11. 11. 176 humans<br />Up to 24 generationsofpasswordsavailable<br />
  12. 12. Lengthdistribution<br />Minimum lengthrequirement<br />
  13. 13. Per PositionEntropy – LM/NTLM<br />LM (case insensitive)<br />NTLM (Case Sensitive)<br />
  14. 14. # UniqueCharacters (NTLM)<br />
  15. 15. Password formats (NTLM)<br />
  16. 16. Passwordchanges<br />
  17. 17. «Blondes have the…»<br />
  18. 18. ThankYou! ;-)<br />Questions?<br />

×