Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Nicholas Dorans - The Evolution of Passwords


Published on

CSNP Chicago March 2020

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Nicholas Dorans - The Evolution of Passwords

  1. 1. The Evolution of Passwords By Nicholas Dorans
  2. 2. Brief Overview • Introduction • Brief history of passwords • Best practices for passwords • Current state and future of passwords
  3. 3. I am Nicholas Dorans • Originally from New Jersey • Software developer for last 5 years • Password user for roughly 25 years • Main passions are biking, traveling and tacos
  4. 4. A Brief History of Passwords • First used in 1961, at MIT for use with the Compatible Time- Sharing System by Fernando Corbató • In 1962, Ph.D. researcher Allan Scherr “hacked” that system by printing out all of the passwords in plain text • In the 1970’s, Robert Morris developed a one-way encryption function for his UNIX operating system known as “hashing” • Bill Gates declares that the password is dead in 2004
  5. 5. Different Types of Password Cryptography • Encryption – two-way function that uses a key to encrypt and decrypt a password • Hashing – one-way function that will convert a password into a jumbled non-human readable string of letters and numbers • Hashing + salting – same as hashing but with a random characters pre-pended (or appended) to the password before it is hashed.
  6. 6. Problems With Passwords • Short ones are easy to remember but easy to hack • Long ones are harder to crack but harder to remember • Average computer user has roughly 90 different online accounts each with their own username/password - this can be overwhelming and lead to poor password hygiene
  7. 7. Best Practices for a User • Never use the same password for 2 or more accounts • Use strong passwords – combination of numbers, uppercase/lowercase letters, special characters with a minimum length of 8 (12 is better) • Use a password manager to help create strong unique passwords for each account
  8. 8. Best Password Ever????
  9. 9. Best Practices for Development • If you can avoid it, NEVER store passwords in your own database – use third party authentication services • If you can’t avoid it, apply hashing + salting to store passwords using well-designed key stretching algorithms such as PBKDF2, bcrypt or scrypt • Perform all hashing on the server side • Don’t accept top 200 commonly used passwords
  10. 10. Current and Future State of Passwords • Biometric options are available on most new smart phones – fingerprint, face and iris scanning • Strong standards for password creation on most online services • 2 factor authentication using rsa tokens or a physical device such as Yubikey • Research is currently opening the way for new types of biometrics, such as ear shape or facial thermography.
  11. 11. FIN