The document discusses analyzing pwned passwords using Apache Spark. It provides an overview of Spark, including its evolution from RDDs to DataFrames. It also discusses the state of passwords, how Spark can be used to analyze large datasets of pwned passwords, and both the benefits and challenges of using Spark for this type of analysis. The document encourages securing authentication while providing a seamless user experience and notes that developers have a responsibility to secure authentication.

2. Analyzing Pwned
Passwords with Spark
Kelley Robinson
@kelleyrobinson
Developer Evangelist, Account Security

3. 👋 ☎

4. +👋 ☎ 🔐

5. BIG DATA & SECURITY @KELLEYROBINSON
Spark: then and now
The state of passwords
Spark in action
Big Data & Security

6. BIG DATA & SECURITY @KELLEYROBINSON

7. BIG DATA & SECURITY @KELLEYROBINSON
Apache Spark Ecosystem

8. BIG DATA & SECURITY @KELLEYROBINSON
Spark Abstractions
Then
Now
RDD (Resilient Distributed Dataset)
DataFrames

9. https://databricks.com/blog/2016/07/14/a-tale-of-three-apache-spark-apis-rdds-dataframes-and-datasets.html
@KELLEYROBINSONBIG DATA & SECURITY
RDDs
• Immutable & distributed
collection
• Unstructured data
• Low-level transformation
and control

10. BIG DATA & SECURITY
https://databricks.com/blog/2016/07/14/a-tale-of-three-apache-spark-apis-rdds-dataframes-and-datasets.html
@KELLEYROBINSON
DataFrames
• Structured data
• Fast
• SQL DSLs

11. BIG DATA & SECURITY @KELLEYROBINSON
Apache Spark Ecosystem

12. BIG DATA & SECURITY @KELLEYROBINSON
Python is the
future of Spark

13. BIG DATA & SECURITY
https://www.slideshare.net/databricks/composable-parallel-processing-in-apache-spark-and-weld
@KELLEYROBINSON

14. The State of Passwords

17. @KELLEYROBINSONBIG DATA & SECURITY
Spark in action

18. BIG DATA & SECURITY @KELLEYROBINSON
http://www.commitstrip.com/en/2018/04/27/security-security-security/?

19. Benefits of Spark
Fast
Flexible
Good for exploration
Proven for large systems
BIG DATA & SECURITY @KELLEYROBINSON

20. Challenges
Opaque error messages
Operationalizing
Documentation
http://heather.miller.am/blog/launching-a-spark-cluster-part-1.html
BIG DATA & SECURITY @KELLEYROBINSON

21. 🤔

22. @KELLEYROBINSONBIG DATA & SECURITY
Big Data
& Security

23. BIG DATA & SECURITY @KELLEYROBINSON

24. @KELLEYROBINSON

25. BIG DATA & SECURITY @KELLEYROBINSON
Passwords aren't great.
But they aren't going away
anytime soon.

26. BIG DATA & SECURITY @KELLEYROBINSON
Aim for a seamless
user experience.
]

27. BIG DATA & SECURITY @KELLEYROBINSON
Developers have the
responsibility to
secure authentication.

28. BIG DATA & SECURITY
https://twitter.com/PWTooStrong
@KELLEYROBINSON

29. Further Reading on Pwned Passwords
https://twilio.com/blog/2018/06/analyzing-pwned-passwords-with-apache-spark.html
https://www.troyhunt.com/pwned-passwords-in-practice-real-world-examples-of-blocking-the-worst-passwords/
https://www.twilio.com/blog/2018/06/round-up-libraries-for-checking-pwned-passwords-in-your-7-favorite-languages.html

30. THANK YOU!
@kelleyrobinson

31. Resources
• Apache Spark
• Jacek's Spark Documentation
• Zeppelin
• RDDs vs. Datasets
• Running Spark on a Cluster
• Debugging PySpark (Video) (Slides)
• 2FA Guides
• Pwned Passwords Further Reading
@KELLEYROBINSONBIG DATA & SECURITY