Jon Warbrick, profile picture
Uploaded byJon Warbrick
KEY, PDF977 views

(Why) Passwords don't work

The document discusses various security measures to protect sensitive information from potential threats, including students, journalists, organized criminals, and government agencies. It presents multiple options for password management, such as eliminating passwords or implementing centralized verification systems. The document also highlights ongoing security challenges and questions future directions for improving password security.

Embed presentation

Download to read offline
In a change from our advertised program...
Why Passwords Don’t Work Jon Warbrick
What are we trying to achieve?
What are we trying to achieve? Protection from • a bored University student • a tabloid journalist • an organized criminal • the NSA
What are we trying to achieve? Protection from • a bored University student • a tabloid journalist • an organized criminal • the NSA Protection of • a student’s photo archive • the heir to the throne's email • the University financial system
http://xkcd.com/538/ Licensed under a Creative Commons Attribution-NonCommercial 2.5 License http://creativecommons.org/licenses/by-nc/2.5/
Option one: Forget passwords
Option two: A single, fixed password
Option three: Distribute a list
Option four: Central verification
Option five: Kerberos (or similar)
Other problems
Other problems
Other problems “secret”
Other problems “secret”
Other problems “secret”
Where do we go from here?

More Related Content

PPTX
Anth 439c Public Anthropology
byjjfloyd
 
PDF
Science 2.0
bymethodsecolevol
 
PDF
Biology Library Instruction Handout: September 2010
byJulie Anne Kent
 
PPTX
Oral history irb
byJenny Kijowski
 
PPT
Managing the flamingo: Politeness in an adolescent chatroom
byLois Scheidt
 
KEY
State of the Raven
byJon Warbrick
 
PPT
Banner+H&W+Feb+2011
byjudiburns6
 
PPT
Active Lifestyles
byMonadnock Community Hospital
 
Anth 439c Public Anthropology
byjjfloyd
 
Science 2.0
bymethodsecolevol
 
Biology Library Instruction Handout: September 2010
byJulie Anne Kent
 
Oral history irb
byJenny Kijowski
 
Managing the flamingo: Politeness in an adolescent chatroom
byLois Scheidt
 
State of the Raven
byJon Warbrick
 
Banner+H&W+Feb+2011
byjudiburns6
 
Active Lifestyles
byMonadnock Community Hospital
 

Similar to (Why) Passwords don't work

PPT
password.ppt
byKaxa5
 
PDF
User Authentication: Passwords and Beyond
byJim Fenton
 
PDF
Designing Login Interfaces for Mobiles
byRohit Ashok Khot
 
PPTX
05-Authentication.pptx Software Security
byRahmathMohammed4
 
PPT
14_526_topic07uuuuuuuuuuuuuuuuuuuuuu.ppt
byfzbshf
 
PPSX
Usable Security: When Security Meets Usability
byShujun Li
 
PPTX
<h1>slideShare</h1>access control.pptx
bykoanti abdu
 
PPTX
computer security authorization Authentication.pptx
byRajendraKumarVerma10
 
PPTX
Lorrie Cranor - Usable Privacy & Security
byAmy Lenzo
 
PPTX
Improving Password Based Security
byRare Input
 
PPT
Topic 6 authentication2 12_dec_2012-1
byKhawar Nehal khawar.nehal@atrc.net.pk
 
PPT
Lect5 authentication 5_dec_2012-1
byKhawar Nehal khawar.nehal@atrc.net.pk
 
PPTX
Security and protection
byNital Shingala
 
PDF
Why is password protection a fallacy a point of view
byYury Chemerkin
 
PPTX
Human/User-Centric Security
byShujun Li
 
PPT
Class 8, 9 and 10
byAl Imam University
 
PPTX
When will passwords die? Research challenges and opportunities in user authen...
byShujun Li
 
PDF
Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker
byTennessee Bureau of Investigation
 
DOCX
Cyber Predicament by Text-Only Password Systems
byHitoshi Kokumai
 
PDF
2012 03 The Death of Passwords
byRaleigh ISSA
 
password.ppt
byKaxa5
 
User Authentication: Passwords and Beyond
byJim Fenton
 
Designing Login Interfaces for Mobiles
byRohit Ashok Khot
 
05-Authentication.pptx Software Security
byRahmathMohammed4
 
14_526_topic07uuuuuuuuuuuuuuuuuuuuuu.ppt
byfzbshf
 
Usable Security: When Security Meets Usability
byShujun Li
 
<h1>slideShare</h1>access control.pptx
bykoanti abdu
 
computer security authorization Authentication.pptx
byRajendraKumarVerma10
 
Lorrie Cranor - Usable Privacy & Security
byAmy Lenzo
 
Improving Password Based Security
byRare Input
 
Topic 6 authentication2 12_dec_2012-1
byKhawar Nehal khawar.nehal@atrc.net.pk
 
Lect5 authentication 5_dec_2012-1
byKhawar Nehal khawar.nehal@atrc.net.pk
 
Security and protection
byNital Shingala
 
Why is password protection a fallacy a point of view
byYury Chemerkin
 
Human/User-Centric Security
byShujun Li
 
Class 8, 9 and 10
byAl Imam University
 
When will passwords die? Research challenges and opportunities in user authen...
byShujun Li
 
Digital Deadly Force: How A Tech Expert Lost his Digital Life to a Hacker
byTennessee Bureau of Investigation
 
Cyber Predicament by Text-Only Password Systems
byHitoshi Kokumai
 
2012 03 The Death of Passwords
byRaleigh ISSA
 

More from Jon Warbrick

PDF
Dunbar's Number, and what it means to the UIS
byJon Warbrick
 
PDF
The 'New [University of Cambridge] Map
byJon Warbrick
 
KEY
Web Authenication with Shibboleth - a view from the Flat East
byJon Warbrick
 
KEY
An introduction to Version Control Systems
byJon Warbrick
 
KEY
Lessons fro IPv6 day, 2011
byJon Warbrick
 
KEY
Google Apps @ Cambridge - What we did
byJon Warbrick
 
PPT
Lessons from IPv6 Day
byJon Warbrick
 
PDF
Syndicated content on your web pages
byJon Warbrick
 
KEY
Google Apps - SSO and Identity Management at the University of Cambridge
byJon Warbrick
 
Dunbar's Number, and what it means to the UIS
byJon Warbrick
 
The 'New [University of Cambridge] Map
byJon Warbrick
 
Web Authenication with Shibboleth - a view from the Flat East
byJon Warbrick
 
An introduction to Version Control Systems
byJon Warbrick
 
Lessons fro IPv6 day, 2011
byJon Warbrick
 
Google Apps @ Cambridge - What we did
byJon Warbrick
 
Lessons from IPv6 Day
byJon Warbrick
 
Syndicated content on your web pages
byJon Warbrick
 
Google Apps - SSO and Identity Management at the University of Cambridge
byJon Warbrick
 

Recently uploaded

PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
PDF
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
PDF
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 
PDF
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PPTX
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
PDF
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
PDF
January Patch Tuesday
byIvanti
 
PDF
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PPTX
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
PPTX
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
PPTX
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Are AI Hallucinations Getting Better or Worse? We Analyzed the Data.
byScott M. Graffius
 
2006 IEEE International Solid-State Circuits Conference
bySlide_N
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Zniber Partners. Audience Foresight for Confident Decisions
bySamuel Zniber
 
Just Eat Data Scraping For Restaurant Reviews And Pricing.pdf
byfusiondata2026
 
Hart, Inc. M&A Data Transition Checklist
byHart, Inc.
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
How Automation Powers Data Quality and Governance at Scale
bySafe Software
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
computer science class 11 ( phishing and fraud mails) .pptx
bybalajichess314
 
AI Data Analyst: Smarter Insights for Modern Real Estate Decisions
byLeni Analyst
 
January Patch Tuesday
byIvanti
 
UiPath Coded Agents - A Developer Driven Agentic Automation Era
byUiPathCommunity
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Fortify Your Digital Defenses with ServiceNow Security Operations by Suma Soft
byGavin Ellis
 
Webinar: EVerest for Production: Accelerating EV Charger Development w/ Indus...
byDanBrown980551
 
Robot Vacuums are Cleaning Up. The global robot vacuum segment has high marke...
byRobert March
 

(Why) Passwords don't work

Editor's Notes

  • #2 \n
  • #3 \n
  • #4 What security properties do you want?\nWhat are you trying to protect, and from who?\nDoes one size fit all?\n
  • #5 What security properties do you want?\nWhat are you trying to protect, and from who?\nDoes one size fit all?\n
  • #6 \n
  • #7 Oh so easy\nIt all comes down to trust\nC.f. Phoenix 30 years ago - password checking could be disabled\n
  • #8 Now we just have to trust a smaller group\nWho would do this? Oh, think of intruder alarms\n
  • #9 No longer need to trust users\nDo need to trust anyone/thing that sees the list - any user on any system and then some\nMalicious and/or incompetent\nCould use crypt, but doesn&amp;#x2019;t really help\n
  • #10 Note that this is &amp;#x2018;LDAP authentication&amp;#x2019;, but could be other things\nClient system still sees plaintext password\n\n
  • #11 Designed largely to solve this problem\nBut...\n
  • #12 How does the user know?\n
  • #13 How does the user know?\n
  • #14 How does the user know?\n
  • #15 How does the user know?\n
  • #16 How does the user know?\n
  • #17 How does the user know?\n
  • #18 How does the user know?\n
  • #19 How does the user know?\n
  • #20 How does the user know?\n
  • #21 How does the user know?\n
  • #22 Users can always give their PWD away\nAnd the always have to trust something which may not be safe\n
  • #23 Users can always give their PWD away\nAnd the always have to trust something which may not be safe\n
  • #24 Users can always give their PWD away\nAnd the always have to trust something which may not be safe\n
  • #25 Users can always give their PWD away\nAnd the always have to trust something which may not be safe\n
  • #26 \n