Presented by:

Kyle Rankin is the Chief Security Officer at Purism and a Tech Editor and columnist at Linux Journal.

He is the author of Linux Hardening in Hostile Networks, DevOps Troubleshooting, The Official Ubuntu Server Book, Knoppix Hacks, Knoppix Pocket Reference, Linux Multimedia Hacks and Ubuntu Hacks, and also a contributor to a number of other O’Reilly books.

Rankin speaks frequently on security and open-source software including at FOSDEM, BsidesLV, O’Reilly Security Conference, OSCON, SCALE, CactusCon, Linux World Expo and Penguicon. You can follow him at @kylerankin.

Most of what we've been told over the years about what makes a good password has been wrong, so it's no surprise most people pick bad passwords. This talk will cover the history of password policy and password cracking starting from the days when Richard Stallman hacked the passwords forced on his MIT computer lab because he considered passwords an authoritarian method of control. Next I'll discuss the golden days of password guessing featured prominently in movies like Hackers and WarGames. Then I'll move to the tech boom and the introduction of draconian IT policies like password rotation and password complexity and the dirty little leet-speak password secrets they led to. As we get closer to the modern day I'll discuss the "correct horse battery staple" password renaissance and more modern approaches to password cracking spawned by tools like oclhashcat and giant password databases dumps like the RockYou hack. I'll finish up with modern attempts to fix the password auth problem such as new approaches to secure password generation in password managers or schemes such as diceware as well as cover password auth reinforcements like the different forms of 2FA (including U2F) and Facebook's new approach to "I forgot my password" workflows. By the end everyone should have plenty of ammunition to take back to their IT department and get rid of those horrible password policies.

Date:
2019 April 28 - 10:45
Duration:
45 min
Room:
G-103
Conference:
LinuxFest Northwest 2019
Language:
Track:
Security
Difficulty:
Easy

Happening at the same time:

  1. Steganography - Hiding In Plain Sight
  2. Start Time:
    2019 April 28 10:45

    Room:
    CC-114

  3. What Was Old is New Again
  4. Start Time:
    2019 April 28 10:45

    Room:
    CC-208

  5. Lambda Calculus for the Practicing Programmer
  6. Start Time:
    2019 April 28 10:45

    Room:
    HC-104 Jupiter

  7. Paradux: Recovering From Maximum Personal Data Disaster
  8. Start Time:
    2019 April 28 10:45

    Room:
    HC-108

  9. Sex, Secret and God: A Brief History of Bad Passwords
  10. Start Time:
    2019 April 28 10:45

    Room:
    G-103

  11. Past, Present & Future of Blockchain
  12. Start Time:
    2019 April 28 10:45

    Room:
    CC-235

  13. We can fix email server encryption!
  14. Start Time:
    2019 April 28 10:45

    Room:
    CC-200

  15. CompTIA's NEW Linux+ Certification - All You Need to Know!
  16. Start Time:
    2019 April 28 10:45

    Room:
    CC-115

  17. Introducing Snaps and Snapcraft
  18. Start Time:
    2019 April 28 10:45

    Room:
    CC-202 Tutorials

  19. PostgreSQL: An Introduction to BARMAN
  20. Start Time:
    2019 April 28 10:45

    Room:
    HC-103 Postgres

  21. Web of Things API
  22. Start Time:
    2019 April 28 10:45

    Room:
    CC-236