Talkin' Bout [Infosec] News Webcast: Passwords: You Are the Weakest Link
Jan 17, 2020
01:00:15
https://media.blubrry.com/bhis/content.blubrry.com/bhis/BHIS_Podcast_Passwords_Youaretheweakestlink.mp3
Why are companies still recommending an 8-character password minimum?
Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data.
Download Slides: https://www.activecountermeasures.com/presentations
Originally recorded as a live webcast on December 5th, 2019
Presented by: Darin Roberts & CJ Cox
Because of newer attack methods and increased computing power, password minimums need to be increased to 15 characters to keep networks safe.
On this BHIS Webcast, Darin & CJ discuss:
* Current password policies: BHIS recommendations, Microsoft, Google, Apple, NIST * Why do we recommend 15 characters – brute force, password crack, LM Hash * Passphrase vs. password * Recommended password policy summary
Wild West Hackin’ Fest – Most Hands-On Infosec Con!
Join us at the new Way West Wild West Hackin’ Fest in San Diego — March 11-13th, 2020. Learn more: https://www.wildwesthackinfest.com/
Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts.
Join 1,896 other subscribers
Email Address
Subscribe
- (00:00) - Start
- (01:04) - Introduction
- (03:26) - In The Beginning
- (04:23) - What The Experts Say : PCI
- (05:55) - What The Experts Say : Microsoft
- (09:29) - What The Experts Say : NIST
- (16:01) - What The Experts Say : Google
- (16:28) - What The Experts Say : Apple
- (16:42) - Still More Experts
- (17:49) - Why 15 Characters
- (18:06) - Brute Force
- (18:44) - Password Spray
- (22:48) - Password Cracking
- (23:25) - A Hashing Algorithm
- (24:07) - More About Hashes
- (25:49) - So What Is Password Cracking
- (27:16) - Windows Hashes
- (27:42) - The LM Hashing Algorithm
- (29:46) - LM Hash Is "Weak"
- (30:55) - LM Vs. NTLM Cracking
- (31:14) - Why 15 Character Passwords – Answer
- (32:06) - CJ's Response to the Problem
- (36:32) - Let's See the Mathm
- (37:09) - Math Examples
- (40:30) - From the Field
- (42:47) - Would You Like To Play A Game?
- (45:03) - Take Aways
- (46:46) - Are You Really Going To Let This Guy Decide
- (48:33) - Audience Questions & Comments