![Webcast: Passwords: You Are the Weakest Link - Talkin' Bout [Infosec] News](https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/87/8c/ba/878cbab0-4fb7-aa03-1b8c-84b72fbd588a/mza_4491962740700471601.jpg/600x600bb.png)
Webcast: Passwords: You Are the Weakest Link
Talkin' Bout [Infosec] News · Black Hills Information Security
Beskrivelse
https://media.blubrry.com/bhis/content.blubrry.com/bhis/BHIS_Podcast_Passwords_Youaretheweakestlink.mp3 Why are companies still recommending an 8-character password minimum? Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data. Download Slides: https://www.activecountermeasures.com/presentations Originally recorded as a live webcast on December 5th, 2019 Presented by: Darin Roberts & CJ Cox Because of newer attack methods and increased computing power, password minimums need to be increased to 15 characters to keep networks safe. On this BHIS Webcast, Darin & CJ discuss: * Current password policies: BHIS recommendations, Microsoft, Google, Apple, NIST * Why do we recommend 15 characters – brute force, password crack, LM Hash * Passphrase vs. password * Recommended password policy summary Wild West Hackin’ Fest – Most Hands-On Infosec Con! Join us at the new Way West Wild West Hackin’ Fest in San Diego — March 11-13th, 2020. Learn more: https://www.wildwesthackinfest.com/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 1,896 other subscribers Email Address Subscribe (00:00) - Start (01:04) - Introduction (03:26) - In The Beginning (04:23) - What The Experts Say : PCI (05:55) - What The Experts Say : Microsoft (09:29) - What The Experts Say : NIST (16:01) - What The Experts Say : Google (16:28) - What The Experts Say : Apple (16:42) - Still More Experts (17:49) - Why 15 Characters (18:06) - Brute Force (18:44) - Password Spray (22:48) - Password Cracking (23:25) - A Hashing Algorithm (24:07) - More About Hashes (25:49) - So What Is Password Cracking (27:16) - Windows Hashes (27:42) - The LM Hashing Algorithm (29:46) - LM Hash Is "Weak" (30:55) - LM Vs. NTLM Cracking (31:14) - Why 15 Character Passwords – Answer (32:06) - CJ's Response to the Problem (36:32) - Let's See the Mathm (37:09) - Math Examples (40:30) - From the Field (42:47) - Would You Like To Play A Game? (45:03) - Take Aways (46:46) - Are You Really Going To Let This Guy Decide (48:33) - Audience Questions & Comments
