Talkin' Bout [Infosec] News

Why are companies still recommending an 8-character password minimum? 

Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data. 

Download Slides: https://www.activecountermeasures.com/presentations

3:26 – In The Beginning

4:23 – What The Experts Say: PCI

5:55 – What The Experts Say: Microsoft

9:29 – What The Experts Say: NIST

16:01 – What The Experts Say: Google

16:28 – What The Experts Say: Apple

16:42 – Still More Experts

17:49 – Why 15 Characters

18:06 – Brute Force, Password Spray

22:48 – Password Cracking

23:25 – A Hashing Algorithm, More About Hashes

25:49 – So What Is Password Cracking

27:16 – Windows Hashes, The LM Hashing Algorithm, “LM Hash Is “”Weak””, LM Vs. NTLM Cracking

31:14 – Why 15 Character Passwords – Answer, CJ’s Response to the Problem

Show Notes

Why are companies still recommending an 8-character password minimum?  Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data.  Download Slides: https://www.activecountermeasures.com/presentations 3:26 – In The Beginning 4:23 – What The Experts Say: PCI 5:55 – What The Experts Say: Microsoft 9:29 – What The Experts Say: NIST 16:01 – What The Experts Say: Google 16:28 – What The Experts Say: Apple 16:42 – Still More Experts 17:49 – Why 15 Characters 18:06 – Brute Force, Password Spray 22:48 – Password Cracking 23:25 – A Hashing Algorithm, More About Hashes 25:49 – So What Is Password Cracking 27:16 – Windows Hashes, The LM Hashing Algorithm, “LM Hash Is “”Weak””, LM Vs. NTLM Cracking 31:14 – Why 15 Character Passwords – Answer, CJ’s Response to the Problem
  • (00:00) - Start
  • (01:04) - Introduction
  • (03:26) - In The Beginning
  • (04:23) - What The Experts Say : PCI
  • (05:55) - What The Experts Say : Microsoft
  • (09:29) - What The Experts Say : NIST
  • (16:01) - What The Experts Say : Google
  • (16:28) - What The Experts Say : Apple
  • (16:42) - Still More Experts
  • (17:49) - Why 15 Characters
  • (18:06) - Brute Force
  • (18:44) - Password Spray
  • (22:48) - Password Cracking
  • (23:25) - A Hashing Algorithm
  • (24:07) - More About Hashes
  • (25:49) - So What Is Password Cracking
  • (27:16) - Windows Hashes
  • (27:42) - The LM Hashing Algorithm
  • (29:46) - LM Hash Is "Weak"
  • (30:55) - LM Vs. NTLM Cracking
  • (31:14) - Why 15 Character Passwords – Answer
  • (32:06) - CJ's Response to the Problem
  • (36:32) - Let's See the Mathm
  • (37:09) - Math Examples
  • (40:30) - From the Field
  • (42:47) - Would You Like To Play A Game?
  • (45:03) - Take Aways
  • (46:46) - Are You Really Going To Let This Guy Decide
  • (48:33) - Audience Questions & Comments

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET