Talkin' Bout [Infosec] News

https://media.blubrry.com/bhis/content.blubrry.com/bhis/BHIS_Podcast_Passwords_Youaretheweakestlink.mp3

Why are companies still recommending an 8-character password minimum? 

Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data. 

Download Slides: https://www.activecountermeasures.com/presentations

Originally recorded as a live webcast on December 5th, 2019

Presented by: Darin Roberts & CJ Cox

Because of newer attack methods and increased computing power, password minimums need to be increased to 15 characters to keep networks safe. 

On this BHIS Webcast, Darin & CJ discuss:

* Current password policies: BHIS recommendations, Microsoft, Google, Apple, NIST * Why do we recommend 15 characters – brute force, password crack, LM Hash * Passphrase vs. password * Recommended password policy summary

Wild West Hackin’ Fest – Most Hands-On Infosec Con!

Join us at the new Way West Wild West Hackin’ Fest in San Diego — March 11-13th, 2020. Learn more: https://www.wildwesthackinfest.com/

Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts.


Join 1,896 other subscribers


Email Address







Subscribe

Show Notes

https://media.blubrry.com/bhis/content.blubrry.com/bhis/BHIS_Podcast_Passwords_Youaretheweakestlink.mp3 Why are companies still recommending an 8-character password minimum?  Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data.  Download Slides: https://www.activecountermeasures.com/presentations Originally recorded as a live webcast on December 5th, 2019 Presented by: Darin Roberts & CJ Cox Because of newer attack methods and increased computing power, password minimums need to be increased to 15 characters to keep networks safe.  On this BHIS Webcast, Darin & CJ discuss: * Current password policies: BHIS recommendations, Microsoft, Google, Apple, NIST * Why do we recommend 15 characters – brute force, password crack, LM Hash * Passphrase vs. password * Recommended password policy summary Wild West Hackin’ Fest – Most Hands-On Infosec Con! Join us at the new Way West Wild West Hackin’ Fest in San Diego — March 11-13th, 2020. Learn more: https://www.wildwesthackinfest.com/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 1,896 other subscribers Email Address Subscribe
  • (00:00) - Start
  • (01:04) - Introduction
  • (03:26) - In The Beginning
  • (04:23) - What The Experts Say : PCI
  • (05:55) - What The Experts Say : Microsoft
  • (09:29) - What The Experts Say : NIST
  • (16:01) - What The Experts Say : Google
  • (16:28) - What The Experts Say : Apple
  • (16:42) - Still More Experts
  • (17:49) - Why 15 Characters
  • (18:06) - Brute Force
  • (18:44) - Password Spray
  • (22:48) - Password Cracking
  • (23:25) - A Hashing Algorithm
  • (24:07) - More About Hashes
  • (25:49) - So What Is Password Cracking
  • (27:16) - Windows Hashes
  • (27:42) - The LM Hashing Algorithm
  • (29:46) - LM Hash Is "Weak"
  • (30:55) - LM Vs. NTLM Cracking
  • (31:14) - Why 15 Character Passwords – Answer
  • (32:06) - CJ's Response to the Problem
  • (36:32) - Let's See the Mathm
  • (37:09) - Math Examples
  • (40:30) - From the Field
  • (42:47) - Would You Like To Play A Game?
  • (45:03) - Take Aways
  • (46:46) - Are You Really Going To Let This Guy Decide
  • (48:33) - Audience Questions & Comments

What is Talkin' Bout [Infosec] News?

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.
Join us live on YouTube, Monday's at 4:30PM ET