PasswordsCon Preview: Passwords Are Dead. Long Live Passwords.

I had an opportunity to sit with Per Thorsheim, co-founder of PasswordsCon about next week’s Passwords14 Conference in Las Vegas, Nevada.

If you haven’t checked it out before, PasswordsCon is the world’s premiere technical conference that is just focused on the security of passwords and pin codes.

PasswordsCon 14
Passwords14, held next week in Las Vegas, highlights the latest in password cracking (and hardening) technologies.

PasswordsCon is a one-of-a-kind event: bringing together folks whose specialty is cracking and defeating password security with security experts whose interest is in shoring up protections for sensitive data. This year’s conference, which is sharing space with the B-Sides Las Vegas Conference on August 5 and 6.

PasswordsCon has earned a reputation for being the launching pad for some eye-popping new tools for password cracking. Back in 2012, we reported on a 25 GPU device that radically lowered the bar to cracking even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete.

Password Cracking HPC
Gosney’s set-up uses a pool of 25 virtual AMD GPUs to brute force even very strong passwords.

Among other things, the Conference will feature a password hashing competition aimed at discovering new and better methods for storing password values and talks on compliance and governance issues related to passwords and the psychology of password choice and use. 

Check out our Hangout below or over on YouTube, in which Per talks about what he’s looking forward to at next week’s show, as well as issues like the adoption of two-factor authentication and the impact of Internet of Things technologies on traditional password schemes.

 

One Comment

  1. Having been thru the wringer since retiring & purchasing my first Mac & choosing an iPhone as my smart phone, I have much time dealing with hidden flaws and many support staffs (all poorly trained at first level), I found the past 3 podcasts fascinating. Some comments on the big picture (& I agree with UEFI re standards & believe they should be codified in our laws): my bank mobile site is dumbed down & tho they have NO two-step in place, I have alerts. I immediately get a txt re bank and cc transactions; think there is over reaction re government – as the recent SCOTUS ruling indicates (& from a court not prone to take the side of the average citizen) – their are checks & balances. Corporations, however, have the rights but not the obligations of personhood – a dangerous trend. ANYTHING may be hacked, and companies do us a great disservice in not providing asked-for or even that needed by the average user when it comes to protection. They want that new product out to increase revenue. How interest in that Apple is getting free, we-are-not-responsible-for-problems information by providing Yosemite to anyone who asks basically. I will be following you – great podcasts so far: 3 out of 3 were well worth my time.