Webcast: Passwords: You Are the Weakest Link - podcast episode cover

Webcast: Passwords: You Are the Weakest Link

Talkin' Bout [Infosec] News
Jan 17, 20201 hrEp. 1
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

https://media.blubrry.com/bhis/content.blubrry.com/bhis/BHIS_Podcast_Passwords_Youaretheweakestlink.mp3 Why are companies still recommending an 8-character password minimum?  Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data.  Download Slides: https://www.activecountermeasures.com/presentations Originally recorded as a live webcast on December 5th, 2019 Presented by: Darin Roberts & CJ Cox Because of newer attack methods and increased computing power, password minimums need to be increased to 15 characters to keep networks safe.  On this BHIS Webcast, Darin & CJ discuss: * Current password policies: BHIS recommendations, Microsoft, Google, Apple, NIST * Why do we recommend 15 characters – brute force, password crack, LM Hash * Passphrase vs. password * Recommended password policy summary Wild West Hackin’ Fest – Most Hands-On Infosec Con! Join us at the new Way West Wild West Hackin’ Fest in San Diego — March 11-13th, 2020. Learn more: https://www.wildwesthackinfest.com/ Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts. Join 1,896 other subscribers Email Address Subscribe
  • (00:00) - Start
  • (01:04) - Introduction
  • (03:26) - In The Beginning
  • (04:23) - What The Experts Say : PCI
  • (05:55) - What The Experts Say : Microsoft
  • (09:29) - What The Experts Say : NIST
  • (16:01) - What The Experts Say : Google
  • (16:28) - What The Experts Say : Apple
  • (16:42) - Still More Experts
  • (17:49) - Why 15 Characters
  • (18:06) - Brute Force
  • (18:44) - Password Spray
  • (22:48) - Password Cracking
  • (23:25) - A Hashing Algorithm
  • (24:07) - More About Hashes
  • (25:49) - So What Is Password Cracking
  • (27:16) - Windows Hashes
  • (27:42) - The LM Hashing Algorithm
  • (29:46) - LM Hash Is "Weak"
  • (30:55) - LM Vs. NTLM Cracking
  • (31:14) - Why 15 Character Passwords – Answer
  • (32:06) - CJ's Response to the Problem
  • (36:32) - Let's See the Mathm
  • (37:09) - Math Examples
  • (40:30) - From the Field
  • (42:47) - Would You Like To Play A Game?
  • (45:03) - Take Aways
  • (46:46) - Are You Really Going To Let This Guy Decide
  • (48:33) - Audience Questions & Comments
For the best experience, listen in Metacast app for iOS or Android