Webcast: Passwords: You Are the Weakest Link

Why are companies still recommending an 8-character password minimum? 

Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data. 

Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_PasswordsWeakestLink.pdf

3:26 – In The Beginning

4:23 – What The Experts Say: PCI

5:55 – What The Experts Say: Microsoft

9:29 – What The Experts Say: NIST

16:01 – What The Experts Say: Google

16:28 – What The Experts Say: Apple

16:42 – Still More Experts

17:49 – Why 15 Characters

18:06 – Brute Force, Password Spray

22:48 – Password Cracking

23:25 – A Hashing Algorithm, More About Hashes

25:49 – So What Is Password Cracking

27:16 – Windows Hashes, The LM Hashing Algorithm, “LM Hash Is “”Weak””, LM Vs. NTLM Cracking

31:14 – Why 15 Character Passwords – Answer, CJ’s Response to the Problem

36:32 – Let’s See the Math, Examples

40:30 – From the Field

45:03 – Take-Aways

48:33 – Audience Questions & Comments

Because of newer attack methods and increased computing power, password minimums need to be increased to 15 characters to keep networks safe. 

On this BHIS Webcast, Darin & CJ discuss:

  • Current password policies: BHIS recommendations, Microsoft, Google, Apple, NIST
  • Why do we recommend 15 characters – brute force, password crack, LM Hash
  • Passphrase vs. password
  • Recommended password policy summary

Ready to learn more?

Level up your skills with affordable classes from Antisyphon!

Pay-What-You-Can Training

Available live/virtual and on-demand