Why are companies still recommending an 8-character password minimum?
Passwords are some of the easiest targets for attackers, yet companies still allow weak passwords in their environment. Multiple service providers recommend 8-character minimum passwords based on outdated data.
Slides for this webcast can be found here: https://www.blackhillsinfosec.com/wp-content/uploads/2020/09/SLIDES_PasswordsWeakestLink.pdf
3:26 – In The Beginning
4:23 – What The Experts Say: PCI
5:55 – What The Experts Say: Microsoft
9:29 – What The Experts Say: NIST
16:01 – What The Experts Say: Google
16:28 – What The Experts Say: Apple
16:42 – Still More Experts
17:49 – Why 15 Characters
18:06 – Brute Force, Password Spray
22:48 – Password Cracking
23:25 – A Hashing Algorithm, More About Hashes
25:49 – So What Is Password Cracking
27:16 – Windows Hashes, The LM Hashing Algorithm, “LM Hash Is “”Weak””, LM Vs. NTLM Cracking
31:14 – Why 15 Character Passwords – Answer, CJ’s Response to the Problem
36:32 – Let’s See the Math, Examples
40:30 – From the Field
45:03 – Take-Aways
48:33 – Audience Questions & Comments
Because of newer attack methods and increased computing power, password minimums need to be increased to 15 characters to keep networks safe.
On this BHIS Webcast, Darin & CJ discuss:
- Current password policies: BHIS recommendations, Microsoft, Google, Apple, NIST
- Why do we recommend 15 characters – brute force, password crack, LM Hash
- Passphrase vs. password
- Recommended password policy summary
Wild West Hackin’ Fest – Most Hands-On Infosec Con!
Join us at Wild West Hackin’ Fest in Deadwood — September 23-25th, 2020. Learn more: https://www.wildwesthackinfest.com/
Join the BHIS Blog Mailing List – get notified when we post new blogs, webcasts, and podcasts.