And how to fix it.

Why Your Password Sucks

Rank These Passwords by “secureness”

•Missouri• Fr33 b33r• F(3)*4%1q1Ff!• hotwings are awesome

Ranked by security…

• hotwings are awesome• F(3)*4%1q1Ff!• Fr33 b33r•Missouri

We told you a great password is..

• 8 Characters Long.• Has a few symbols.• Has uppercase letters.• Has lowercase letters.• Has a number in it.

We told you a great password isn't…

• A word in the dictionary.• Your dogs name.• Your kids names.• Your favorite sports team. • Anything easy to remember

We told you these rocked…

•2K1ds@hm•<3Truman

We were wrong!!!!(Seriously)

The truth is they suck…

• 2K1ds@hm– Can be cracked in 1.12

Minutes• <3Truman– Can be cracked in 1.22

Minutes

All times taken from https://www.grc.com/haystack

Why did we lie to you?

• 5 years ago brute forcing passwords was nearly impossible.

• If your password wasn’t in the dictionary you were pretty safe.

Then along came Amazon

• $1.60 an hour I can have the power of 8 3.0 GHZ server at my disposal. – Can processes a billion passwords

attempts second.

At that speed…

• A 8 character password can be brute forced in under 90 seconds.

How do we fix it?

BY NEVER USING THE WORD “PASSWORD”

AGAIN.

How do we fix it?

INSTEAD THE NEW WORD IS:

PASSPHRASE

Rules for a good passphrase

• At least 15 characters long.– The longer the better.• “That’s what she said?”

• Use whatever words you want.• Make it easy to remember.

My last passphrase was…

• Landon loves to swing

That passphrase is…

• 21 characters long• It would take 1.06 hundred thousand trillion centuries to brute force using an Amazon cluster.

In five years…

• Computers will be faster and passphrases will be as crappy as passwords.• Sorry

2FA is next!

• Two Factor Authentication is something you know, and something you have.

Free 2FA

• Facebook • Google•Most Banks

Thank you for your time…

Go change your passphrases!