KuppingerCole Analysts
CIW Amsterdam 2019
Agenda
Value & Security for the Connected Customer
Facebook Twitter LinkedIn

The Password Mess: Your Security Policies Are Destroying Your Users

Combined Session
Thursday, October 24, 2019 13:30—14:00
Location: Salon B & C

We've all seen the requirements. Your password must contain upper and lower case, be between 6 and 23 characters long, and must contain at least one Beatle. And you need to pick a new one on a regular schedule, even if you don't use the site that often. Everybody hates it, and it turns out that these rules do not make it harder for attackers. 

How did we get into this mess? We'll take a look at the history of passwords, the attacks we thought we were protecting against, the attacks we actually need to protect against, how people made everything worse, and how we can make it better.

Key Takeaways:

- Passwords aren't being used for what they're good for, and we need to change that

- Password rules as seen today make for bad passwords, and we can do better

- People will find ways around your arcane policies

The Password Mess: Your Security Policies Are Destroying Your Users
Presentation deck
The Password Mess: Your Security Policies Are Destroying Your Users
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Justin Richer
Justin Richer
Bespoke Engineering, LLC
Justin Richer is a security architect, software engineer, standards editor, and systems designer with over two decades of industry experience. He is the lead author of OAuth2 In Action and...
Read Bio
Subscribe for updates
Please provide your email address
Consumer Identity World EU 2019
© Copyright 2004 - 2024 KuppingerCole Analysts AG
Contact Information Imprint Terms & Conditions Terms of Use Privacy Policy