Please join ISSA chapter members and other security professionals at Lydia's in Kansas City, MO, for our October chapter meeting.
Topic: How Secure Are Multi-Word Random Passphrases?
Reports on the death of passwords have been greatly exaggerated. While passwords do have inherent flaws, their use in new systems and online apps continues to grow. Multi-factor authentication (MFA) has helped control the risks, but passwords still tend to be a required component in this process. So if we can’t eliminate passwords then we need to improve them.
One alternative to passwords are the longer passphrases. Passphrases in the style of XKCD 936 or Diceware have gained popularity, but are they secure enough and practical to use? They seem like a good compromise between security and memorability, but why did Bruce Schneier say using them is "no longer good advice"?
This talk investigates popular passphrase generation schemes, and examines the characteristics that determine the passphrase strength. We will also review research on whether the average person finds these passphrases easier to use than passwords, and if they're practical to use in most cases.
Speaker/Bio: Bruce K. Marshall, Founder PasswordResearch.com
Bruce K. Marshall is a researcher and consultant dedicated to improving the application of authentication technologies, practices, and products. He founded PasswordResearch.com over a decade ago to better share the password information he was collecting. This site includes hundreds of resources from the academic, corporate, and government communities. He aims to introduce more professionals to new and existing authentication research so they can better justify secure system design and policy choices.
Mr. Marshall also conducts his own investigations into passwords and related authentication practices, the results of which are both published on the site and presented at events. He has shared his insights at dozens of conferences such as SANS, Black Hat, BSides, InfoSec World, and PasswordsCon. Among his accomplishments are the completion of the CISSP, NSA-IAM, CISA, and MCSE: Security certifications.
Date: Thursday, October 27, 2016 from 11:30 AM to 1:30 PM
Lidia's - Downtown Kansas City
101 W 22nd St, Kansas City, MO 64108
11:30 AM - 12:00 PM Greeting and registration
12:00 PM - 1:00 PM - Meeting & Presentation
1:00 PM - 1:30 PM - Questions, Answers & Networking
Pasta Tasting Trio - A sampling of three daily-made fresh and filled pastas.
Biscotti Platters - An assortment of house-made cookies & sweets to pass and share family style.
* *Vegetarian option available, please note at registration**.
* *Menu subject to change. **
$20.00 for ISSA Members.
$30.00 for Guests/Non-Members.