Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
View analytic
Wednesday, August 3 • 12:00 - 12:25
Proactive Password Leak Processing

Sign up or log in to save this to your schedule and see who's attending!

An average person on the Internet reuses their same password across multiple sites more often than we’d prefer, which has increasingly resulted in account compromise headaches felt both by them and the sites they visit. Most organizations have limited options to prevent password reuse altogether, but they can take advantage of the same data used by attackers: password leaks.

Large companies (like Microsoft, Google, Facebook, and Yahoo!) have started proactively searching for the passwords leaked by other sites and then finding matches within their own user populations. They can then force a password change or require supplemental authentication to make certain the legitimate user keeps control of their account.

This presentation discusses what exactly is involved in processing this ill gotten data, as well as whether it makes sense for your organization to integrate this into your information security program.

Speakers
avatar for Bruce Marshall

Bruce Marshall

Founder, PasswordResearch.com
Bruce is a security consultant that founded the PasswordResearch.com web site over a decade ago. He aims to introduce more professionals to new and existing authentication research so they can better justify secure system design and policy choices. He has previously shared his experiences with authentication and other topics at the Black Hat, SANS, and InfoSec World conferences.


Wednesday August 3, 2016 12:00 - 12:25
Passwords16 Tuscany