BSidesLV 2016 has ended
Welcome to BSidesLV 2016, our 8th annual BSides in beautiful Las Vegas, Nevada!
Back To Schedule
Wednesday, August 3 • 18:00 - 18:50
The Deal with Password Alternatives

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Many discussions on how to break passwords, but what to do about it? There are various methods, but its hard to ge tthe right infomation as to the differences without the vendor coolaid involved. 

This talk will take off from where red team leaves off and go through nearly all of the password alterntive possibilities. It will outline practical differences, pluses, cons, but also the technical layers that are typically overlooked and less understood. 

It will emphasize context within the commerical organizations that need to be managed at scale, resiliant, integrate with existing applications and lifecycle methodologies, and discuss the pitfalls of how each techonlogy can be implmented the wrong way and turn a security solution into one that is comprimised from the start. 

We will review password managers (single sign on), one-time password generators (how they actually work) from tokens to sms, RFID cards, PKI, smart cards, PIV, biometrics, and othe rmethods. 

Last, within organizations, identify credentials can't be assessed apart from identity management and relate systems, so we'll review the demands of actual implmentation and management to each.

avatar for Terry Gold

Terry Gold

Principal Analyst, D6 Research
Terry is the founder and Principal Analyst of D6 Research, a vendor-neutral research and advisory firm specializing in security, identity management, and authentication across the physical, transactional and logical domains. For the past 15 years, Terry has specialized in assisting... Read More →

Wednesday August 3, 2016 18:00 - 18:50 PDT
Passwords16 Tuscany