Stockholm Waterfront 25-26 november 2019

Organized by PasswordsCon, 26 november 2019:

PasswordsCon – Part 2

Bar 4, plan 4 Live-stream

A conference that’s all about passwords, PIN codes, and digital authentication. Passwords are the most prevalent form of authentication in the digital age.

Passwords (PasswordsCon) is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.

While large mainstream conferences tend to focus on current hot topics in the information security industry, Passwords events explore fringe conversations on everything from analysis and education to creating, securing, cracking, and exploiting authentication solutions.And unlike other events where the speaker is rushed in and out, Passwords provides an intimate environment for participants to directly engage speakers before, during, and after their presentations.

A1 Språk engelska

Keynote-sessions

  • Harper Reed

    Harper Reed   Futurist

    Harper Reed är teknologist, futurist och hacker som jobbat med Barack Obamas återvalskampanj, sålt kläder via crowdfunding och jonglerat. Läs mer

Fika

Enterprise Password Managers - a Review

“What is the best password manager?” a review of password managers for enterprises from a user perspective.

Password fatigue threatens businesses, password managers can be a part of the solution if they are used. If not, they are an expensive waste of time and money, and may lead to even more insecure practice.

The talk is a review of password managers for enterprises from a user perspective, and gives an introduction to criteria and questions to ask when picking a password manager.

  • Cecilie Wian

    Senior Consultant at Knowit Consulting Bergen

    Passionate about technology, learning and life.
    Specialties: Testing and human-computer interaction.
    Master in digital culture, on e-learning, with focus on online collaboration and sharing culture.
    Twitter: @sinobell

Reasoning Analytically About Password-Cracking Software

In this talk, we introduce techniques to reason analytically and efficiently about transformation-based password cracking in software tools like John the Ripper and Hashcat. We define two new operations, rule inversion and guess counting, with which we analyze these tools without needing to enumerate guesses. We implement these techniques and find

orders-of-magnitude reductions in the time it takes to estimate password strength. We also present four applications showing how our techniques enable increased scientific rigor in optimizing these attacks’ configurations.

Software:

https://github.com/UChicagoSUPERgroup/analytic-password-cracking

  • Maximilian Golla

    Re­se­arch As­sis­tant - Re­se­arch Group Mo­bi­le Se­cu­ri­ty, Ruhr-Uni­ver­si­tät Bo­chum

    Web: https://www.mobsec.ruhr-uni-bochum.de/group/people/golla_maximilian/
    Twitter: @m33x

  • Blase Ur

    Neubauer Family Assistant Professor, University of Chicago

    Blase Ur: https://www.blaseur.com/

Who are you again? Verifying user access rights in an encryption based system.

TBA

  • Pilar Garcia

    Security Analyst, 1Password

    Pilar Garcia completed her Bachelors in physics at the Universidad de las Américas Puebla (Mexico), and received her Masters in Pure and Applied Logic from the University of Barcelona.

Lunch

A1 Språk engelska

Keynote-sessions

  • Jenny Radcliffe

    Jenny Radcliffe   Människohacker

    Jenny Radcliffe tar sig in i vilken byggnad som helst med hjälp av socialt ingenjörskap, människokännedom och konsten att förhandla och övertala. Läs mer

Changing Password Policies at Scale: The Story of Pwned Passwords and k-Anonymity

The Pwned Passwords API serves around 10 million requests every day.

During this talk, Junade Ali will tell the story of devising an approach to anonymously validate breached passwords and driving it through to widespread adoption, by both partnering with Troy Hunt and working with early adopters to make the integration seamless. This talk tells the story of the work that went into providing and scaling the Pwned Passwords service, from devising the anonymity model to the non-trivial tricks that led to a dramatically high cache hit ratio.

  • Junade Ali

    Engineering Manager, Cloudflare

    Junade Ali was the creator of the k-Anonymity model used by Pwned Passwords and has worked on dramatic efficiency improvements for the service. On a day-to-day basis, Junade acts as the Engineering Manager for Cloudflare’s Support Operations Group. Twitter: @IcyApril

Fika

How Credential Stuffing is evolving

Credential Stuffing has existed since the first leaked password but has exploded in the past 3 years. Why? What has changed and where does it go from here?

The tools that enable credential stuffing attacks and the other OWASP Automated Threats are converging on a single strategy - the complete imitation of user behavior and characteristics. This level of extreme mimicry will make discerning good from bad more and more difficult and the web is having a hard time keeping up.

  • Jarrod Overson

    Director of Engineering, Shape Security

    Jarrod is a Director of Engineering at Shape Security where he led the development of Shape's Enterprise Defense. Twitter: @jsoverson

On TOTP standards

Time-based One Time Passwords (TOTP) have a lot of virtues, but misunderstanding of existing standards, inconsistent and incompatible conformance to others, and flat out broken base32 implementations limit our ability to make the best use of it. Instead we are stuck with trying to maintain compatibility with popular broken implementations. The closer one looks, the uglier it all gets. Prepare for ugliness in this talk.

  • Jeffrey Goldberg

    Defender Against the Dark Arts, 1Password

    Jeffrey Goldberg has been at 1Password for nearly a decade, where he is now the Chief Defender Against the Dark Arts, overseeing product security. He loves thinking like a criminal& doing magic with math. He also focuses on how people perceive and interact with system. He can’t keep to 300 charact

Closing off / day 3 info

  • Matt Weir

    Setec Astronomy

    Twitter: @lakiw

A1 Språk engelska

Keynote-sessions

  • Cecilia MoSze Tham

    Cecilia MoSze Tham   Socialteknolog

    Cecilia MoSze Tham är biolog, designer, entrepenör och skapare som bygger innovativa mötesplatser för individer och organisationer. Läs mer