Sex, Secret and God - A Brief History of Bad Passwords

Explore the evolution and vulnerabilities of password security in this 54-minute BSidesLV conference talk by Kyle Rankin. Delve into the history of passwords, examining their golden age and the subsequent challenges that arose. Analyze common password practices, including complexity rules, minimum length requirements, and password rotation policies. Investigate the impact of major password breaches, such as the RockYou hack, and learn about advanced cracking techniques. Discover what constitutes a strong password and explore alternative authentication methods like two-factor authentication, biometrics, and magic links. Gain insights into the limitations of SMS-based authentication and the potential risks associated with password managers. Conclude with a discussion on emerging trends in cybersecurity and participate in a Q&A session addressing topics such as CAPTCHAs and clipboard vulnerabilities.

Introduction
Why are passwords so bad
History of passwords
Golden age of passwords
Domain knowledge
Minimum password link
Password complexity rules
Password math
Leadspeak
Password Rotation
Problems with Password Rotation
Xkcd Password Renaissance
Long Pass Phrases
Complex Passwords
Password Cracking
RockYou Hack
Advanced Cracking
Whats a Good Password
TwoFactor Authentication
SMS
TLTP U2F
Password Reset Attacks
Conclusion
Questions
Biometrics
Magic Links
CAPTCHAs
TFA
SMS is dead
Password managers
The clipboard vulnerability