zxcvbn - Low-Budget Password Strength Estimation
Offered By: USENIX via YouTube
Course Description
Overview
Explore a groundbreaking approach to password strength estimation in this 32-minute USENIX Security '16 conference talk. Delve into the limitations of traditional LUDS-based password requirements and discover zxcvbn, a more effective and user-friendly alternative. Learn how this small, fast, and easily adoptable estimator accurately predicts password strength using leaked password data and modern guessing attacks. Understand the technical aspects of zxcvbn's implementation, including its compressed storage capabilities, cross-platform compatibility, and millisecond-level performance. Gain insights into the estimator's effectiveness in mitigating online attacks and its potential to revolutionize password security practices across various platforms.
Syllabus
Intro
Verizon Wireless: Password Requirements
Password Policy: Frozen in 1979
Inconsistent Requirements
Inconsistent Feedback Input: correcthorsebatterystaple
Threat Model
Core estimator: minimum rank over top lists Input wheeler
Word transformations
Keyboard patterns
Sequence Patterns
Outline for today
Gold standard: PGS
Training data
Test data
Estimator size?
Minimum rank only?
Runtime Performance
Conclusion
Give it a try!
Proposal: keep UI simple
Taught by
USENIX
Related Courses
Secure Software Development FundamentalsLinux Foundation via edX Security Literacy Course (How To)
Treehouse Lessons Learned from Evaluating the Robustness of Defenses to Adversarial Examples
Simons Institute via YouTube Security Protection and Quality Control in Crowdsourcing
CAE in Cybersecurity Community via YouTube Cross-App Poisoning in Software-Defined Networking
Association for Computing Machinery (ACM) via YouTube