Password Complexity Requirements are Worthless - Effective Password Security Strategies

Explore a thought-provoking conference talk that challenges common assumptions about password security and complexity requirements. Delve into the limitations of traditional password protection methods and learn why many widely-held beliefs about password strength are misguided. Discover how real-world password crackers operate and why they can easily compromise 95% of passwords on many sites. Examine the shortcomings of current password strength meters and complexity rules in actually improving security. Get introduced to more effective approaches for preventing weak passwords, including a new open-source tool. Gain valuable insights from an experienced penetration tester and password security researcher on creating truly robust password policies and protection mechanisms for your applications and systems.

Your Password Complexity Requirements are Worthless - OWASP AppSecUSA 2014