A br1ef h1st0ry of P@sswords

This presentation was given at CompCon 2016.

I gave a keynote at CompCon Australia 2016 about the history of and problems with passwords, and some of the things we can do to make the best of a bad situation.

This talk is broad, but not very deep. There’s several million things that I wanted to go in to but just couldn’t fit into the limited time - I could talk for days on this if allowed. So here I’m adding a bunch of links for further reading, for anyone that wants more info on a particular topic.

I gave out U2F devices to conference attendees after the talk, with one condition: they have to post or say something publically about what they did with it, even if its just adding it to a GitHub account.

Slides: A br1ef h1st0ry of P@sswords [PDF 35M]; Deckset source [GitHub]

Passwords have always been terrible

• The World’s First Computer Password? It Was Useless Too
• The IBM 7094 and CTSS
• PDP-11 UNIX 6th ed. emulator
• Password Security: A Case History
• SplashData: Worst passwords of 2015

Encourage high-quality passwords

• zxcvbn: realistic password strength estimation

Keep passwords secret

• Have i been pwned?
• Salted Password Hashing - Doing it Right

Make passwords useless

• U2F - FIDO Universal 2nd Factor
• U 2 can U2F
• U2F Zero
• Beginner’s Guide to TOTP
• NIST Recommends Deprecation Of SMS Two-Factor Authentication

Other reading

• An Administrator’s Guide to Internet Password Research