Bruce Marshall presented at the annual PasswordsCon and BSidesLV conference on the subject of Proactive Password Leak Processing. A video of his talk and copy of his slides can be found here: http://www.passwordresearch.com/passwordleaks.html/
Bruce Marshall presented for the third time at the annual PasswordsCon conference, with a topic of How Secure Are Multi-Word Random Passphrases? A video of his talk and copy of his slides can be found here: http://www.passwordresearch.com/Passphrases/
Bruce Marshall once again presented at the annual PasswordsCon conference, this time on the topic of How Forced Password Expiration Affects Password Choice. A copy of his slides can be found here: http://www.passwordresearch.com/Expire.html
Site founder Bruce Marshall was in Las Vegas to present the results of his recent research at PasswordsCon 13, a security conference focused on passwords and authentication. Bruce's session, A Real World Look at Security Questions & Answers, shared his analysis of actual user security question and answer choices that were leaked through three different database dumps in the past year. He used this real world data to demonstrate where security questions seem to have their greatest weaknesses, and discussed how to steer implementations towards providing better security.
A copy of his slides and a video of the presentation can be found here: http://www.passwordresearch.com/securityqs.html
PasswordResearch.com now has a Twitter account. We will use this account to alert followers about password and authentication news as well as notable new content on the web site.
Bruce Marshall spoke with the OWASP Kansas City chapter on the topic of Avoiding Problems with Challenge Question Authentication. This talk summarized the strengths and weaknesses of challenge question authentication that Bruce discussed in his recent white paper on the subject. You can find a copy of his presentation slides here.
In an effort to publish more reviews and informal research results, as well as more timely updates about PasswordResearch.com, we have started the PasswordResearch.com Blog. We invite you to visit the blog to read the latest reports and share you own comments.
Bruce Marshall presented two sessions at the 2005 NebraskaCERT Conference in Omaha on August 9th. Bruce showcased his new Combating Common Web Application Authentication Threats presentation along with his well-known Evaluating Alternatives to Passwords talk. The sessions drew several dozen participants.
You can access a copy of the presentations in PDF format by clicking on the following links:
The PasswordResearch.com Web site has moved to a new hosting company offering better bandwidth and security. The site is also receiving a growing number of visits based on search engine referrals. Thanks for your part in increasing awareness of the free resources on this site.
Bruce Marshall presented his Evaluating Password Alternatives presentation to the Kansas City chapter of the Information Systems Security Association (ISSA). Bruce had addressed the KC ISSA chapter five years earlier to share the initial findings of one of his password case studies.
The PowerPoint presentation is available at this link. You can find the white paper associated with his presentation by following this link.
PasswordResearch.com founder Bruce Marshall was invited to speak on the topic of Evaluating Password Alternatives at the WebSec 2004 conference. During his session Mr. Marshall discussed the key authentication system points of failure and the inherent problems with passwords. He introduced five core characteristics of authenticators that can be used to evaluate passwords and their alternatives. His methodology allows organizations to make sound decisions about choosing secure and effective authentication solutions.
WebSec is a national conference that focuses on the information security issues relating to e-commerce and Web-based applications. Mr. Marshall joins a speaker line-up consisting of other experts from organizations like State Street Bank, Boeing, Bank One, Verizon, and Computer Associates.
Mr. Marshall previously spoke on this topic at the Annual Conference & Expo on Control and Audit of Information Technology in Boston.
Stories in the News
Our Authentication Stories Index provides historical examples of authentication crimes, incidents, and practices. This chronological index can help give perspective to the type of authentication threats and impacts that are faced by organizations today.