Not your Grandpa's Password Policy
Authors: Kevin T. Neely

Date: August 7 2018
Publication: BSidesLV 2018
Source: Currently no known Internet copy of paper.

Abstract or Summary:
This talk will describe the password policy at Pure Storage, which involves the security team actively attempting to crack employee passwords, forcing a change when discovered, and allowing them to keep the password. Nearly two years into this program, I will review our mature implementation and present an analysis of the collected password data demonstrating how this approach has markedly raised security awareness of our employees and improved the strength of their passwords. Day-to-day blue team security is hard and draining; this approach gives the defense team members a chance to play the role of attacker with a fun task quite different from their day-to-day. Note: Video of presentation: Project page:

Do you have additional information to contribute regarding this research paper? If so, please email with the details.

<-- Back to Authentication Research Paper Index

[Home] [About Us] [News] [Research]

Copyright © 2019