PasswordResearch.com

2.6K posts

PasswordResearch.com

@PwdRsch

Archive of authentication and password security news gathered by Bruce K. Marshall. See https://t.co/9uAr4djFQ9 or new updates on https://t.co/BDjgaZEXXC

Wichita KS, USA Entrou em Ekim 2012

305 Seguindo2.3K Seguidores

Tweet fixado

PasswordResearch.com@PwdRsch·3 May

OWASP released v4.0 of the Application Security Verification Standard (ASVS) in March, listing security practices for orgs to design, code, and test apps against. github.com/OWASP/ASVS There was substantial content change in the authentication section, so I'll comment on it.

English

PasswordResearch.com@PwdRsch·25 Eyl

@_BSidesKC Thank you to the organizers, speakers, and volunteers for putting on the con! Nice to see the local community gather to share, learn, and have some fun.

English

PasswordResearch.com@PwdRsch·4 Haz

@spazef0rze I haven't done much lately to keep it updated, but certainly have logged a lot of hours trying to gather good info in the past. Thanks for the recognition!

English

Michal Špaček@spazef0rze·2 Haz

Whenever I need some password stats or password research PDF or anything like that, I go to passwordresearch.com by @PwdRsch and unsurprisingly, it's there :-)

English

PasswordResearch.com@PwdRsch·18 Şub

@jwerre I do in occasion. What are you looking for?

English

Jonah@jwerre·18 Şub

@PwdRsch Do you do Security Consulting?

English

PasswordResearch.com@PwdRsch·29 Eyl

@TychoTithonus @m33x @pdo Glad you remembered, because I didn't see this.

English

PasswordResearch.com retweetou

Per Thorsheim@thorsheim·27 Ağu

Virtual #PasswordsCon CFP is live: passwordscon.org/cfp/ Please submit NOW! Streaming on November 23-24. Pre-recorded or live talks, with live Q&A sessions. (please RT!)

English

PasswordResearch.com@PwdRsch·19 Ağu

@Baybe_Doll @jmgosney Sometimes you can block those with CATCHAs.

English

@[email protected]@Baybe_Doll·18 Ağu

Me: trying to stuff cats through a small crack in a door @jmgosney : hey babe, it's kitdential stuffing Me: ... Him: ... Him: get it? Kitdential stuffing?

English

PasswordResearch.com@PwdRsch·4 Ağu

@Hydraze @thorsheim @m33x There are definitely more papers analyzing luds style policies, but hopefully that gets you started.

English

Hydraze / @[email protected]@Hydraze·4 Ağu

Hello #Passwords people, are you aware of any paper related to user password choice under different constraints? (Ideally: nothing/luds/small blacklist/full HIBP password list) cc @thorsheim @m33x @PwdRsch

English

PasswordResearch.com@PwdRsch·4 Ağu

@Hydraze @thorsheim @m33x Of passwords and people: measuring the effect of password-composition policies passwordresearch.com/papers/paper22…

English

PasswordResearch.com@PwdRsch·4 Ağu

@Hydraze @thorsheim @m33x Can Long Passwords Be Secure and Usable? passwordresearch.com/papers/paper39…

English

PasswordResearch.com@PwdRsch·4 Ağu

@Hydraze @thorsheim @m33x Here are a few I know of: Password Creation in the Presence of Blacklists passwordresearch.com/papers/paper65…

English

PasswordResearch.com retweetou

Jim Fenton 🇺🇸🇨🇦@jimfenton·9 Haz

Pre-draft call for comments just issued for #NIST SP 800-63-4 Digital Identity Guidelines. @NISTcyber csrc.nist.gov/publications/d…

English

PasswordResearch.com retweetou

Adam J. Aviv@adamaviv·18 May

Drop by the Authentication (1120-1220pm PDT) session at @IEEESSP to check out @Philipp_Markert speaking about our work on the security of 4- and 6-digit PINs. Q&A to follow the talk, and you can also find out more on our project web-page …s-pin-can-be-easily-guessed.github.io

English

PasswordResearch.com retweetou

Michal Špaček@spazef0rze·11 Mar

"Study found little benefit to 6-digit PINs as compared to 4-digit PINs. Participants tended to select more-easily guessed 6-digit PINs when considering the first 40 guesses of an attacker. Current PIN blacklists ineffective" @Philipp_Markert et al. 👏 …s-pin-can-be-easily-guessed.github.io

English

PasswordResearch.com retweetou

Black Lives Matter@conorgil·10 Mar

As of Dec 2018, @OneLogin had a #2FA adoption rate of 52%. twitter.com/LaCaraB/status… What is the 2FA adoption rate of your service/site? Let me know and I'll add it to the public list of 2FA Stats: allthingsauth.com/2fastats #infosec @LaCaraB

LaCaraB@LaCaraB

@conorgil @reporturi 52% of OneLogin's customer use 2FA

English

PasswordResearch.com retweetou

Per Thorsheim@thorsheim·9 Mar

Blocking email as username login would be efficient to prevent credential stuffing / password spraying for:

Mons, Norway 🇳🇴 English

PasswordResearch.com retweetou

Troy Hunt@troyhunt·5 Mar

Just blogged: Enhancing Pwned Passwords Privacy with Padding troy.hn/2Tn0z9T

English

PasswordResearch.com retweetou

Per Thorsheim@thorsheim·2 Mar

Time to submit for the #Ground1234 (#PasswordsCon) track people! I'll get back to some specific topics I'd like to see covered this year, but "Is 2FA worth it?" from a user/business perspective is one of them, & if you have deployed NIST SP800-63B we want to hear from you!

BSides Las Vegas@BSidesLV

The #BSidesLV CFP is now officially open! The possibilities are endless, as there are several tracks covering dozens of topics for you to talk about. Got something to teach or share? You have until April 15 to submit your talk or training idea to: cfp.bsideslv.org

English

PasswordResearch.com retweetou

Black Lives Matter@conorgil·14 Şub

#infosec #acadmictwitter Is anyone aware of any academic or industry literature that audits the security of TOTP #2FA app, like Authy, Microsoft Authenticator, LastPass Authenticator, Duo Mobile, etc?

English

PasswordResearch.com retweetou

Ricky Mondello@rmondello·29 Oca

We’ve published an explainer about an idea to harden SMS-delivered one-time passwords by allowing senders to associate the codes with a website. We’ve been talking about the idea with some folks at Google, and would like more feedback. github.com/WebKit/explain…

English

202

PasswordResearch.com retweetou

John Opdenakker@j_opdenakker·15 Oca

What’s the more secure option of these? also interested in the motivation* *I know there are much better options but that’s not what I’m asking for. Retweets appreciated #Infosec

English

Descobrir

@_BSidesKC @spazef0rze @jwerre @TychoTithonus @pdo @Baybe_Doll @jmgosney @Hydraze