June 8, 2021 | 11:15am-12:15pm PT
RMISC Virtual Conference
Better Living Through Better Passwords
Architecture & Operations Session with Daniel Giebink and Hoyt L. Kesterson II
There’s been a seismic shift in password guidance. NIST says no complexity; no forced change. PCI DSS 4.0 is not yet published but it’s anticipated that authentication requirements are evolving. The hardware and software improvements in hashing arising from crypto-currency mining put increased pressure on storing a password securely. Password spraying stays below detection thresholds. And then there are those who advocate getting rid of passwords. The speakers will provide guidance on: syntax, management, and strengthening secure storage of passwords; usability; possible changes in PCI DSS 4.0; improving detection of online credential attacks; and purported password replacements.
- Understand the new NIST guidance for passwords and be able to update their authentication policies to improve security while easing the burden on their users.
- Understand the NIST guidance on using memory-hard hashing of stored passwords.
- Get a hint where PCI DSS 4.0 is going with authentication.
- Become aware of proposed “passwordless” authentication methods.