PasswordResearch.com News

September 2007
Founder Bruce K. Marshall spoke with the OWASP Kansas City chapter on the topic of Avoiding Problems with Challenge Question Authentication. This talk summarized the strengths and weaknesses of challenge question authentication that Bruce discussed in his recent white paper on the subject. You can find a copy of his presentation slides here.

July 2007
In an effort to publish more timely news about PasswordResearch.com, as well as new authentication products and services, we have started the PasswordResearch.com Blog. We invite you to visit the blog to read the latest authentication news and share you own comments.

August 2005
Bruce Marshall presented two sessions at the 2005 NebraskaCERT Conference in Omaha on August 9th. Mr. Marshall showcased his new Combating Common Web Application Authentication Threats presentation along with his well-known Evaluating Alternatives to Passwords talk. The sessions drew several dozen participants.

The presentations are available in PDF format by clicking on the following links:

• Combating Common Web Application Authentication Threats
• Evaluating Alternatives to Passwords

May 2005
The PasswordResearch.com Web site has moved to a new hosting company offering better bandwidth and security. The site is also receiving a growing number of visits based on search engine referrals. Thanks for your part in increasing awareness of the free resources on this site.

September 2004
Mr. Marshall presented his Evaluating Password Alternatives presentation to the Kansas City chapter of the Information Systems Security Association (ISSA). Mr. Marshall had addressed the KC ISSA chapter five years earlier to share the initial findings of one of his password case studies.

The PowerPoint presentation is available at this link. You can find the white paper associated with his presentation by following this link.

August 2004
PasswordResearch.com founder Bruce Marshall was invited to speak on the topic of Evaluating Password Alternatives at the WebSec 2004 conference. During his session Mr. Marshall discussed the key authentication system points of failure and the inherent problems with passwords. He introduced five core characteristics of authenticators that can be used to evaluate passwords and their alternatives. His methodology allows organizations to make sound decisions about choosing secure and effective authentication solutions.

WebSec is a national conference that focuses on the information security issues relating to e-commerce and Web-based applications. Mr. Marshall joins a speaker line-up consisting of other experts from organizations like State Street Bank, Boeing, Bank One, Verizon, and Computer Associates.

Mr. Marshall previously spoke on this topic at the Annual Conference & Expo on Control and Audit of Information Technology in Boston.

Our Authentication Stories Index provides both a timely and historical view of password or authentication crimes, practices, and events. This chronological index can help you understand the type of authentication threats and impacts that are faced by organizations today.