Gavel: Password Justice
Author(s): Tom Steele

Date: July 2013
Publication: Passwords13 Las Vegas
Source: Currently no known Internet copy of paper.

Abstract:
Vulnerabilities leading to password leaks are not going away, and will continue to occur. Defenses against the plaintext disclosure of passwords needs to occur at multiple levels. One of these levels being the initial creation of the users password. Historically this has been done using traditional complexity checks utilizing JavaScript or language specific libraries, leaving the development up to application developers, who may have not had the training or expertise to implement adequate requirements.

I will present a new tool to fix this issue, and increase the potential for password complexity requirements. Acting as a language agnostic web service, the tool will allow the developers of any application to test prospective passwords against highly configurable requirements. By performing checks in this manner we can eliminate common password creation techniques, including but not limited to: keyboard walking, single base word leetspeak transformations, and passwords based on dates.

A discussion of complexity requirements, user behavior, and tool creation will be followed by the demo and release of an open source web service.


PasswordResearch.com Note: Video of presentation available: https://www.youtube.com/watch?v=TsZsMerFwOI


Do you have additional information to contribute regarding this research paper? If so, please email siteupdates@passwordresearch.com with the details.

<-- Back to Authentication Research Paper Index





[Home] [About Us] [News] [Research]

Copyright © 2016 PasswordResearch.com