Abstract or Summary:
Many discussions on how to break passwords, but what to do about it? There are various methods, but its hard to ge tthe right infomation as to the differences without the vendor coolaid involved. This talk will take off from where red team leaves off and go through nearly all of the password alterntive possibilities. It will outline practical differences, pluses, cons, but also the technical layers that are typically overlooked and less understood.

It will emphasize context within the commerical organizations that need to be managed at scale, resiliant, integrate with existing applications and lifecycle methodologies, and discuss the pitfalls of how each techonlogy can be implmented the wrong way and turn a security solution into one that is comprimised from the start. We will review password managers (single sign on), one-time password generators (how they actually work) from tokens to sms, RFID cards, PKI, smart cards, PIV, biometrics, and othe rmethods. Last, within organizations, identify credentials can't be assessed apart from identity management and relate systems, so we'll review the demands of actual implmentation and management to each.

PasswordResearch.com Note: Video of presentation: https://www.youtube.com/watch?v=nKcN06xqA90