Stockholm Waterfront 19-20 november 2018

Måndag 19 Nov
PasswordsCon – we know your next password, part 1 Arrangör PasswordsCon

A conference that’s all about passwords, PIN codes, and digital authentication. Passwords are the most prevalent form of authentication in the digital age, and are the first line of defense against unauthorized access in most systems.

Passwords (PasswordsCon) is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them. While large mainstream conferences tend to focus on current hot topics in the information security industry, Passwords events explore fringe conversations on everything from analysis and education to creating, securing, cracking, and exploiting authentication solutions.

And unlike other events where the speaker is rushed in and out, Passwords provides an intimate environment for participants to directly engage speakers before, during, and after their presentations.

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

Keynote-sessions

Talare

Förmiddagsfika

Plats C4, vån 2 Språk English Permalänk

Plats C4, vån 2 Språk English Permalänk

The Wide Diversity of Password Requirements – And how to cope with it Läs mer

Users have to deal with the wide diversity of password requirements when creating passwords for their user accounts at Internet services. In this talk, I present the first investigation of password requirements on a global scale by analyzing 185,696 services. Second, I present a security analysis of the requirements with respect to offline brute-force attacks. Third, I present an optimal password-composition rule for password generators to cope with the wide diversity of password requirements. Altogether, the password-composition rule leads to secure passwords, a better user experience, and finally helps users to create proper passwords for their user accounts.

Plats C4, vån 2 Språk English Permalänk

Random Passwords Aren’t Good Enough Läs mer

Most modern authentication systems have requirements for passwords beyond just the length. Password managers must be able to generate passwords that both meet these requirements and maintain a maximum level of entropy without causing their users confusion or frustration. Ideally, the generator could select characters completely at random from a set of allowed characters, but this approach will often yield passwords that do not conform to the system’s requirements. I’ll discuss possible solutions to this problem, which solution we chose at 1Password, and the entropy calculation algorithm that made that decision possible.

Plats C4, vån 2 Språk English Permalänk

Human skills for more secure behaviour Läs mer

Human users make bad passwords. Humans struggle to remember passwords, leading them to use common phrases, shorten passwords, and reuse passwords. Making passwords even more insecure.

We know what people are bad at, but what are they good at?

In my presentation I will discuss why user interfaces invites to bad password practices, before moving on to talk about human skills that can be used to shape users actions into more secure behavior.

Talare

  • Cecilie Wian   Consultant at Knowit Consulting Bergen

    Passionate about technology, learning and life. Specialties: Testing and human-computer interaction.

    Master in digital culture, on e-learning, with focus on online collaboration and sharing culture. Bachelor in pedagogics / educational psychology, with focus on IT-related learning processes.

    Organizes local spaces where people from different backgrounds can meet and share knowledge and experiences, within the field of technology. Läs mer

Lunch

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

Keynote-sessions

Talare

  • Max Tegmark

    När Max Tegmark talar om sam- och framtiden är det lätt att tro att han förväxlat verkligheten med någon obskyr science fiction-litteratur. Han är känd för sina kontroversiella teorier om parallella universum och artificiell intelligens. Han är professor i astrofysik och sedan 1990 är han verksam i USA, där han för närvarande arbetar på MIT, Massachusetts Intitute of Technology i Boston. Läs mer

Plats C4, vån 2 Språk English Permalänk

Demystifying WebAuthn Läs mer

In this presentation you'll see a glimpse of where we're headed with WebAuthn and how Google is thinking about bringing strong, easy-to-use, biometric authentication to the masses. We'll be discussing use cases, looking at code samples and going over best practices for implementing this standard in your own (web) apps.

Plats C4, vån 2 Språk English Permalänk

Protecting medical data with passwordless authentication Läs mer

At KRY, we have helped hundreds of thousands of patients with a wide range of medical problems. Part of our vision is to create a modern, secure and usable experience with the patient in focus. When launching in countries without well established e-identity solutions we were faced with the problem of balancing multiple factors to create a suitable authentication scheme. This is the story of that process: what constraints and factors played part, which scenarios were considered, what we came up with and how well it has worked in practice.

Eftermiddagsfika

Plats C4, vån 2 Språk English Permalänk

Everything but the User: Reducing Password Reuse Läs mer

Every day, attackers exploit password reuse to breach accounts, costing users and service providers dearly. Conventional wisdom blames users for choosing and reusing easily cracked passwords. However, a complete analysis of the password reuse ecosystem reveals a convoluted situation. While it's true that users poorly understand the risks of reusing passwords, nonsensical password composition policies and confusing notifications further sustain the problem.

This talk argues that reducing password reuse requires solutions going far beyond telling users to not reuse passwords. Reflecting on insights from user studies and qualitative research, I present best practices for designing password-reuse notifications and pose criteria for any potential solutions hoping to ameliorate password reuse.

Plats C4, vån 2 Språk English Permalänk

Authentication Beyond SMS Läs mer

Passwords get pwned. SMS 2FA gets compromised. We spend time clicking stop signs just to convince computers we're human. All of this in an attempt to identify a user we will probably never personally know. It's a fascinating challenge and we're up to the task!

This talk will walk through new channels for identity management beyond email and SMS. Encrypted messaging apps like WhatsApp broaden our options for delivering tokens and secure communications but lack the seamless user experience of Push Authentication or the offline benefits of TOTP. We'll dive into the tradeoffs for these approaches and help you choose the approach that will best protect you and your customers from signup to account recovery.

Mingel