Twitter | Search | |
PasswordResearch.com
Authentication and password security news gathered by Bruce K. Marshall. See the web site for a collection of password research papers and statistics.
2,505
Tweets
331
Following
2,410
Followers
Tweets
PasswordResearch.com 12h
Replying to @PwdRsch
I also really like how the web site makes their research more accessible and interactive. Hopefully this will mean more people benefit when designing or evaluating similar RBA systems.
Reply Retweet Like
PasswordResearch.com 12h
Site explains new research into the risk-based authentication practices of several organizations like Amazon and Google, along with discussing what characteristics are practical to use in a risk score of users. By et al.
Reply Retweet Like
PasswordResearch.com Apr 22
revealed they have experienced a security breach during which the site's passwords "might have been accessed." Users are reportedly unconcerned, however, with many claiming their passwords are twice as strong as the average person's.
Reply Retweet Like
PasswordResearch.com Apr 22
Replying to @flypigahoy @jimfenton
Here's the paper I believe that's the only mention of these particular questions, although they do discuss a slightly different question about "regular password updates" in Table 4. Our HIPAA also requires 'changing passwords during periodic cycles.'
Reply Retweet Like
PasswordResearch.com Apr 22
Replying to @jimfenton
Here's the language the researchers used to describe the question and answers.
Reply Retweet Like
PasswordResearch.com Apr 22
Replying to @jimfenton
Unfortunately the exact wording of what they asked participants wasn't shared in the paper. This was from the less structured 'interview' portion of the study, so I too was curious how they sorted people into these fairly specific categories.
Reply Retweet Like
PasswordResearch.com Apr 22
Replying to @PwdRsch
Something to keep in mind when talking to users or testing them following security awareness training. Their knowledge and good intentions don't always result in establishing the habits you hope for.
Reply Retweet Like
PasswordResearch.com Apr 22
Replying to @PwdRsch
This may be users reflecting back our industry's common security guidance because they've learned to associate it with "the right thing to do" for effective security without a matching desire or intention to fully comply with that advice.
Reply Retweet Like
PasswordResearch.com Apr 22
Replying to @PwdRsch
We know many people also complain about the burden of frequent password changes and take shortcuts to avoid creating completely new passwords. So why were so many study participants expressing their desire to regularly change passwords?
Reply Retweet Like
PasswordResearch.com Apr 22
People were interviewed about their security and privacy concerns in regards to using mobile health apps. Researchers asked the participants how often they were willing to change passwords and I found the results a bit surprising.
Reply Retweet Like
PasswordResearch.com retweeted
Maximilian Golla Apr 22
Are you on the quest to replace ? Consider submitting your latest work or work in progress to the 5th Who Are You?! Adventures in Authentication Workshop co-located with Submission deadline May 24, 2019
Reply Retweet Like
PasswordResearch.com Apr 21
Replying to @AaronToponce
The podcast should just be 30 minutes of reading passwords to give people new ideas for their own.
Reply Retweet Like
PasswordResearch.com Apr 17
There isn't a security reason not discuss plans for 2FA. Either you have them or not. Don't hide behind security as an excuse for financial choices.
Reply Retweet Like
PasswordResearch.com Apr 15
Apple has introduced this for apps, but I haven't heard anything about whether its been embraced by many of the organizations writing these password polices:
Reply Retweet Like
PasswordResearch.com Apr 13
Replying to @markmorow
Thanks for the further details. Did the customer end up making progress in those areas?
Reply Retweet Like
PasswordResearch.com Apr 13
Replying to @PwdRsch
If I understood that correctly, I wanted to see if you could share what the resolution to this was? Better feedback to users on the behavior? Changing the banned password setting? Something else?
Reply Retweet Like
PasswordResearch.com Apr 13
Hey Mark, I was reviewing your SANS slides on Azure AD Security Recommendations and was curious about Cust Story 3, part 1. You mention them enabling banned password prevention and then experiencing usability problems due to user choice blocking.
Reply Retweet Like
PasswordResearch.com Apr 11
Replying to @dangoodin001
LM hashes are limited to 1-7 characters in length so rainbow tables containing all possibilities could be shared and stored without too much trouble. Time savings compared to cracking have diminished over time, but they were useful for people regularly needing LM hash plaintexts.
Reply Retweet Like
PasswordResearch.com Apr 10
Coinbase mentioned in a blog post today that they use Bcrypt for user passwords
Reply Retweet Like
PasswordResearch.com retweeted
Aaron Toponce ☕ 📿 Apr 10
I'm in the process of updating my password/passphrase audit spreadsheet. If your browser-based generator (HTML, bookmarklet, extension) isn't listed and you want it to be, let me know.
Reply Retweet Like