When: June 13th, 2017 7:30 pm
Location: O'Reilly Media at 1005 Gravenstein Hwy N, Sebastopol, CA in
the Tarsier conference room past the metal statue and to the right
(http://nblug.org/locations <http://nblug.org/locations>)
Lightning Talks & Hackfest meeting.
Lightning Talks:
Have something you would like to present, but don't have enough material
for a full talk? Here's your chance. Talk about anything Linux related.
Hackfest:
Bring your hardware to get help with it or just to show it off.
Robert Thille - NBLUG Scribe
Topic: Sex, Secret and God: A Brief History of Bad Passwords
When: Tuesday May 9th, 7:30 PM to 9:00 PM
Speaker: Kyle Rankin
Location: O'Reilly Media, Sebastopol CA in the Tarsier conference room
past the metal statue and to the right ( http://nblug.org/locations )
Description:
Most of what we've been told over the years about what makes a good
password has been wrong, so it's no surprise most people pick bad
passwords. This talk will cover the history of password policy and password
cracking starting from the days when Richard Stallman hacked the passwords
forced on his MIT computer lab because he considered passwords an
authoritarian method of control. Next I'll discuss the golden days of
password guessing featured prominently in movies like Hackers and WarGames.
Then I'll move to the tech boom and the introduction of draconian IT
policies like password rotation and password complexity and the dirty
little leet-speak password secrets they led to. As we get closer to the
modern day I'll discuss the "correct horse battery staple" password
renaissance and more modern approaches to password cracking spawned by
tools like oclhashcat and giant password databases dumps like the RockYou
hack.
I'll finish up with modern attempts to fix the password auth problem such
as new approaches to secure password generation in password managers or
schemes such as diceware as well as cover password auth reinforcements like
the different forms of 2FA (including U2F) and Facebook's new approach to
"I forgot my password" workflows. By the end everyone should have plenty of
ammunition to take back to their IT department and get rid of those
horrible password policies.