I gave a keynote at CompCon Australia 2016 about the history of and problems with passwords, and some of the things we can do to make the best of a bad situation.
This talk is broad, but not very deep. There’s several million things that I wanted to go in to but just couldn’t fit into the limited time - I could talk for days on this if allowed. So here I’m adding a bunch of links for further reading, for anyone that wants more info on a particular topic.
I gave out U2F devices to conference attendees after the talk, with one condition: they have to post or say something publically about what they did with it, even if its just adding it to a GitHub account.
Passwords have always been terrible
- The World’s First Computer Password? It Was Useless Too
- The IBM 7094 and CTSS
- PDP-11 UNIX 6th ed. emulator
- Password Security: A Case History
- SplashData: Worst passwords of 2015
Encourage high-quality passwords
Keep passwords secret
Make passwords useless
- U2F - FIDO Universal 2nd Factor
- U 2 can U2F
- U2F Zero
- Beginner’s Guide to TOTP
- NIST Recommends Deprecation Of SMS Two-Factor Authentication