filmov
tv
A Review of Real World Security Questions & Answers @ SecKC
Показать описание
Presentation: A Review of Real World Security Questions & Answers by Bruce K. Marshall (PwdRsch)
Talk Abstract: Security questions and answers have become a popular secondary authenticator for online sites. While security professionals have generally dismissed them as a good choice they don't seem to be disappearing. In this talk Bruce shares his analysis of actual user security question and answer choices that were leaked through three different database dumps in the past year. He uses this real world data to demonstrate where security questions seem to have their greatest weaknesses and discusses how to steer implementations towards providing better security. For comparison we will also look at how the statistics from these environments compare to previous academic studies of security questions.
Filmed and Edited by Darian Marshall
Presented at SecKC on August 14, 2013
Talk Abstract: Security questions and answers have become a popular secondary authenticator for online sites. While security professionals have generally dismissed them as a good choice they don't seem to be disappearing. In this talk Bruce shares his analysis of actual user security question and answer choices that were leaked through three different database dumps in the past year. He uses this real world data to demonstrate where security questions seem to have their greatest weaknesses and discusses how to steer implementations towards providing better security. For comparison we will also look at how the statistics from these environments compare to previous academic studies of security questions.
Filmed and Edited by Darian Marshall
Presented at SecKC on August 14, 2013
0:03:58
0:08:14
0:00:28
0:09:50
0:14:21
0:04:23
0:21:24
0:15:02
0:17:42
0:22:14
0:05:50
0:08:08
0:13:38
0:24:55
0:00:29
0:12:23
0:09:10
0:14:33
0:33:11
0:20:23
0:58:59
0:10:45
0:16:11
0:10:16