Tech Tho(ugh)ts artwork

Cracking Passwords, Not Bones (Passwords & Multi-Factor Authentication)

Tech Tho(ugh)ts

English - July 31, 2020 09:55 - 22 minutes - 35.3 MB
Technology Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Episode 3.5 - (Part 2/2) Switching to a flaming fox, of sorts...
Next Episode: Data + Math = Nycirpteno (Encryption)

Password requires a minimum of eight (8) characters in length, at least one (1) Uppercase letter, (1) lowercase letter, (1) digit, (1) special character... but why? Is it really that easy to break in? Find out that the answer is yes, and what you can do to keep safe and organized.

Sources for what we've mentioned and further information can be found on our website!

--
Website: https://breadnet.xyz/podcast/
Instagram: https://instagram.com/techthoughtspodcast/

Opening Music: Another World by BETTOGH

Password requires a minimum of eight (8) characters in length, at least one (1) Uppercase letter, (1) lowercase letter, (1) digit, (1) special character… but why? Is it really that easy to break in? Find out that the answer is yes, and what you can do to keep safe and organized.

Sources:
How easily some passwords can be cracked:


Ars Technica, 2012 December 9, ’25-GPU cluster cracks every standard Windows password in <6 hours’
Ars Technica, 2012 August 20, ‘Why passwords have never been weaker—and crackers have never been stronger’

SHA CPU Instructions:

Wikipedia, Intel SHA Extensions


LastPass Vulnerability:Forbes, 2019 September 16, ‘Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak’


(Why I would still say use LastPass if you don’t wish to set up a local password bank):
Lastpass, ‘What If LastPass Gets Hacked’ Page

KeePass:

KeePass WebsiteEuropean Commission’s Free and Open Source Software Auditing (EU-FOSSA 1) [Security Audit for KeePass Source Code]


SMS 2FA Weaknesses:
Sucuri, 2020 January 1, ‘Why 2FA SMS is a Bad Idea’
Wired, 2016 June 6, ‘So Hey You Should Stop Using Texts for Two-Factor Authentication’

Hardware Keys/Tokens:

Science Direct, Hardware Token

U2F:


Yubico U2F Page


How TOTP Works:
Internet Engineering Task Force Paper, ‘TOTP: Time-Based One-Time Password Algorithm’

Website: https://breadnet.xyz/podcast/
Instagram: https://instagram.com/techthoughtspodcast/

Opening Music: Another World by BETTOGH