Password security: You might be doing it wrong

THAT Conference 2017
Day: Wed, Aug 9   Time: 2:30 PM   Location: (map)
Level: 300  Primary Category: DevOps  Secondary Category: You Can't Put a Label on Me
Tags: security, passwords, Hashing, cybersecurity, ethical hacking
In 2016 376 Million user accounts were exfiltrated from 3 websites.  Large scale data breaches of user’s e-mail addresses and passwords are becoming more common.  If your company is the victim of one of these attacks it could damage your customers and your company's reputation. This summer camp pow-wow is for developers, architects and server teams who must secure your customer's security credentials.  Rather than just relying upon preventing the attack, we will focus on mitigating the damage should you fall victim to a breach.  We will look at: what we can learn from some large-scale breaches (Hint: The password hint can be a really bad idea!), "Password math" and how the choices you make can have a dramatic effect on the strength and security of stored passwords and the pattern that you SHOULD be using to stored passwords.  We will also take a look at the tools and hardware that the "bad guys" use once they have exfiltrated your data.  We will also give you the tough questions to ask your vendors if you are using packaged systems or Software as a Service solutions.