UNSECURITY Episode 124 Show Notes

Spring has sprung!

The first day of Spring was Saturday, March 20th. If you’re from Minnesota like Brad and I are, you’re happy about this. Speaking of Brad, he’s back this week!

Let’s get right to it, show notes for episode 124 of the UNSECURITY Podcast…


SHOW NOTES – Episode 124 – Tuesday March 23rd, 2021

Opening

[Evan] Welcome listeners! Thanks for tuning into this episode of the UNSECURITY Podcast. This is episode 124, and the date is March 23rd, 2021. Back from taking a couple weeks off from the show is my good friend and co-host Brad Nigh. Welcome back Brad!

We’ve got a good show planned for you today. Let’s talk passwords! Yay, right?!

Let’s try to tackle as many common questions about passwords as we can in one show!

Passwords

  • Why do we need passwords?
    • The basics of identity and authentication.
    • A password is proof.
  • What happens when a password is compromised?
  • How are passwords compromised?
    • Caused by you.
      • Disclosed.
      • Weak.
    • Caused by them (someone you shared it with).
  • What’s the risk is a password is compromised?
    • How do we protect against password disclosure?
    • How do we protect against weak passwords?
    • How do we protect against someone else disclosing a password?
  • @SecurityStudio, we just finished a new password strength/score algorithm.
    • Eighteen rules with weights applied according to risk.
    • Length, numbers(only), lowercase(only), uppercase(only), letters(only), letters & numbers(only), known compromise(s), dictionary, dictionary w/simple obfuscation, 80%+ dictionary, 80%+ dictionary w/simple obfuscation, 60%+ dictionary, 60%+ dictionary w/simple obfuscation, doubleword, common numeric sequences, words & numbers appended, and personally common/known things.
  • The average person has how many passwords?
    • How many passwords do you have?
    • How many passwords to Brad and I have?
  • Are passwords secure?
  • Are we stuck with passwords forever?
  • What do we do to protect our passwords?
  • Does anyone like passwords?

Other Things

  • The latest registration count for the FRSecure CISSP Mentor Program was 4,701 as of yesterday (3/22) morning!
    • The 2021 program kicks off in 20 days.
    • Will we top 5,000 registrations?!
    • What do we like best about the program?
  • New features for S2
    • Nested entities within S2Org.
    • S2Me Instant Score (coming soon).
    • S2PCI (coming next month).
  • What else?

News

Three interesting news articles this week:

(PSST… Want a good list of APT groups and their operations?! – https://docs.google.com/spreadsheets/u/1/d/1H9_xaxQHpWaa4O_Son4Gx0YOIzlcBWMsdvePFX68EKU/pubhtml#)

Wrapping Up – Shout Outs

Good talk. Thank you Brad, and thank you listeners!

  • Who’s getting shout outs this week?
  • Closing – Thank you to all our listeners! Send things to us by email at unsecurity@protonmail.com. If you’re the social type, socialize with us on Twitter, I’m @evanfrancen, and Brad’s @BradNigh. Other Twitter handles where you can find some of the stuff we do, UNSECURITY is @unsecurityP, SecurityStudio is @studiosecurity, and FRSecure is @FRSecure. That’s it. Talk to you all again next week!

…and we’re done.

Subscribe

I don’t do spam. I don’t eat it and I don’t send it. Not to mention, it’s also illegal!

I’ll write a privacy policy soon (that you won’t read).

About the Author

You may also like these