Boring password statistics

  • View
    1.576

  • Download
    1

Embed Size (px)

DESCRIPTION

This is my presentation from Passwords11, a 2-day conference only on passwords & pins. It was held at the University of Bergen in Norway, June 7-8, 2011.

Text of Boring password statistics

  • 1. Boring PasswordStatistics
    Per Thorsheim
    CISA, CISM, CISSP-ISSAP

2. 3. Passwords^XX - Archives
http://ftp.ii.uib.no/pub/passwords10/
/pub/finse2011/
/pub/passwords11/
4. The Exception
5. The Exception - #1
Minimum length
Changefrequency
Password age
Passwordhistory
Account lockout
Reset logoncount
Lockout duration
3
90
0 (days)
0
5 attempts
30 minutes
30 minutes
6. The Exception - #2
# ofaccounts
Username = password
Password never expires
No Pwdchange > 14m+
632
193
215
305
7. The Exception - #3
8. The Exception - #4
Minimum
Length
9. The Exception - #5
RockYoustatistics: Second most commonpassword in theworld
10. 176
11. 176 humans
Up to 24 generationsofpasswordsavailable
12. Lengthdistribution
Minimum lengthrequirement
13. Per PositionEntropy LM/NTLM
LM (case insensitive)
NTLM (Case Sensitive)
14. # UniqueCharacters (NTLM)
15. Password formats (NTLM)
16. Passwordchanges
17. Blondes have the
18. ThankYou! ;-)
Questions?