Stockholm Waterfront 19-20 november 2018

Tisdag 20 Nov
PasswordsCon – we know your next password, part 2 Arrangör PasswordsCon

A conference that’s all about passwords, PIN codes, and digital authentication. Passwords are the most prevalent form of authentication in the digital age, and are the first line of defense against unauthorized access in most systems.

Passwords (PasswordsCon) is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them. While large mainstream conferences tend to focus on current hot topics in the information security industry, Passwords events explore fringe conversations on everything from analysis and education to creating, securing, cracking, and exploiting authentication solutions.

And unlike other events where the speaker is rushed in and out, Passwords provides an intimate environment for participants to directly engage speakers before, during, and after their presentations.

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

Keynote-sessions

Talare

  • Zeynep Tufekci

    Tekniksociologen Zeynep Tufekci verkar precis där tekniken möter samhället och de aktivister som vill förändra det. Hennes bok Twitter and Tear Gas handlar om hur internet gjorde protesterna under den arabiska våren lättare att organisera men svåra att hålla igång. Hon har flera TED-föredrag i bagaget, en återkommande kolumn i New York Times och är en profilerad kritiker av hur Facebook och Googles plattformar utnyttjades för att välja både Trump och Obama. Läs mer

  • Ben Hammersley

    Ben Hammersley har många strängar på sin lyra och kan titulera sig som skapare av ordet podcast, teknikexpert, författare, programledare, futurist, journalist med mera. Med sitt charmiga och kvicka sätt trollbinder Ben publiken när han pratar om effekterna av den digitala tidsåldern vi lever i och maktskiftet det inneburit. Läs mer

Förmiddagsfika

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

What does ”MFA” mean? Läs mer

Multi-factor (or Two-factor) Authentication (MFA or 2FA) is widely recommended to people as a measure they should adopt to improve their security, and many explicitly security conscious individuals have come to demand it of various services. The security properties we may wish from authentication are complicated and subtle, and MFA's contribution to those properties is also far from simple or obvious. It is therefore to be expected that most users' understanding of MFA will contain errors, some of which may be dangerous.

We discuss the security properties of MFA, the security expectations of MFA, and the causes for some of the mismatches between them.

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

An investigation of the effectiveness and security of passwords derived from African languages Läs mer

There have been several studies on country based passwords by Dell’Amico et al. (2010) and by Li et al. (2014) who looked at Finnish, Italian and Chinese, English passwords respectively, but there has been a lack of focused study on
the type of passwords that are being created in Africa. English is the business language in South Africa and therefore some users may create passwords in English even though their mother tongue may be isiZulu or isiXhosa. If users are taught to use their indigenous languages for passwords can this increase the organisations password security posture?

We took weak English passwords and converted them to eight Southern African languages to test their effectiveness against online password crackers. This was also done to test which Southern African language is the most susceptible to being attacked and which is not.

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

Web Authentication: From Draft To Product Läs mer

At Duo Security, I have been part of a team driving one of the earliest product implementations of Web Authentication. We intend to leverage open standards like WebAuthn to help our customers move past passwords, and in doing so we’ve encountered interesting technical and cultural problems like: How do you assure users that we are not stealing their fingerprints? How do you avoid user confusion when their second factor is on the same device?

In this talk I’ll discuss the many user-experience and engineering challenges faced by my team in exploring and integrating the Web Authentication API. I’ll give an overview of how we architected an extendable WebAuthN backend to account for the many different types of data we can receive. I’ll talk about what it means to bet on Web Authentication and how it can be useful to you today.

Lunch

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

Keynote-sessions

Talare

  • Tricia Wang

    Termen ”Big Data” har under senare år seglat upp som ett riktigt buzzword och utmålas som räddningen för alla företag. Tricia Wang menar att detta inte är hela sanningen och har därför myntat begreppet Thick Data, eller tät data, det vill säga mänskliga erfarenheter och kunskap som inte går att kvantifiera. Tricia Wang är en etnolog som har specialiserat sig i det tekniska landskapet och är medgrundare till både Sudden Compass och Magpie Kingdom. Läs mer

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

Talking the talk – walking the walk: Implementing “password never expires” – process, documentation and risk assessments Läs mer

Sykehuspartner, the ICT provider for Norway’s largest regional health care trust, recently chose to implement a voluntary “password never expires” policy, as proposed by NIST SP 800-63B. Why? And what happened?

In this presentation, Camilla Lyngedal and Almedin Santic will explain the business needs behind the change in policy, and which benefits Sykehuspartner hopes to achieve by implementing “password never expires” – and will share the preliminary results so far.

The presentation will focus on process, involvement and risk – and the inherent privacy issues related to performing password strength verification.

Camilla Lyngedal is a security advisor in Sykehuspartner, working with policy, process and risk. She believes that awareness is key to better information security, and works every day to impact her colleagues.

Almedin Santic is part of the Sykehuspartner in-house information security auditing team. He has more than 6 years of experience within audits and advisory in governmental organizations.

Talare

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

Eftermiddagsfika

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

How iOS Encourages Good Password Practices Läs mer

In iOS 12 and macOS Mojave, Apple shipped a number of improvements to its password manager, iCloud Keychain, centered around facilitating using auto-generated passwords and making it possible for users to live in a world where users don’t know their passwords. In this talk, I will give a quick overview of these features, discuss which ones are interesting from the perspective of an operating system or browser maker, and talk about what service, website, and app developers can do to help make it possible to live in a world where users don’t know their passwords.

Plats A1 kongresshallen, auditorium, vån 4 Språk English Permalänk

The Big Picture Läs mer

Marie will give the closing talk of the PasswordsCon track at Internetdagarna.