Event Archive‎ > ‎

Mnemonic Password Formulas

The information technology landscape is cluttered with large numbers of information systems, many of which have their own individual authentication systems. Even with single-sign-on and multi-system authentication mechanisms, systems within disparate authentication domains are likely to be accessed by users of various levels of involvement with the landscape as a whole. Due to this inherent complexity and abundance of varying authentication requirements, users must manage volumes of password credentials for all of the systems that they interface with regularly. This has given rise to many different insecurities resulting from poor methods of password selection and management. This paper describes some security issues facing users and management of authentication systems that involve passwords, further discusses current approaches to mitigating those issues, and then finally introduces a new method for password recall and management termed Mnemonic Password Formulas.

About the Speaker

I)ruid, C²ISSP

Founder of the Computer Academic Underground, co-founder of the Austin Hackers Association (AHA!), and currently employed in VoIP Security Research by TippingPoint, a divsion of 3Com, I)ruid has over a decade of experience in various areas of information security including vulnerability assessment and penetration testing, secure network architecture, and vulnerability research and development, including research in specific areas related to the security of network protocols, network applications, and Voice over IP (VoIP). Over the years I)ruid has been involved with many security community projects such as design and development of SPF for e-mail (RFC 4408) and contributing as a data mangler for the OSVDB. I)ruid has also released numerous tools to the community such as the infamous PageIt! mass-paging tool and the hcraft HTTP exploit-crafting framework. He regularly releases vulnerability and exploit advisories, speaks at security related events and conferences, is on the Technical Advisory Board of the Voice over IP Security Alliance (VoIPSA), is an active participant in various VoIPSA projects, and is a regular contributor to the Voice of VoIPSA blog.