So I suggested doing this post to Graham, and he said yes.
For the third time in Las Vegas and our 8th edition of PasswordsCon, I am proud and humbled of what we have achieved since our first edition in December 2010. This is going to be awesome!
The 9th International Conference on Passwords
7, 8, 9 December 2015
University of Cambridge, United Kingdom
The Passwords conference was launched in 2010 as a response to the lack of robustness and usability of current personal authentication practices and solutions. Annual participation has doubled over the past three years. Since 2014, the conference accepts peer-reviewed papers.
The CFP is now available here:
Please share this with all relevant contacts you may have!
The recommendation from everyone summarizes it all: use a password manager. :-)
From a security perspective that is a really good move!
From a usability perspective, especially in countries were people are not used with PINs longer than 6 digits, I'm pretty sure there will be complaints. Before & after surveys on the use of 4/6-digit PIN could be interesting to do!
The short version is this:
"Prevents behavioral profiling by randomizing the rate at which characters reach the DOM."
The long version is explained in 2 blog posts.
My post addresses the background, motivation, risk & examples of "behavoioral biometrics" and more specifically "Keyboard Dynamics".
The post by Paul Moore goes deeper into the technology, and our work to understand, detect, block and mitigate where needed.
As far as we know this is the first time anyone has done such a description of this technology and its possible consequences for privacy.
The Register has already published their story about this, with others to come very soon. You can read their story here: http://www.theregister.co.uk/…/behavioural_profiling_defea…/
If you find this of interest, I would be happy if you share this post, or provide the link below to others within academia & the security industry.
I currently hold the CISA and CISM certifications from ISACA, and the CISSP-ISSAP certifications from ISC(2).
More details can be found on my Linkedin profile here: http://www.linkedin.com/in/thorsheim
Phishing without a webpage - researcher reveals how a link *itself* can ...
Can you phish without a phishing page? Research by a student at the University of Oslo in Norway finds that, with the help of a trusty URI,
Hackere kan kreve løsepenger for familiebildene dine
Et datavirus som tar over filer på datamaskinen din og gjør dem uleselige herjer nettet.
Cryptohaze Blog: GPU Rainbow Tables 1.22 out - with WebTables fixes!
GPU Rainbow Tables 1.22 out - with WebTables fixes! Sorry for the delay. My random number generator code was acting up and needed revision.