OrangeCon

Free Taylor Swift tickets. DNA data breached. A $150 million fine for Uber. Phone records of nearly all users of a large US telco stolen. What do these incidents have in common? Stolen passwords. Off course all OrangeCon attendees use multi factor authentication and password managers. But most people don’t. Incidents caused by stolen password are (still) on the rise. According to research, stolen password are used in over 80% of recent IT security incidents. Launching a basic attack is within financial and technical reach of school kids. How to protect against account takeover attacks? Do what the bad guys are doing. And do it better! We have recovered over seven billion unique email/password pairs in the past years. In this presentation we dive into the details of password cracking at scale, and how this data can help you to keep your accounts safe.