Passwords continue to be the primary means of authentication and are one of the basic defenses against attackers, yet passwords are notoriously weak in the face of the new attacks. This presentation will demonstrate password attack tools, password defenses, new authentication techniques, and research into how to help users maintain strong passwords.

Attackers are increasingly targeting passwords, which have been called the "weakest link in the chain of security", with alarming success. Rainbow tables can now crack passwords in seconds, replacing dictionary and brute force attacks as the preferred means of cracking passwords. How do these attacks work? Are single-sign on technologies such as OpenID and Windows Cardspace viable options? Will the new breed of authentication techniques--behavioral and cognitive biometrics--replace traditional biometrics? And can anything be done to help users utilize strong passwords? This presentation will demonstrate password attack tools, password defenses, new authentication techniques, and research into how to help users maintain strong passwords.

Mark Ciampa, Assistant Professor, Western Kentucky University