Password and credential theft continues to be a huge issue for organizations of all sizes who have to think not only about individual users being phished but also hackers stealing passwords wholesale from repositories within company databases. Most businesses are notoriously behind in implementing the latest cryptographic hashing technology that protects passwords in the database. A number of experts are putting together a new Password Hashing Competition that they hope will spur researchers to develop a more elegant, yet secure, alternative to what exists today.
Meanwhile, researchers from Accuvant Labs will build on last year's release of the Pass The Hash tool, which automates the process of conducting an attack against Windows authentication methods and makes it possible to log in using an encrypted hash of a password rather than the password itself.. This year's talk will discuss some of the weaknesses of Microsoft's countermeasures to the attack, which were introduced on the heels of the tool's launch.
Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio