Proper authentication to sensitive systems is critical to the protection of information. Unfortunately, traditional password-based authentication mechanisms have proven to be insufficient and are a significant risk to data confidentiality and liability to organizations. The recently published NIST 800-63B, “Digital Identity Guidelines” reinforces this reality and contains standards for organizations to improve their authentication mechanisms while increasing usability.
In this virtual training, Paul Asadoorian and Online Business Systems will discuss password cracking. Paul will provide an overview of Hashcat, while Adam Kehler and Rob Harvey will demonstrate how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. The crew will provide an overview of the authentication practices in organizations by discussing the current state of password-based authentication and illustrate usability recommendations in the NIST 800-63B standards, ultimately improving the strength of authentication systems while improving usability.