DeepSec 2021 Talk: Releasing The Cracken – A Data Driven Approach for Password Generation – Or Safran & Shmuel Amar
By now, it should be well known that passwords are like underwear, they should be changed often, the longer the better and it’s better not to leave them lying around. While the big players advocating for passwordless authentication, passwords are still the most common authentication method. In the wild, we’ve seen thousands of organizations experiencing password spraying and bruteforce attacks on their users. Although MFA should mitigate some of the threats, it’s still not implemented on all protocols and in some cases was bypassed by security flaws in the IDP. In this talk, we’ll present a new concept for password security – smartlists, built on a new data driven approach that utilizes recent advancements in NLP. Together with this talk, we are proud to release a new FOSS tool that makes these new concepts