What would fix passwords? Some weekly password audits. Pretty graphs to prove it! (A Haiku) presented at BSidesLasVegas 2015

by Dale Corpron, Rick Redman,

Summary : KoreLogic will demonstrate how one enterprise was able to dramatically minimize their risk posed by password cracking attacks -- from 85% cracked down to only 50% cracked -- through regular password auditing.

Rick Redman: During his 12 years as a security practitioner, Rick has delivered numerous application and network penetration tests for a wide range of Fortune 500 and government clients. He serves as KoreLogic's subject matter expert in advanced password cracking systems and coordinated the "Crack Me if You Can" Contest at DEFCON 2010. Additionally, Rick presents at a variety of security forums such as the Techno-Security Conference, ISSA Chapters, BSides, and AHA (Austin Hackers Anonymous). Rick's john.pot file is 10 million lines long, with 1.15 million unique NTLM passes from Fortune 500 internal active directories, and over 750,000 UNIX DES passwords (not including Gawker).