tuwort spezial #8: Das Passwort

Intro: Audioclip aus dem Film „WarGames“ (1983)

Tobias Dussa

• Beschreibung Arbeitsbereich Cyber Threat Intelligence bei DFN CERT
• LinkedIn-Profil

Geschichte des Passworts und grundlegende Funktionen

• Lennon, Brian. Passwords: Philology, Security, Authentication. Cambridge, Massachusetts ; London, England: The Belknap Press of Harvard University Press, 2018.
• Buch der Richter, Kapitel 12

Arten von Passwörtern, Komplexitätsregeln, randomisierte vs. nicht-randomisierte Passwörter

• Burnett, M., & Kleiman, D. (2006). Perfect passwords: Selection, protection, authentication. Syngress Publ.

Passwort Hashing und Cracking

• Netmux (Ed.). (2017). Hash crack: Password cracking manual (V2.0). Netmux.

Passwort vs. Passphrase

• Bonneau, J., & Shutova, E. (2012). Linguistic Properties of Multi-word Passphrases. In J. Blyth, S. Dietrich, & L. J. Camp (Eds.), Financial Cryptography and Data Security (Vol. 7398, pp. 1–12). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-34638-5_1
• XKCD – CorrectHorseBatteryStaple: https://m.xkcd.com/936/

Kulturalität von Passwörtern

• AlSabah, M., Oligeri, G., & Riley, R. (2018). Your culture is in your password: An analysis of a demographically-diverse password dataset. Computers & Security, 77, 427–441. https://doi.org/10.1016/j.cose.2018.03.014
• Yang, Cheng, Jui‐long Hung, and Zhangxi Lin. “An Analysis View on Password Patterns of Chinese Internet Users.” Nankai Business Review International 4, no. 1 (March 1, 2013): 66–77. https://doi.org/10.1108/20408741311303887
• Maoneke, P. B., Flowerday, S., & Isabirye, N. (2018). The Influence of Native Language on Password Composition and Security: A Socioculture Theoretical View. In L. J. Janczewski & M. Kutyłowski (Eds.), ICT Systems Security and Privacy Protection (Vol. 529, pp. 33–46). Springer International Publishing. https://doi.org/10.1007/978-3-319-99828-2_3
• Veras, R., Collins, C., & Thorpe, J. (2021). A Large-Scale Analysis of the Semantic Password Model and Linguistic Patterns in Passwords. ACM Transactions on Privacy and Security, 24(3), 1–21. https://doi.org/10.1145/3448608

Good Practice: Generieren, memorieren und aufbewahren von Passwörtern

• NIST-Passwortrichtlinien
• Murray, H., & Malone, D. (2017). Evaluating password advice. 2017 28th Irish Signals and Systems Conference (ISSC), 1–6. https://doi.org/10.1109/ISSC.2017.7983609
• Gerlitz, E., Häring, M., & Smith, M. (2021). Please do not use !?_ or your License Plate Number: Analyzing Password Policies in German Companies. In S. Chiasson (Ed.), Seventeenth Symposium on Usable Privacy and Security, SOUPS 2021, August 8-10, 2021 (pp. 17–36). USENIX Association. https://www.usenix.org/conference/soups2021/presentation/gerlitz / https://www.usenix.org/system/files/soups2021-gerlitz.pdf
• Passwort-Generator am KIT: https://www.cert.kit.edu/passwordGenerator/, Offline-Version: https://gitlab.kit.edu/kit/kit-cert/tools/passwordgenerator
• Passwortmanager pass (https://www.passwordstore.org/)
• Passwortmanager KeePass (https://keepass.info/)

Alternative Authentifizierungsmethoden

• Dasgupta, D., Roy, A., & Nag, A. (2017). Advances in User Authentication. Springer International Publishing. https://doi.org/10.1007/978-3-319-58808-7

Spaß mit Passwörtern

• Komplexitätsregeln: https://neal.fun/password-game/
• Social Engineering: https://gandalf.lakera.ai

Musik

• Musik Intro: „Tech Talk“ von Jason Shaw, CC BY 4.0: https://freemusicarchive.org/music/Jason_Shaw/Audionautix_Tech_Urban_Dance/TU-TechTalk
• Musik Outro: „Machine Language“ von Mystery Mammal, CC BY 4.0: https://freemusicarchive.org/music/Mystery_Mammal/Wonders_Of_Modern_Technology/Mystery_Mammal_-_08_-_Machine_Language/