Rethinking Passwords
- 14:00 25th November 2016 ( week 7, Michaelmas Term 2016 )Tony Hoare Room, Robert Hooke Building
There is an authentication plague upon the land. We have to claim and assert our identity repeatedly to a host of authentication trolls, each jealously guarding an Internet service whose importance to us varies widely. Each troll has varying rules for password complexity, and these rules are often incompatible with each other.
This dog's breakfast of authentication rules grow from password advice given at the dawn of the Internet, but is now hopelessly inappropriate. There are many proposed solutions: pass faces, pass gestures, pass artwork, devices, biometrics, etc. All these have their problems, so the eye-of-newt password rules persist.
I will discuss various solutions that can get us out of this swamp. Including my recent explorations of trying to remember strong keys.
Speaker bio
Bill Cheswick logged into his first computer in 1968. He has been programming and working for (and against) computer security ever since.After graduating from Lehigh University in 1975, he worked as a system programmer for several years. He first connected to ARPAnet in 1985, and joined Bell Labs in 1987. At Bell Labs he worked on early firewall designs, especially application-level gateways. His first firewall paper described a circuit-level gateway that predated SOCKS by several years, and coined the word “proxy” as it is currently used. The popular Berferd paper was an early exploration of honeypots—that paper first used jail in its current software usage. With Steve Bellovin, Ches set up one of the first “packet telescopes” which captured and analyzed stray Internet packets. They wrote and patented the first DNS proxy.
Steve and Ches published Firewalls and Internet Security: Repelling the Wily Hacker in 1994. This was the first full book on the subject, and sold over 100,000 copies in a dozen languages. This book trained a generation of new security experts. The second edition was published in 2003 with the help of Avi Rubin. Ches worked on corporate and Internet mapping in the late 1990s with Hal Burch, creating dramatic and popular Internet maps that still appear in publications and talks today. He used this mapping technology to explore wartime damage in Serbia in 1999, and other connectivity questions since then.
He has pinged a US attack sub, the SSN Hawaii. Distance: 66ms.
In 2000, he left Bell Labs and co-founded Lumeta to commercialize the mapping technology. These products have been useful in exploring and auditing government and corporate networks. In 2006 he left Lumeta and joined AT&T Shannon Lab where he worked on security, visualization, and user interfaces. He earned several patents (now over a dozen) in visualization and authentication, including a new way to see a movie, and slow movies. He left AT&T in 2012.
Ches "retired" in 2012: it is not likely to last. He is a Visiting Scholar at the University of Pennsylvania where he hangs out and occasionally teaches classes. He hacks his farm in in Flemington, NJ, and supports his wife Lorette as she raises bees and plants, does botanical research. He consults, flies drones, tries to keep up in science, technology, and medicine, experiments with iOS apps, and is learning digital signal processing by processing recordings of thousands of passing trains.
He continues to serve on program committees, attend conferences, and give invited talks world-wide.
Share this:
