Highload++ 2018: Make Passwords Great Again!

Highload++ 2018: Make Passwords Great Again!

Alexey Ermishkin — November 5th, 2018

This week, Virgil Security will continue the Virgil World Tour at Highload++ 2018, the annual conference for leading developers of high-performance systems supporting millions of users simultaneously. The agenda will be packed with sessions on the critical components of web development, including large scale architectures, databases and storage systems, system administration, load testing, project maintenance, etc.

And what is the primary vulnerability for these systems? Passwords.

That’s why I’ll be giving a talk entitled “Make passwords great again! How to defeat brute force and leave hackers with nothing.”

It seems that the only sure things in life are death, taxes, and "123456" as your users' favorite password. Attempts to force your users to use stronger passwords are futile.

100% of the time, database hacks are able to retrieve and/or crack the majority of user passwords, even if hashing and salting is used. And slowing down the hashing with the help of modern algorithms ends up affecting the performance of the backend. Just enter your email address at https://haveibeenpwned.com and, most likely, it will be listed in one of the hacked databases.

But thankfully science does not stand still, and now there are solutions to protect against weak passwords and stolen data. Your users won’t even need to change their passwords if there’s a breach.

In my talk, we will cover everything from passwords to modern constructions which leave hackers empty-handed. We will also learn how to integrate them seamlessly into our architecture so that users even won't notice anything.

Join me in the Singapore Hall on November 8th at 10 AM.

Details here in Russian. (For English or other languages, please use your preferred online translator.) Livestreaming is also available for registered subscribers through the Highload++ conference.

Alexey Ermishkin is Chief Product Security Officer at Virgil Security and co-author of the NoiseSocket protocol. Find him on Twitter at @NoiseSocket.

Virgil Security, Inc. enables developers to eliminate passwords & encrypt everything, in hours, without having to become security experts. Learn more at www.VirgilSecurity.com.