Suggest modification to this talk

Title

Description

The humble password is broken. The internet is littered with poor security practices and password breaches, but the world is not ready to go password free yet. So what can we do to protect our users? Let's take a look at how we currently protect passwords, at what we can throw away from those processes and what we can bring in to help strengthen our users' passwords. We'll investigate the tools, practices and APIs that can help us in this endeavour. Together we can move the world from *password1* to *correct horse battery staple* and beyond!

Phil is a developer evangelist for Twilio and a Google Developer Expert. He's been in the web industry for 10 years building with JavaScript and Ruby. He can be found hanging out at meetups and conferences, playing with new technologies and APIs or writing open source code online. Sometimes he makes his own beer, but he's more likely to be found discovering new ones around the world.

Welcome to the #NoRuKo conference. A virtual unconference organized by Stichting Ruby NL.

#NoRuKo playlist with all talks and panels: https://www.youtube.com/playlist?list=PL9_A7olkztLlmJIAc567KQgKcMi7-qnjg

Recorded 21th of August, 2020.
NoRuKo website: https://noruko.org/
Stichting Ruby NL website: https://rubynl.org/

Date

Summarized using AI?

If this talk's summary was generated by AI, please check this box. A "Summarized using AI" badge will be displayed in the summary tab to indicate that the summary was generated using AI.

Show "Summarized using AI" badge on summary page

Summary

Markdown supported

The video titled **Fantastic Passwords and Where to Find Them**, presented by Phil Nash at the #NoRuKo conference, addresses the fundamental issues surrounding password security in our digital age. Phil, a developer evangelist for Twilio and an expert in web development, discusses the shortcomings of current password practices while suggesting improvements to enhance user security.

### Key Points Discussed:
- **Inadequate Password Practices:**  Phil shares his personal experiences with weak passwords, illustrating how common guidelines can lead users to create easily guessable passwords like 'password1' or 'Logitech1'. 
- **Common Password Patterns:** He highlights a report from the Western Australian government, which showed a significant number of users still choosing weak passwords, emphasizing patterns like time-related phrases and common word combinations, demonstrating that these can be easily exploited by attackers.
- **The Need for Stronger Guidelines:** Phil criticizes outdated password regulations that enforce complex combinations of letters, numbers, and symbols. He argues that these rules actually lead to predictable password choices and highlights the NIST's updated recommendations for longer passphrases of 13 characters or more, including the use of spaces and emojis.
- **Password Managers and Security Measures:** While acknowledging the usefulness of password managers, he notes that many users remain unaware of them and continue to reuse passwords across sites. He advises developers to incorporate these tools into their applications.
- **Implementation Strategies:** Phil suggests developers enforce better password practices in their systems by increasing minimum character requirements and employing libraries like ‘no-password’ and ‘zxcvbn’ to validate password strength proactively.
- **Utilization of APIs like 'Have I Been Pwned':** He promotes the importance of utilizing the 'pwned passwords' API, which can check if passwords have been compromised without exposing them, allowing users to remain secure by preventing the use of known weak passwords.
- **The Importance of Continuous Security Practices:** Phil stresses that protecting user passwords requires ongoing commitment and adaptation of security measures, along with encouraging multi-factor authentication and proactive password monitoring.

### Conclusion:
Phil Nash concludes with a call to action for developers to advocate for better password habits among users, emphasizing the collective responsibility to improve password security. He suggests utilizing available tools to maintain strong security practices. By adapting to newer guidelines and promoting password managers, developers can greatly enhance online security measures.

Overall, the conversation underscores the urgent need for a re-evaluation of how passwords are handled and the necessity of equipping users with effective resources to safeguard their digital identities.

Cancel