(Almost) everything about passwords that OWASP won't teach you

A session at OWASP Göteborg: Authentication

Tuesday 18th February, 2014

7:10pm to 8:00pm (CET)

OWASP has some wonderful guidelines on sending, storing and resetting passwords. However there are still challenges that cannot be addressed through technical measures, they need to be addressed by humans, and not just developers. Through color & font selections, association elements, password managers, human pattern analysis and more, this talk will discuss what we are still doing wrong, the risks associated with bad passwords, and give some advice on what we need to do in order to improve our online security.

Per Thorsheim is the founder & main organizer of the Passwords conferences (PasswordsCon.org), a conference fully dedicated to passwords & PINs. He's been working, examining, playing, dreaming and discusssing passwords for more than 14 years, and is still going strong. He publicly disclosed the hacking of Linkedin in june 2012, and has been interviewed and quoted around the world on his excessive interest in passwords. During daytime he tries to solve challenges for his customers through security awareness training & security advisory services. Some say he's good at explaining advanced topics to regular humans. He is certified CISA, CISM and CISSP-ISSAP.

About the speaker

This person is speaking at this event.
Per Thorsheim

Stricture Consulting Group, God Praksis AS

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 7:10pm8:00pm CET

Date Tue 18th February 2014

Short URL


View the schedule


See something wrong?

Report an issue with this session