Explore advanced password recovery techniques and modern mitigation strategies in this conference talk from DerbyCon 3.0. Delve into recent enterprise password failures, the historic password problem, and how modern passwords work. Learn about password complexity, length, and common compromise methods. Discover how to obtain and dump Windows credentials into password cracking programs. Examine inherent password problems, recovery sequencing, and various attack dynamics including dictionary and brute force methods. Understand how to reduce key space complexity and implement the "Wheel of Fortune" recovery methodology. Compare presumed vs. guaranteed key space complexity and evaluate brute force password resistance. Gain insights on establishing multiple passwords, considering password vault services, and implementing effective solutions such as salting and encrypting stored credentials. Explore compromise detection strategies and strong multi-factor authentication types. Analyze the differences between 2-step and 2-factor authentication, comparing hard and soft tokens. Investigate 2FA application development and contemplate the future of two-factor authentication in this comprehensive exploration of password security. Read more