Deprecating NTLM is Easy and Other Lies We Tell Ourselves with Steve Syfuhs

Steve Syfuhs, Principal Software Engineer at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Steve has spent the last decade building secure systems and is working at Microsoft as a Principal Developer. In this episode, Steve, Nic, and Wendy discuss how continually improving hardware allows for faster brute-force attacks, the technical and security aspects of password-based authentication protocols, and why the longevity of password security can be extended through incremental improvements.      In This Episode You Will Learn:       Technical and security aspects of password-based authentication protocols  Why passwords should not be the primary authentication mechanism   The challenges of making significant changes to long-standing systems    Some Questions We Ask:       Why explore secure and user-friendly alternatives like biometrics or hardware keys?  How quickly can you guess an 8-character password using specialized hardware?  Will audits within Microsoft help understand and improve NTLM usage and security?    Resources:   View Steve Syfuhs on LinkedIn  View Wendy Zenone on LinkedIn  View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:                  Afternoon Cyber Tea with Ann Johnson  Uncovering Hidden Risks     Security Unlocked      Security Unlocked: CISO Series with Bret Arsenault  Secure the Job: Breaking into Security  The Microsoft Threat Intelligence Podcast       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Hosted on Acast. See acast.com/privacy for more information.