Bad passwords SOUPS 2016 Tutorial: An Introduction to Password Cracking and Research on Passwords

This tutorial provides a gentle introduction to password cracking and recent research on passwords from the usable-security perspective. We do not expect attendees to have any prior experience conducting passwords research. We highly encourage participation from students and other relatively new members of SOUPS community, as well as veteran SOUPS attendees who may be starting to think about passwords research. Although the session will focus on text passwords, we will touch on the overall authentication ecosystem (e.g., biometric authentication, 2FA, single-sign-on systems). The tutorial includes hands-on training in password analysis tools.

Tutorial leaders:

This will be a half-day tutorial in the morning of June 22, the first day of SOUPS 2016. We will be in Denver Ballroom 5-6. We strongly encourage participants to bring a laptop computer so you can participate in the password-cracking contest, described below.

Tutorial schedule:
The tutorial will consist of three sessions, as below. Our presentation slides, including a literature review, are available.

Session 1 (8:30 to 10):


Session 2 (10:30-11:10): Session 3 (11:10-12:10): Password-cracking contest (Hashcat tutorial, word lists, other utilities to get you started, and our final scoreboard)

We hope you decide to join us in Denver! Please email the tutorial organizers, Blase (blase at blaseur dot com) and Michelle (mmazurek at cs dot umd dot edu), if you have any questions.