Your Password Complexity Requirements are Worthless - OWASP AppSecUSA 2014

Recorded at AppSecUSA 2014 in Denver Thursday, September 18 • 2:00pm - 2:45pm Your Password Complexity Requirements are Worthless If you think password hashes are safe in a database, you are wrong. If you think users choose good passwords, you are wrong. If you think you KNOW what makes up a good password, you are wrong. If you think that password complexity allows forces users to create stronger passwords, you are wrong. If you think password strength meters force users to cre