APPSEC Cali 2018 - Security After Death -- Not your problem, or is it?


Abstract :
The talk covers practical solutions to storing passwords and secure ways to share those passwords. The solutions range from commercial to open source and even some roll your own.

It will also cover solutions that answer the question; “How do I allow others to access all my password after I am unavailable, incapacitated or dead?”

I will review the current state of password key rings, password managers and vault systems available in commercial and open source forms. I will also talk about why you should be using password managers in your personal life and at your businesses to help manage the security of your passwords, share passwords safely, and how to recover from the unexpected.
Finally I will cover Shamir’s Secret Sharing (SSS) as a solution that can be used to safely share passwords, following a dual control rule, where one shared part cannot be used to recover the password but can be used by t of n trusted persons to recover the password(s) and use SSS to access encrypted data.

by Ty Shipman

Ty Shipman has 30+ years in the computer industry. He started writing games in the 1980’s and now focuses on security and compliance. He co-founded Kagi, an online store that ran for 20+ years. Mostly recently he was the V.P. of Security and Compliance at LoopPay; which was acquired by Samsung in 2015 and was promoted to Director of Security and Compliance at SamsungPay. He holds a B.A. in psychology and quantitative analysis from U.C. Berkeley. When his is not working, he spends time with his family and dogs, manages the family rentals, or chases fish with a spear gun and camera.

Previous Speaking Experience: SCALE 15 -- why everyone should be a PEN tester FIBI -- Lawyers don't play Monopoly -- they hire others. Contract clauses that are missing from your rental contract and how to make more money. 10+ years of technical teaching/stand up for Sun Micro, Oracle, Sybase(SAP) and other companies.

Managed by the official OWASP Media Project

APPSEC Cali 2018 - Security After Death -- Not your problem, or is it? APPSEC Cali 2018 - Security After Death -- Not your problem, or is it? Reviewed by Unknown on March 19, 2018 Rating: 5