Rethinking Passwords

Get the Flash Player to see this video.

Wed Jul 01 22:11:00 EDT 2009

Passwords and PINs are used everywhere these days, but their use is often painful.  Traditional password advice and rules are seldom appropriate for today' s threats, yet we labor with the password rules and servers of yesteryear.  Strong passwords are weakening our security, and it is time to fix that.  There are numerous proposals for new password solutions. I will present a few half - baked ideas.  But there are good solutions available now.  We are facing much more worrisome security challenges : we ought to get this easy stuff right.

Presentation (PDF)


Speaker Photo of Bill Cheswick 75x100

Bill Cheswick logged into his first computer in 1968. Seven years later, he was graduated from Lehigh University in 1975 with a degree resembling Computer Science. Cheswick has worked on (and against) operating system security for over 35 years. He has worked at Lehigh University and the Naval Air Development Center in system software and communications. At the American Newspaper Publishers Association/Research Institute he shared his first patent for a hardware-based spelling checker, a device clearly after its time.

For several years he consulted at a variety of universities doing system management, software development, communications design and installation, PC evaluations, etc.

Ches joined Bell Labs in December 1987, where he became postmaster and firewall administrator and designer. In 1990 he published a paper on firewall design that coined the word "proxy" in its current meaning. He followed this with "An Evening With Berferd", and then the publication of "Firewalls and Internet Security; Repelling the Wily Hacker", co-authored with Steve Bellovin. This book taught Internet security to a generation of administrators. In 1998, Ches started the Internet Mapping Project with Hal Burch. This work became to core technology of a Bell Labs spin-off, Lumeta Corporation. Ches has pinged a US nuclear attack submarine (distance, 66ms).

During his sabbatical over the winter of 2007 he worked on science museum including an upgrade for the Liberty Science Center's digital darkroom.

He joined AT&T Research in Florham Park in April 2007 and is working in security, visualization, user interfaces, and a variety of other things. He is a frequent keynote speaker at securty conferences.

Ches has a wide interest in science and medicine. In his spare time he reads technical journals, hacks on Mythtv and his home, and develops exhibit software for science museums. He eats very plain food---boring by even American standards.

personal page