Deprecating NTLM is Easy and Other Lies We Tell Ourselves with Steve Syfuhs

<p>Steve Syfuhs, Principal Software Engineer at Microsoft, joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Steve has spent the last decade building secure systems and is working at Microsoft as a Principal Developer. In this episode, Steve, Nic, and Wendy discuss how continually improving hardware allows for faster brute-force attacks, the technical and security aspects of password-based authentication protocols, and why the longevity of password security can be extended through incremental improvements. </p><p> </p><p> </p><p><strong>In This Episode You Will Learn</strong>:    </p><p> </p><ul><li>Technical and security aspects of password-based authentication protocols </li><li>Why passwords should not be the primary authentication mechanism  </li><li>The challenges of making significant changes to long-standing systems </li></ul><p> </p><p><strong>Some Questions We Ask:</strong>    </p><p> </p><ul><li>Why explore secure and user-friendly alternatives like biometrics or hardware keys? </li><li>How quickly can you guess an 8-character password using specialized hardware? </li><li>Will audits within Microsoft help understand and improve NTLM usage and security? </li></ul><p> </p><p><strong>Resources:</strong>  </p><p><a href="https://www.linkedin.com/in/syfuhs/" rel="noopener noreferrer" target="_blank">View Steve Syfuhs on LinkedIn</a> </p><p><a href="https://www.linkedin.com/in/wendyzenone/" rel="noopener noreferrer" target="_blank">View Wendy Zenone on LinkedIn</a> </p><p><a href="https://www.linkedin.com/in/nicfill/" rel="noopener noreferrer" target="_blank">View Nic Fillingham on LinkedIn</a> </p><p> </p><p><strong>Related Microsoft Podcasts:             </strong>    </p><ul><li><a href="https://afternooncybertea.com/" rel="noopener noreferrer" target="_blank">Afternoon Cyber Tea with Ann Johnson</a> </li><li><a href="https://thecyberwire.com/podcasts/uncovering-hidden-risks" rel="noopener noreferrer" target="_blank">Uncovering Hidden Risks</a>    </li><li><a href="https://securityunlockedpodcast.com/" rel="noopener noreferrer" target="_blank">Security Unlocked</a>     </li><li><a href="https://securityunlockedcisoseries.com/" rel="noopener noreferrer" target="_blank">Security Unlocked: CISO Series with Bret Arsenault</a> </li><li><a href="https://shows.acast.com/secure-the-job-breaking-into-security" rel="noopener noreferrer" target="_blank">Secure the Job: Breaking into Security</a> </li><li><a href="https://thecyberwire.com/podcasts/microsoft-threat-intelligence" rel="noopener noreferrer" target="_blank">The Microsoft Threat Intelligence Podcast </a> </li></ul><p> </p><p> </p><p>Discover and follow other Microsoft podcasts at<a href="https://news.microsoft.com/podcasts/" rel="noopener noreferrer" target="_blank"> microsoft.com/podcasts</a>  </p><br /><hr><p style='color:grey; font-size:0.75em;'> Hosted on Acast. See <a style='color:grey;' target='_blank' rel='noopener noreferrer' href='https://acast.com/privacy'>acast.com/privacy</a> for more information.</p>

The BlueHat Podcast · Microsoft