ImpediMed’s CEO Rick Carreon, updates the Morgan’s network on its operational progress

Password Portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts

Dinei Florêncio and Cormac Herley, Microsoft Research; Paul C. van Oorschot, Carleton University

We explore how to manage a portfolio of passwords. We review why mandating exclusively strong passwords with no re-use gives users an impossible task as portfolio size grows. We find that approaches justified by loss-minimization alone, and those that ignore important attack vectors (e.g., vectors exploiting re-use), are amenable to analysis but unrealistic. In contrast, we propose, model and analyze portfolio management under a realistic attack suite, with an objective function costing both loss and user effort. Our findings directly challenge accepted wisdom and conventional advice. We find, for example, that a portfolio strategy ruling out weak passwords or password re-use is sub-optimal. We give an optimal solution for how to group accounts for re-use, and model-based principles for portfolio management.

View the full USENIX Security ’14 program at https://www.usenix.org/conference/usenixsecurity14/technical-sessions

ArmorCode CTO/Co-founder Anant Misra and VP of Marketing LingRaj Patil steal the show for our big #20. We’re joined by Snapdocs Director of Product Security Russell Ragar on a guided tour through his vast experience and learnings as a tech security professional. On our journey: discussions on managing software acquisitions, hallmarks of a great AppSec program, and what factors motivated the Snapdocs team’s decision to choose ArmorCode’s platform for their ASPM needs, scanning tool data consolidation, and security program scalability.
_________________________________________________________________________________
������������ ����

www.armorcode.com
LinkedIn: https://www.linkedin.com/company/armorcode
Twitter: https://twitter.com/code_armor
_________________________________________________________________________________
�������� �������� ������������������

The AppSecOps Blog: https://www.armorcode.com/blogs ��
ArmorCode News: https://www.armorcode.com/news ��
Resources: https://www.armorcode.com/resources ��
_________________________________________________________________________________
���������� ������������������

What is AppSecOps? https://www.armorcode.com/what-is-appsecops

The State of AppSecOps Report: https://www.armorcode.com/state-of-appsecops-2022

AppSecOps Research from Enterprise Strategy Group: https://www.armorcode.com/esg-appsecops-showcase
_________________________________________________________________________________
���������� ������������������

We built the world’s first and leading AppSecOps platform to bring our customers AppSec success, along with the expertise, support, and community they need to thrive. ArmorCode customers transform their application security programs using our platform for AppSec Posture, Vulnerability, and Compliance Management and DevSecOps workflow automation.

Request a Demo: https://www.armorcode.com/request-a-demo

Equity and community engagement are the cornerstones of the American Rescue Plan Act (ARPA). For Southern states that suffer some of the greatest economic disparities due to the high concentrations of vulnerable populations, this is a chance to build infrastructure, services, and practices that will provide lasting change.
The Southern Economic Advancement Project (SEAP) provides a bridge between the federal requirements and local government execution. In coordination with Southern nonprofits and community leaders, SEAP conducts surveys, creates toolkits, and offers reporting templates to help local governments navigate ARPA implementation. During this session, a SEAP-moderated panel featuring partners in our work, attendees will learn how we combined lessons from technology implementation, data sharing, and community engagement campaigns to develop resources and facilitate knowledge sharing throughout the South.

This virtual breakout session was presented at Code for America Summit 2022 in the People Power + Community track.
https://summit.codeforamerica.org/

To enable auto-generated closed captioning, click the “CC” icon at the bottom or top of the video.