Webinar: Password policy myths and dead ends

Aika: 13.04.2023 14:00
Kesto: 60 min

The principle of psychological acceptability has been neglected for long in IT in general, and therefore in cyber security as well. However, it gained more and more momentum in the last years: we are not willing to pay just any price anymore for some increase in security.

In this webinar we will break some of the common misconceptions and see some new trends in password management, aligned to the NIST recommendations.

Security needs a preventative mindset. Develop one and make secure coding a second nature!

In this webinar you will learn:

  • About the cat and mouse game of software security
  • Why a lot of developers are doing password management wrong
  • Which password guidelines are actually helpful in practice
  • The best practices to follow when designing your password policy
  • How Cydrill courses can raise your paranoia to a healthy level and can contribute to your code hygiene

Webinar schedule Thu 13.04.2023 14.00-15.00 EET

If you can’t see the video, you can watch it here.


  • Common misconceptions
  • Introduction to software security
    • AppSec: The weakest link in cybersecurity
  • Some common password myths
    • Password policy myth #1: Composition rules
    • Password policy myth #2: Password expiration
    • Password policy myth #3: Password hints and suggestions
    • Password policy myth #4: No restrictions on passwords
  • Managing passwords the right way
    • Password policy
    • NIST authenticator requirements for memorized secrets
    • Password hardening
    • Using passphrases
    • Demo – Password reset weakness
  • Learning how not to code

Webinar speaker

Erno Jeges has been a software developer for 35 years, half of which he has spent writing, and half breaking code. In the last ten years he is focused on teaching developers how not to code. More than 100 classes in 30 countries add to his track record all around the world.

Tieturi’s Secure coding trainings

Information security trainings


Java Information security Secure coding Security Cyber security