Why I Canceled my RSA Presentation

I was ecstatic when RSA contacted me to let me know that my presentation “Crunching the Top 10,000 Websites’ Password Policies and Controls” was accepted for the RSA Conference 2013. This was the first time I’d submitted to RSA so I was honored. Unfortunately I chose to cancel the presentation earlier this week. I’d like to explan why. But first, here’s the abstract:

Website authentication systems are constantly under attack, resulting in disclosure of password databases, compromise of accounts and exposure of sensitive data. This session will discuss a project to gather, assess and rate password policies and controls from the top 10,000 websites (according to Alexa Traffic Rank) by leveraging community volunteers and Amazon Mechanical Turk.

The project relied on a large number of other individuals to gather data which I aggregated for analysis. In January I discovered that some of the data was inaccurate. I was not particularly concerned since that was a tradeoff of the data collection method for a subset of the data and long term I had a mechanism to flag which data had and had not been validated. I began my analysis and then checked some more of the data and discovered even more invalid data and determined the percentage of data that was likely bad was at an unacceptable level. At that point I became concerned that the results of the analysis might be substantially off. I discussed with one of the RSA staff and I proposed taking a few more days to see if I could work on identifying the bad data, recollecting it, and analyzing the results. Ultimately there just wasn’t enough time. As a result I let RSA know earlier this week that I’d need to cancel the talk.

I could have given it, but the analysis would have been light and I believe that the talk would not have met the expectations of attendees. I am continuing the research and it will be presented at a future date. Apologies to RSA and conference attendees.

You can leave a response, or trackback from your own site.

One Response to “Why I Canceled my RSA Presentation”

  1. Cindy Jones says:

    Kudos to you for maintaining the integrity of the research.

Leave a Reply

Follow me on Twitter!Follow me on Twitter! Subscribe to RSS Feed Follow me on Twitter!