There's been a seismic shift in password guidance. NIST says no complexity, no forced change. PCI DSS 4.0 is not yet published but it’s anticipated that authentication requirements are evolving. The hardware and software improvements in hashing arising from crypto-currency mining put increased pressure on storing a password securely. Memory-hard hashing methods are one defense to off-line hash attacks. And then there are those who advocate getting rid of passwords. The speakers will provide guidance on: syntax, management, and strengthening secure storage of passwords; where DSS 4.0 might be going; and purported password replacements. They will describe how memory-hard hashing works.