Links for Today: Passwords

Today I am reviving an old blogging tradition of posting some interesting or useful links with little or no context. Today's topic: Passwords. 4 fatal flaws in deterministic password managers Sync-less password managers are trending again, Tony Arcieri breaks down some reasons why they suck. NIST's New Password Rules For developers: I pull this article … Continue reading Links for Today: Passwords

Assault on the Hash (or how to make secure your passwords)

In a recent episode of Build & Analyze Marco Armet (creator of Instapaper) explained that the standard practice of salting a hash is no longer a really good way to secure passwords. CPUs (and GPUs) are so fast that they can effectively guess your salt in a reasonable amount of time*. The solution, use bcrypt. … Continue reading Assault on the Hash (or how to make secure your passwords)