Today I am reviving an old blogging tradition of posting some interesting or useful links with little or no context. Today's topic: Passwords. 4 fatal flaws in deterministic password managers Sync-less password managers are trending again, Tony Arcieri breaks down some reasons why they suck. NIST's New Password Rules For developers: I pull this article … Continue reading Links for Today: Passwords
Made my first post over at the company blog. Thought it would only be appropriate to give it some link love over here. My thoughts on the future of password: Rethinking Passwords.
In a recent episode of Build & Analyze Marco Armet (creator of Instapaper) explained that the standard practice of salting a hash is no longer a really good way to secure passwords. CPUs (and GPUs) are so fast that they can effectively guess your salt in a reasonable amount of time*. The solution, use bcrypt. … Continue reading Assault on the Hash (or how to make secure your passwords)
Why won't my bank allow me to use non-alpha-numeric characters in my online banking password?! Don't they want my password to be as secure as possible?