Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 3 Sep 2016 16:01:28 -0500
From: "Denny O'Breham" <obreham@...il.com>
To: passwords@...ts.openwall.com
Subject: Authentication process

After watching Your Password Complexity Requirements are Worthless - OWASP
AppSecUSA 2014 <https://www.youtube.com/watch?v=zUM7i8fsf0g>, I came to the
conclusion that user-defined passwords could never be trusted.

I'm no expert by any mean on web security, but I keep myself informed.  In
order to protect the user's passwords from such methods described by Rick
Redman, I created this login process
<https://github.com/maherbo/easy-random-password-login>.  I never seen
anything like it and it is really simple, two indications that it is not
good.  Yet, I cannot find any flaws, maybe because of a lack of knowledge
from my part.

It does require for the user to use a unique URI to login, but it seems to
be a very small constraint compared to the cumbersome password complexity
and rotation required by most websites today.

Any feedback would be appreciated.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ