Date: Sat, 3 Sep 2016 16:01:28 -0500 From: "Denny O'Breham" <obreham@...il.com> To: passwords@...ts.openwall.com Subject: Authentication process After watching Your Password Complexity Requirements are Worthless - OWASP AppSecUSA 2014 <https://www.youtube.com/watch?v=zUM7i8fsf0g>, I came to the conclusion that user-defined passwords could never be trusted. I'm no expert by any mean on web security, but I keep myself informed. In order to protect the user's passwords from such methods described by Rick Redman, I created this login process <https://github.com/maherbo/easy-random-password-login>. I never seen anything like it and it is really simple, two indications that it is not good. Yet, I cannot find any flaws, maybe because of a lack of knowledge from my part. It does require for the user to use a unique URI to login, but it seems to be a very small constraint compared to the cumbersome password complexity and rotation required by most websites today. Any feedback would be appreciated. Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.