[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 3 Sep 2016 16:01:28 -0500
From: "Denny O'Breham" <obreham@...il.com>
To: passwords@...ts.openwall.com
Subject: Authentication process
After watching Your Password Complexity Requirements are Worthless - OWASP
AppSecUSA 2014 <https://www.youtube.com/watch?v=zUM7i8fsf0g>, I came to the
conclusion that user-defined passwords could never be trusted.
I'm no expert by any mean on web security, but I keep myself informed. In
order to protect the user's passwords from such methods described by Rick
Redman, I created this login process
<https://github.com/maherbo/easy-random-password-login>. I never seen
anything like it and it is really simple, two indications that it is not
good. Yet, I cannot find any flaws, maybe because of a lack of knowledge
from my part.
It does require for the user to use a unique URI to login, but it seems to
be a very small constraint compared to the cumbersome password complexity
and rotation required by most websites today.
Any feedback would be appreciated.
Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
