How Developers got Password Security so Wrong
The text discusses the importance of authentication in both real life and online scenarios. It highlights that passwords are a common method for authentication but often stored insecurely or set weakly by users. Despite this, no viable alternative has been developed to replace password security. Cryptographic hashing is mentioned as a way to store passwords securely, with algorithms like Argon2, BCrypt, and PBKDF2 being used to prevent Rainbow Table attacks. However, salting alone is not enough to protect against modern GPUs that can crack passwords quickly. The text also discusses the problem of credential stuffing, where users reuse passwords across multiple sites, making it easier for attackers to gain access to important information. To fix this issue, three things need to be done: improving user decisions through good UX, enhancing developer education on security, and eliminating password reuse by blocking the use of commonly used or compromised passwords. The text also provides tips on how users can secure themselves, such as using a password manager and enabling two-factor authentication.
Company
Cloudflare
Date published
Feb. 21, 2018
Author(s)
Junade Ali
Word count
1476
Hacker News points
None found.
Language
English