Melvin's digital garden

How developers got password security so wrong

[2017-11-18 Sat 14:18:49] event: GeekCampSG speaker: Junade Ali

passwords introduces in 1961 for MIT timesharing system

password requirements doesn’t prevent reuse of password or use of personal information

password expiration policies do more harm than good (GCHQ)

rate limit/captcha abusive password login

eliminating resuse of breached passwords

  • block users from signing up with breached passwords

Links to this note