Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CADRhWrA2MFX+MKTxz07eMwi++gqc10pruBTZ01s7BEitjUQFcg@mail.gmail.com>
Date: Sat, 3 Sep 2016 16:01:28 -0500
From: "Denny O'Breham" <obreham@...il.com>
To: passwords@...ts.openwall.com
Subject: Authentication process

After watching Your Password Complexity Requirements are Worthless - OWASP
AppSecUSA 2014 <https://www.youtube.com/watch?v=zUM7i8fsf0g>, I came to the
conclusion that user-defined passwords could never be trusted.

I'm no expert by any mean on web security, but I keep myself informed.  In
order to protect the user's passwords from such methods described by Rick
Redman, I created this login process
<https://github.com/maherbo/easy-random-password-login>.  I never seen
anything like it and it is really simple, two indications that it is not
good.  Yet, I cannot find any flaws, maybe because of a lack of knowledge
from my part.

It does require for the user to use a unique URI to login, but it seems to
be a very small constraint compared to the cumbersome password complexity
and rotation required by most websites today.

Any feedback would be appreciated.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.