Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 3 Sep 2016 16:01:28 -0500
From: "Denny O'Breham" <>
Subject: Authentication process

After watching Your Password Complexity Requirements are Worthless - OWASP
AppSecUSA 2014 <>, I came to the
conclusion that user-defined passwords could never be trusted.

I'm no expert by any mean on web security, but I keep myself informed.  In
order to protect the user's passwords from such methods described by Rick
Redman, I created this login process
<>.  I never seen
anything like it and it is really simple, two indications that it is not
good.  Yet, I cannot find any flaws, maybe because of a lack of knowledge
from my part.

It does require for the user to use a unique URI to login, but it seems to
be a very small constraint compared to the cumbersome password complexity
and rotation required by most websites today.

Any feedback would be appreciated.

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.