On storing passwords securely

Fascinating stuff to read if you're in the business of handling login credentials on a server:

Quick thoughts:

  • Don't use the same password everywhere, at the very minimum use a unique one for your online bank account!
  • The exploding trend in social software of asking people for their credentials to check if they've got "friends" around is not just leading to social spam, it's helping phishing as well. Plus having credentials floating in the clear on the cloud from servers to servers doesn't inspire security, does it? Well, when you know it takes only a chocolate bar, what can you do anyway?
  • If a web service you're using is capable of emailing your forgotten password back in the clear (in the clear!), you can only assume that its security is plain crap. The right way should be to reset your password (and only after you've clicked on a link sent to your legitimate email address, or at least some challenge question, so that no one can lock you out by just knowing your login name.)

mensuelles Archives

Recent Entries

  • Steve Jobs

    "Remembering that I’ll be dead soon is the most important tool I’ve ever encountered to help me make the big choices in life. Because...

  • Your privacy on MOTOBLUR by Motorola

    After the Nokia Ovi Store carelessness, it's now Motorola who's allowing strangers to get access to your private information on their MOTOBLUR portal. Exactly like...

  • How to resume a broken ADC download

    (I'm documenting this trick for myself to remember, but it can be useful for others…) Apple, on its Apple Developer Connection site, has a bad...

  • WTF is this ‘myEventWatcherDiv’ doing in my web?

    All of a sudden I started to find the following line in most of the web pages I was browsing, including ones I made where...

  • Your privacy on Nokia Ovi Store

    My friend Adam Greenfield recently complained about the over-engineering culture at Nokia: I was given an NFC phone, and told to tap it against the...