You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Researchers asked 43 freelance developers to code the user registration for a web app and assessed how they implemented password storage. 26 devs initially chose to leave passwords as plaintext. [PDF] https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf …
Those devs were then asked to rewrite their code to 'store passwords securely.' Overall here are the methods of password storage chosen by the developers: 8 - Base64 3 - AES 3 - 3DES 10 - MD5 1 - SHA-1 5 - SHA-256 5 - PBKDF2 7 - Bcrypt 1 - HMAC/SHA1
Base64 is not a 'secure' solution, but some devs seemed to think so, with one saying "it is very tough to decrypt." Only 3 devs implemented salting along with MD5, SHA-1, SHA256, HMAC-SHA1.
At least 16 participants did search for and copy the password hashing code from an online source. Although half of these still resulted in the use of MD5 or a similar poor choice.
If you are looking for better guidance on developing password storage solutions I'd recommend starting with the OWASP Password Storage Cheat Sheet https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Password_Storage_Cheat_Sheet.md …
What about the 17 devs who didn't initially choose plaintext? Did they do better with their initial choice than the plaintext devs did with their second choice?
The researchers did compare them and said they didn't find a statistically significant difference. 5 of the 17 devs who initially chose something other than plaintext used Base64 compared with the 3 Base64 choosing devs who were prompted to implement password security, etc.
Where were they based and how many studied CS and when did they study?
The paper talks a bit more about the experience levels of the dev participants, but I don't recall them asking about formal education. However, this was prompted by a previous study of CS students where they likewise didn't store passwords properly in their test apps.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
