I just published “Password and Credential Management in 2018
”https://medium.com/p/password-and-credential-management-in-2018-56f43669d588 …
-
-
I totally agree that it's not the same as unique passwords! Looking back this should have been explicitly pointed out in the article! (Unfortunately, I don't want to make edits to the text anymore.) Thanks for the feedback! :)
-
I understand not wanting to make unmarked edits to what's already published. I'd use inline "(Update: ...)" or add more footnotes or add a section with updates/errata.
-
Thanks for the advice! Maybe I'll add an update section later today. A big thank you for your great feedback! Really enjoyed it
End of conversation
New conversation -
-
-
Not criticism: BTW, you actually can enforce a trivial password policy - a blacklist of top N otherwise-most-common and/or leaked passwords - even with this pre-hashing, by similarly pre-hashing that blacklist. A Bloom filter can make the check very fast even for huge blacklists.
-
I have something in the pipeline for this! The next article will cover how to build a Go service, that is able to query the HaveIBeenPwned list. The code will be open sourced - If you're interested subscribe on medium or twitter - I'll share it ASAP! :)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.