Advice from the National Cyber Security Centre (terrible name, good advice) that stopping pasting passwords is a bad thing and does nothing for security.
Medium have adopted the passwordless login pattern: they will send you a one-time expiring link via email instead of requiring a password. Twitter and Facebook authentication remains and an SMS option is apparently in development.
Single-page site presenting a study into the effects of showing vs masking a password when entering it in an input field. In summary:
Clear text passwords do increase usability, but don’t force the change upon your customers. Offer it as an option and let them use it when they feel comfortable.
Why you should do so (by @lukew)
A ruby library for generating one time passwords (HOTP & TOTP) according to RFC 4226 and RFC 6238
Strong, WPA, WEP, etc. passwords
Ignores l, 1, 0, o, i and Q
Great idea for limiting access attempts using memcached rather than repeated database hits. Suggested use is resisting dictionary password attacks; could also be used for resisting spammers
Jeremy’s crusade against the password anti-pattern continues. I fully agree.
Asking users for their Gmail/Hotmail/Yahoo email and password to find their friends is bad: “it’s a horrible precedent that teaches users to be phished”
Encrypt your passwords or you’re a wally
For when I need to set up my next Mac