Barry Frost

This is Barry Frost’s personal website.

Tagged #password

What does the NCSC think of password managers?

Spoiler: use them

Building account systems

Advice on dealing with accounts and passwords when building a web app

Understanding one-time passwords

Let them paste passwords

Advice from the National Cyber Security Centre (terrible name, good advice) that stopping pasting passwords is a bad thing and does nothing for security.

Reposted Alastair Campbell Alastair Campbell’s post on Twitter
The UK’s digital security centre recommends *against* forced password expiry, at last someone has said it.…

Password guidance: executive summary - GOV.UK

Signing in to Medium by email

Medium have adopted the passwordless login pattern: they will send you a one-time expiring link via email instead of requiring a password. Twitter and Facebook authentication remains and an SMS option is apparently in development.

Password Masking

Single-page site presenting a study into the effects of showing vs masking a password when entering it in an input field. In summary:

Clear text passwords do increase usability, but don’t force the change upon your customers. Offer it as an option and let them use it when they feel comfortable.

Reposted Alasdair Monk (@almonk) Alasdair Monk (@almonk)’s post on Twitter
I just want to buy a lamp

Showing Passwords on Log-In Screens

Why you should do so (by @lukew)

Ruby One Time Password

A ruby library for generating one time passwords (HOTP & TOTP) according to RFC 4226 and RFC 6238

Random Key Generator

Strong, WPA, WEP, etc. passwords

Random password generator

Ignores l, 1, 0, o, i and Q

Rate limiting with memcached

Great idea for limiting access attempts using memcached rather than repeated database hits. Suggested use is resisting dictionary password attacks; could also be used for resisting spammers

Anti-pattern recognition

Jeremy’s crusade against the password anti-pattern continues. I fully agree.

Ruby password strength calculator

Adactio: Journal - The password anti-pattern

Asking users for their Gmail/Hotmail/Yahoo email and password to find their friends is bad: “it’s a horrible precedent that teaches users to be phished”

Coding Horror: You're Probably Storing Passwords Incorrectly

Encrypt your passwords or you’re a wally

Enabling and using the "root" user in Mac OS X

For when I need to set up my next Mac

Reset a lost OS X password