Fantastic passwords and where to find them

Fantastic passwords and where to find them

The humble password is broken. The internet is littered with poor security practices and password breaches, but the world is not ready to go password free yet. So what can we do to protect our users?

Let's take a look at how we currently protect passwords, at what we can throw away from those processes and what we can bring in to strengthen our users' passwords. Together we can move the world from "password1" to "correct horse battery staple" and beyond!

--

Links:

How to Encourage Stronger Passwords: P1e@$e $t0p Using Bad Rules: https://www.twilio.com/blog/2018/05/encourage-stronger-passwords-stop-using-bad-password-rules.html
Round up: Libraries for checking Pwned Passwords in your 7 favorite languages: https://www.twilio.com/blog/2018/06/round-up-libraries-for-checking-pwned-passwords-in-your-7-favorite-languages.html

1,464 Western Australian government officials used ‘Password123’ as their password. Cool, cool: https://www.washingtonpost.com/technology/2018/08/22/western-australian-government-officials-used-password-their-password-cool-cool/?noredirect=on&utm_term=.9e679e8f517a

Packages:

password-validator: https://www.npmjs.com/package/password-validator
zxcvbn: https://www.npmjs.com/package/zxcvbn

@philnash/pwned:
https://www.npmjs.com/package/@philnash/pwned
https://github.com/philnash/pwned.js

Other pwned password libraries:
hibp: https://www.npmjs.com/package/hibp
pwnedpasswords: https://www.npmjs.com/package/pwnedpasswords
pwned-pw: https://www.npmjs.com/package/pwned-pw

8ec1383b240b5ba15ffb9743fceb3c0e?s=128

Phil Nash

June 06, 2019
Tweet