Does your website store account passwords correctly? Would you tell everyone on the Internet how you do it? Would you? I explain why you should and how to get an A+ grade from my Password Storage project.

This is a story of how the Password Storage project has convinced companies to publicly disclose their password storage practices and assigned each a grade based on how well they follow best practices of not just hashing but also disclosing the info.

I launched Password Storage at BSides Las Vegas in 2016. You can see the slides from the talk and the video here.

If you know you need to up your hashing game, you can follow my article titled Upgrading existing password hashes that explains how to gracefully migrate passwords hashed with a legacy algorithm to a secure one.

You can also follow the project on Twitter, or check out the FAQ to see how to get listed (please do!)

Date and for whom

August 1, 2019, All Things Auth Podcast

Interview detail

Interview detail on the web

Recording

https://cdn.transistor.fm/file/transistor/m/shows/2609/07f9824acd7e8c496c9e316f19399d4c.mp3