The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
תוכן מסופק על ידי Adam Tuttle, Ben Nadel, Carol Hamilton, Tim Cunningham, Adam Tuttle, Ben Nadel, Carol Hamilton, and Tim Cunningham. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Adam Tuttle, Ben Nadel, Carol Hamilton, Tim Cunningham, Adam Tuttle, Ben Nadel, Carol Hamilton, and Tim Cunningham או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לWorking Code
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Big tech is transforming every aspect of our world. But how? And at what cost? This season of Land of the Giants – The Twitter Fantasy – will tell the story of Twitter (X) at a crucial moment for the platform, exactly one year after Elon Musk took over. Hosted by Vox senior correspondent Peter Kafka, the four-episode season will survey the company's outsize influence on politics and culture. How did Twitter become the Internet’s town square, for better and for worse? And where is it heading, ...
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
026: Passwords
Manage episode 294511220 series 2847340
תוכן מסופק על ידי Adam Tuttle, Ben Nadel, Carol Hamilton, Tim Cunningham, Adam Tuttle, Ben Nadel, Carol Hamilton, and Tim Cunningham. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Adam Tuttle, Ben Nadel, Carol Hamilton, Tim Cunningham, Adam Tuttle, Ben Nadel, Carol Hamilton, and Tim Cunningham או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
This week, the crew talks about passwords. Web applications store a great deal of sensitive information. But, there is something categorically different about storing passwords. Because—if compromised—a password from one application may grant a malicious actor access to another application. As such, it is essential that we store our customers' passwords using modern, one-way hashing algorithms that protect the underlying payload against increasingly powerful compute resources. And, that we have a way to evolve our password hashing strategies in order to stay a step ahead of potential attackers.
Of course, sometimes the best password hashing strategies is to not store a password at all. Using a "passwordless login" allows you to defer the responsibility of password storage off to another, trusted vendor.
Also, we've been doing this podcast for half-a-year! How awesome is that! Yay for us!
Triumphs & Failures
- Adam's Failure - While Adam has been quite keen on Testing code, he recently ran into a testing scenario that he found very challenging. And, he ended up taking half-a-day to refactor already working code just so that he could add the tests. In the long run, it wasn't a waste of time; but, it was a very humbling experience in the moment.
- Ben's Triumph - After weeks of struggling to debug an authentication issue within a Sketch plug-in, Ben and his team finally figured out what was going wrong! As fate would often have it, Ben was the engineer that originally wrote the problematic code - so, that was unfortunate. But, at least they figured out how to fix the user experience!
- Carol's Failure - Carol has been having trouble walking away from problems even when she feels stuck. So, instead of stepping back and clearing her head, she continues to beat it against the wall (often to no avail). She knows this is counterproductive; but, sometimes she gets lost in the details.
- Tim's Triumph / Failure - Tim finds himself coasting this week. Nothing has been all that note-worthy; either in triumph or in failure.
Notes & Links
- OWASP Password Cheat Sheet - industry standard best practices for storing passwords - covers Argon2, BCrypt, SCrypt, and PBKDF2.
- Have I Been Pwned - a service that tells you if your password has been exposed in a data breach.
- 1Password - the world's most-loved password manager.
- Authy - a user-friendly two-factor authentication app.
- Shibboleth - an identity provider solution.
- OAuth - a standard for granting access to a website or application without having to provide it with your password.
- SAML - a standard for exchanging authentication between parties.
- Diceware - a method for generation secure, random passwords using playing dice.
- NIST Password Guidelines - Auth0 explains new passwords guidelines from NIST.
- Single Sign-On (SSO) - an authentication scheme in which one login grantes access to several, unrelated applications.
- Netlify Identity Management - a solution for user management in a Netlify app.
- Firebase Identity Management - a solution for user management in a Firebase app.
- XKCD: Password Strength - A web comic about how we make passwords hard for people but easy for computers.
Follow the show! Our website is workingcode.dev and we're @WorkingCodePod on Twitter and Instagram. Or, leave us a message at (512) 253-2633 (that's 512-253-CODE). New episodes drop weekly on Wednesday.
And, if you're feeling the love, support us on Patreon.
177 פרקים
שתפו
Manage episode 294511220 series 2847340
תוכן מסופק על ידי Adam Tuttle, Ben Nadel, Carol Hamilton, Tim Cunningham, Adam Tuttle, Ben Nadel, Carol Hamilton, and Tim Cunningham. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Adam Tuttle, Ben Nadel, Carol Hamilton, Tim Cunningham, Adam Tuttle, Ben Nadel, Carol Hamilton, and Tim Cunningham או שותף פלטפורמת הפודקאסט שלו. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
This week, the crew talks about passwords. Web applications store a great deal of sensitive information. But, there is something categorically different about storing passwords. Because—if compromised—a password from one application may grant a malicious actor access to another application. As such, it is essential that we store our customers' passwords using modern, one-way hashing algorithms that protect the underlying payload against increasingly powerful compute resources. And, that we have a way to evolve our password hashing strategies in order to stay a step ahead of potential attackers.
Of course, sometimes the best password hashing strategies is to not store a password at all. Using a "passwordless login" allows you to defer the responsibility of password storage off to another, trusted vendor.
Also, we've been doing this podcast for half-a-year! How awesome is that! Yay for us!
Triumphs & Failures
- Adam's Failure - While Adam has been quite keen on Testing code, he recently ran into a testing scenario that he found very challenging. And, he ended up taking half-a-day to refactor already working code just so that he could add the tests. In the long run, it wasn't a waste of time; but, it was a very humbling experience in the moment.
- Ben's Triumph - After weeks of struggling to debug an authentication issue within a Sketch plug-in, Ben and his team finally figured out what was going wrong! As fate would often have it, Ben was the engineer that originally wrote the problematic code - so, that was unfortunate. But, at least they figured out how to fix the user experience!
- Carol's Failure - Carol has been having trouble walking away from problems even when she feels stuck. So, instead of stepping back and clearing her head, she continues to beat it against the wall (often to no avail). She knows this is counterproductive; but, sometimes she gets lost in the details.
- Tim's Triumph / Failure - Tim finds himself coasting this week. Nothing has been all that note-worthy; either in triumph or in failure.
Notes & Links
- OWASP Password Cheat Sheet - industry standard best practices for storing passwords - covers Argon2, BCrypt, SCrypt, and PBKDF2.
- Have I Been Pwned - a service that tells you if your password has been exposed in a data breach.
- 1Password - the world's most-loved password manager.
- Authy - a user-friendly two-factor authentication app.
- Shibboleth - an identity provider solution.
- OAuth - a standard for granting access to a website or application without having to provide it with your password.
- SAML - a standard for exchanging authentication between parties.
- Diceware - a method for generation secure, random passwords using playing dice.
- NIST Password Guidelines - Auth0 explains new passwords guidelines from NIST.
- Single Sign-On (SSO) - an authentication scheme in which one login grantes access to several, unrelated applications.
- Netlify Identity Management - a solution for user management in a Netlify app.
- Firebase Identity Management - a solution for user management in a Firebase app.
- XKCD: Password Strength - A web comic about how we make passwords hard for people but easy for computers.
Follow the show! Our website is workingcode.dev and we're @WorkingCodePod on Twitter and Instagram. Or, leave us a message at (512) 253-2633 (that's 512-253-CODE). New episodes drop weekly on Wednesday.
And, if you're feeling the love, support us on Patreon.
177 פרקים
כל הפרקים
×
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
דומה לWorking Code
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
We help founders make something people want.
…
continue reading
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Big tech is transforming every aspect of our world. But how? And at what cost? This season of Land of the Giants – The Twitter Fantasy – will tell the story of Twitter (X) at a crucial moment for the platform, exactly one year after Elon Musk took over. Hosted by Vox senior correspondent Peter Kafka, the four-episode season will survey the company's outsize influence on politics and culture. How did Twitter become the Internet’s town square, for better and for worse? And where is it heading, ...
…
continue reading
Discover a whole new take on Artificial Intelligence with Squirro's educational podcast! Join host Lauren Hawker Zafer, a top voice in Artificial Intelligence on LinkedIn, for insightful chats that unravel the fascinating world of tech innovation, use case exploration and AI knowledge. Dive into candid discussions with accomplished industry experts and established academics. With each episode, you'll expand your grasp of cutting-edge technologies and their incredible impact on society, and y ...
…
continue reading
Hungry for Technology Talk? Get All You Can Eat at the Android Buffet
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
