{"id":27803,"date":"2017-07-26T12:21:55","date_gmt":"2017-07-26T10:21:55","guid":{"rendered":"https:\/\/mamchenkov.net\/wordpress\/?p=27803"},"modified":"2017-07-26T12:21:55","modified_gmt":"2017-07-26T10:21:55","slug":"passwords-evolved-authentication-guidance-for-the-modern-era","status":"publish","type":"post","link":"https:\/\/mamchenkov.net\/wordpress\/2017\/07\/26\/passwords-evolved-authentication-guidance-for-the-modern-era\/","title":{"rendered":"Passwords Evolved: Authentication Guidance for the Modern Era"},"content":{"rendered":"<!-- google_ad_section_start -->\n<p><a href=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/07\/password.jpg?ssl=1\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" data-attachment-id=\"27804\" data-permalink=\"https:\/\/mamchenkov.net\/wordpress\/2017\/07\/26\/passwords-evolved-authentication-guidance-for-the-modern-era\/password\/\" data-orig-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/07\/password.jpg?fit=698%2C188&amp;ssl=1\" data-orig-size=\"698,188\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"password\" data-image-description=\"\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/07\/password.jpg?fit=660%2C178&amp;ssl=1\" class=\"aligncenter size-medium wp-image-27804\" src=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/07\/password-500x135.jpg?resize=500%2C135&#038;ssl=1\" alt=\"\" width=\"500\" height=\"135\" srcset=\"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/07\/password.jpg?resize=500%2C135&amp;ssl=1 500w, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/07\/password.jpg?w=698&amp;ssl=1 698w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/a><\/p>\n<p>&#8220;<a href=\"https:\/\/www.troyhunt.com\/passwords-evolved-authentication-guidance-for-the-modern-era\/\">Passwords Evolved: Authentication Guidance for the Modern Era<\/a>&#8221; is a good collection of guidelines and concerns for password management in the modern day.<\/p>\n<blockquote><p>Here&#8217;s the bigger picture of what all this guidance from governments and tech companies alike is recognising: security is increasingly about a composition of controls which when combined, improve the overall security posture of a service. What you&#8217;ll see across this post is a collection of recommendations which all help contribute to a more robust solution by virtue of complimenting one and other. That may mean that individual recommendations such as dropping complexity requirements look odd, but when you consider the way humans tended to deal with that (they&#8217;d just choose bad passwords with a combination of character types) alongside guidance such as blocking previously breached passwords, things start to make a lot more sense.<\/p>\n<p>Now there&#8217;s just one more thing: as good as all this guidance is, practically implementing it can be somewhat trickier.<\/p><\/blockquote>\n<!-- google_ad_section_end -->\n","protected":false},"excerpt":{"rendered":"<!-- google_ad_section_start -->\n<p>&#8220;Passwords Evolved: Authentication Guidance for the Modern Era&#8221; is a good collection of guidelines and concerns for password management in the modern day. Here&#8217;s the bigger picture of what all this guidance from governments and tech companies alike is recognising: security is increasingly about a composition of controls which when combined, improve the overall security &hellip; <a href=\"https:\/\/mamchenkov.net\/wordpress\/2017\/07\/26\/passwords-evolved-authentication-guidance-for-the-modern-era\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Passwords Evolved: Authentication Guidance for the Modern Era<\/span><\/a><\/p>\n<!-- google_ad_section_end -->\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Passwords Evolved: Authentication Guidance for the Modern Era #WebDev #security","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"_links_to":"","_links_to_target":""},"categories":[1,18,133,62,1334],"tags":[3069,200,1330],"keyring_services":[],"class_list":["post-27803","post","type-post","status-publish","format-standard","hentry","category-general","category-programming","category-sysadmin","category-technology","category-web-work","tag-best-practices","tag-security","tag-web-development"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack-related-posts":[{"id":29111,"url":"https:\/\/mamchenkov.net\/wordpress\/2018\/12\/19\/beyond-passwords-2fa-u2f-and-google-advanced-protection\/","url_meta":{"origin":27803,"position":0},"title":"Beyond Passwords: 2FA, U2F and Google Advanced Protection","author":"Leonid Mamchenkov","date":"December 19, 2018","format":false,"excerpt":"\"Beyond Passwords: 2FA, U2F and Google Advanced Protection\" is a rather lengthy, but insightful article on the subject of 2-factor authentication, multi-factor authentication, and other related options.\u00a0 It nicely explains which option is which and how it works, as well as clears a lot of confusion between these terms. The\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2018\/12\/Inserting-the-first-key-1.jpg?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":16995,"url":"https:\/\/mamchenkov.net\/wordpress\/2012\/12\/07\/the-passwords-are-officially-obsolete\/","url_meta":{"origin":27803,"position":1},"title":"The passwords are officially obsolete","author":"Leonid Mamchenkov","date":"December 7, 2012","format":false,"excerpt":"Slashdot is reporting the story: a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney's system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":18004,"url":"https:\/\/mamchenkov.net\/wordpress\/2013\/04\/14\/wordpress-passwords-and-brute-force\/","url_meta":{"origin":27803,"position":2},"title":"WordPress passwords and brute force","author":"Leonid Mamchenkov","date":"April 14, 2013","format":"link","excerpt":"WordPress passwords and brute force From the man himself: Here\u2019s what I would recommend: If you still use \u201cadmin\u201d as a username on your blog, change it, use a strong password, if you\u2019re on WP.com turn on two-factor authentication, and of course make sure you\u2019re up-to-date on the latest version\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":22389,"url":"https:\/\/mamchenkov.net\/wordpress\/2014\/08\/15\/tek-security-groups-password-repository\/","url_meta":{"origin":27803,"position":3},"title":"Tek Security Group&#8217;s Password Repository","author":"Leonid Mamchenkov","date":"August 15, 2014","format":"link","excerpt":"Tek Security Group's Password Repository In this repository you will find helpful authentication brute forcing files. These files include known password defaults, usernames, common and specialized dictionaries, etc.","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":17884,"url":"https:\/\/mamchenkov.net\/wordpress\/2013\/03\/14\/ssh-dynamic-black-list\/","url_meta":{"origin":27803,"position":4},"title":"SSH dynamic black list","author":"Leonid Mamchenkov","date":"March 14, 2013","format":false,"excerpt":"Slashdot runs the post on how bots are now trying higher ports for SSH password guessing. \u00a0This is not a problem for those who do key-based authentication, but for those who have to have password authentication enabled, there is plenty of good advice in the comments to the post. \u00a0One\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":27644,"url":"https:\/\/mamchenkov.net\/wordpress\/2017\/05\/29\/web-developer-security-checklist\/","url_meta":{"origin":27803,"position":5},"title":"Web Developer Security Checklist","author":"Leonid Mamchenkov","date":"May 29, 2017","format":false,"excerpt":"Web Developer Security Checklist is a good collection of security issues to keep in mind when building web applications. \u00a0Not much new in there, but it's nice to have all of these conveniently gathered in one place. \u00a0All items are grouped into a few sections - database, development, authentication, denial\u2026","rel":"","context":"In &quot;All&quot;","block_context":{"text":"All","link":"https:\/\/mamchenkov.net\/wordpress\/category\/general\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/mamchenkov.net\/wordpress\/wp-content\/uploads\/2017\/05\/checklist-500x428.jpeg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/27803","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/comments?post=27803"}],"version-history":[{"count":0,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/posts\/27803\/revisions"}],"wp:attachment":[{"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/media?parent=27803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/categories?post=27803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/tags?post=27803"},{"taxonomy":"keyring_services","embeddable":true,"href":"https:\/\/mamchenkov.net\/wordpress\/wp-json\/wp\/v2\/keyring_services?post=27803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}