DiscoverThe All Things Auth Podcast#005 - Grading How Companies (In)Securely Store Passwords with Michal Špaček of Password Storage
#005 - Grading How Companies (In)Securely Store Passwords with Michal Špaček of Password Storage

#005 - Grading How Companies (In)Securely Store Passwords with Michal Špaček of Password Storage

Update: 2019-08-041
Share

Description

Michal Špaček shares the story of how the Password Storage project has convinced hundreds of companies to publicly disclose their password storage practices and assigned each a grade based on how well they follow best practices.

We discuss hashing algorithms and the technology behind storing passwords securely. Learn why a company who follows the technical best practices might still not earn an A grade if they do not have a public disclosure, or if they rely on an Invisible Disclosure.

We compare the Password Storage project to other fantastic security tools, including SSL Labs and Mozilla Observatory.

Michal outlines how the grading criteria will change in the short term, highlights the desire to get more companies included in the data set, and contemplates how the project will continue to grow over time.

This episode was initially published in August 2019, the 5 year anniversary of Michal’s talk at BSides Las Vegas 2014, which planted the seeds that eventually grew into the Password Storage project. Happy birthday, Password Storage!

Social media & website

Resources mentioned in episode

  • Michal launched Password Storage at BSides Las Vegas in 2016. You can see the slides from his talk here.
  • Bruce K. Marshall is a researcher and consultant dedicated to improving the application of authentication technologies, products, and good practices. He founded PasswordResearch.com to better share the password information he was collecting.
  • Michal’s wrote an article titled “Upgrading existing password hashes” that explains how to gracefully migrate passwords hashed with a legacy algorithm to a secure and modern algorithm.
  • To get your website listed in the Password Storage project, check out the FAQ.


You can find the host of The All Things Auth Podcast on Twitter @conorgil.


Canonical URL: https://allthingsauth.com/podcast/005-michal-spacek-of-password-storage

Comments 
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

#005 - Grading How Companies (In)Securely Store Passwords with Michal Špaček of Password Storage

#005 - Grading How Companies (In)Securely Store Passwords with Michal Špaček of Password Storage

Conor Gilsenan