[Owasp-leaders] Another take on Passwords

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Thu Jan 22 09:39:46 EST 2009

We can find lots of stuff on weak passwords and stuff about rainbow
tables which begs several questions.

1. Should OWASP have some "project" that is a UI component that will
allow a user to tell the strength of chosen password (I think Yahoo does
something similar but could be better)

2. I would argue that weak passwords is less of a problem that weak
password reset routines. Think about how easy it was for some Yahoo's to
jack Sarah Palin's email. There is no sound guidance on developing reset
mechanisms of any credibility. FYI. This is what I am noodling today as
part of my day job

3. Why are we still using passwords to protect web applications. How
come the OWASP crowd isn't backing federated identity, Cardspace, etc?
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090122/e539041d/attachment.html 

More information about the OWASP-Leaders mailing list