Browsed by
Tag: security

password security standards
Password security standards

Password security standards

Comments 1 comment

Some time ago I was looking for the current password security standards to design a good and safe solution according to nowadays recommendations. I was very surprised, that some of them are in conflict with each other. That’s why I decided to prepare a short summary of password security standards from the most popular global standards. There are presented the following standards: OWASP, OWASP ASVS, NIST, PCI-DSS and ISO 27001 with my comments. OWASP Do do not truncate passwords. Make…

Read More Read More

Secure way to create change email process

Secure way to create change email process

Comments 0 Comment

Some time ago I faced a challenge to design secure method for change email process in our authentication service. Every system has an user and usually uses the email address as a login to the systems. Moreover, they use email address for the purpose of communication with the end user. Even if we had an artificial login name in system, we should still care about the way, how we communicate with the user. Additionally systems use email address for forget…

Read More Read More