This week, the crew talks about passwords. Web applications store a great deal of sensitive information. But, there is something categorically different about storing passwords. Because - if compromised - a password from one application may grant a malicious actor access to another application. As such, it is essential that we store our customers' passwords using modern, one-way hashing algorithms that protect the underlying payload against increasingly powerful compute resources. And, that we have a way to evolve our password hashing strategies in order to stay a step ahead of potential attackers.
Of course, sometimes the best password hashing strategy is to not store a password at all. Using a "passwordless login" allows you to pass the responsibility of password storage off to another, trusted vendor.
Also, we've been doing this podcast for half-a-year! How awesome is that! Yay for us!
Listen to Episode 026, with:
- Adam Tuttle → Website, Twitter, LinkedIn
- Carol Hamilton → Twitter, LinkedIn
- Tim Cunningham → Twitter, LinkedIn
- Ben Nadel (that's me) → Website, Twitter, LinkedIn
For the full show notes and links, visit the episode page. And, be sure to follow the show! Our website is workingcode.dev and we're @WorkingCodePod on Twitter and Instagram. Or, leave us a message at (512) 253-2633 (that's 512-253-CODE). New episodes drop weekly on Wednesday.