Kevin and James just finished up recording episode 2 of the Professionally Evil Perspective podcast. In this episode there is a brief discussion from Kevin on his experience at RSA and then we start talking about the topic of passwords. Although we are now into 2013, passwords still are a very hot topic. This is seen in the most recent breach that Evernote reported that their user information was accessed.
This episode goes into some helpful tips for both end users and application developers in regards to password use and storage. We also talk briefly about an idea that Troy Hunt mentioned on his blog about requiring companies to identify their password storage techniques on their login forms.
You can download the podcast from ITunes or directly from the Professionally Evil Perspective showpage (http://secureideas.libsyn.com/why-are-passwords-so-difficult). We encourage all feedback and if you have any topics you are interested in, please let us know. You can contact us at firstname.lastname@example.org.
CORRECTION: During the podcast, there was a reference to the FTC forcing Twitter to have penetration tests performed by a third party twice a year for the next ten years. This was incorrect as the FTC is requiring a security audit every two years for the next ten years. We apologize for the inaccuracy. More information can be found at http://www.wired.com/business/2011/03/twitter-feds-lax-security/ regarding the settlement.
James Jardine is a Principal Security Consultant with Secure Ideas.
If you are in need of a penetration test or other security consulting
services you can contact him at email@example.com or visit the Secure Ideas – Professionally Evil site for services provided.