We see a lot of common mistakes in password security. From storing plaintext passwords (IEEE) to not salting user passwords (LinkedIn) to using insufficient hashing algorithms like SHA-1.
In this video, Les covers the five levels of password security, starting with basic best practices for developers, like password hashing and salts, digest authentication and preferred hashing algorithms.
He also explains some of the more difficult advanced techniques we use at Stormpath, including encryption, iteration and distributed storage. He discusses how Stormpath evades common password security holes and popular attack vectors, and manages the backend maintenance of identity and user management.
Les Hazlewood is CTO of Stormpath and PMC Chair for Apache Shiro, a leading application security framework for Java.