Multiple times a month we hear about various technocrimes involving passwords. However this month Daniel LaBarge of Artisans Collaborative (https://artisanscollaborative.com/) will walk through ways to protect passwords by not even transmitting them!
Still not convinced? How about a narrative with bullet points:
While data security and privacy is nothing new, it seems that even modern application developers are still participating in organized server crime. At every level, from personally identifying information, to passwords and banking information, unsuspecting users have their data stored and transmitted over the wire. Even when encrypted, the lack of security and the non-compliance leave security reporters shocked. You've seen too much. It's time for the Password Protection Program to relocate the password out of reach of the server bosses in a safe house on the client.
With your coding skills and the testimony of a key witness PHP demo, we'll bring the whole thing down:
- Let's review best practices for password protection.
- Let's demo the Secure Remote Password (SRP-6a) protocol.
- Let's learn why this 1998 tech is being used by Apple, 1Password, etc.
- Let's explore the future of OPAQUE and SPAKE2+EE.
- Let's talk about how to convince stakeholders it's time for a revamp.
Let's relocate the password to the client: let's get back to being respectable server owners.