Conversation

Notices

1. Embed this notice
   alcinnz (alcinnz@floss.social)'s status on Thursday, 28-Nov-2024 00:43:44 JST alcinnz

   Beyond Bcrypt - Soatok:
   https://soatok.blog/2024/11/27/beyond-bcrypt/

   • Embed this notice
     alcinnz (alcinnz@floss.social)'s status on Thursday, 28-Nov-2024 04:01:12 JST alcinnz

     • EVERYTHING'S COMPUTER

     @be I like studying the code anyways, & I'm pleased to find most opensource software handling authentication properly!

     Apparently WordPress aside...

   • Embed this notice
     alcinnz (alcinnz@floss.social)'s status on Thursday, 28-Nov-2024 04:34:52 JST alcinnz

     • EVERYTHING'S COMPUTER

     @be We evidently have different standards.

     But by my standards of "do they hash passwords properly", uptake is good!

   • Embed this notice
     EVERYTHING'S COMPUTER (be@floss.social)'s status on Thursday, 28-Nov-2024 04:38:52 JST EVERYTHING'S COMPUTER

     @alcinnz The best way to handle authentication I've found is using the Kanidm identity provider (https://kanidm.com), which encourages passwordless authentication and has no requirement for passwords, TOTP, nor email. It supports passwords and TOTP as fallback authentication methods, but those can be disabled per user group by the system administrator. By default, it requires either Webauthn or a combination of password + TOTP.

   • Embed this notice
     alcinnz (alcinnz@floss.social)'s status on Thursday, 28-Nov-2024 04:38:57 JST alcinnz

     • EVERYTHING'S COMPUTER

     @be Sigh, debates over how to do things better leaves us stuck in the tedious old way!

     At least we've largely minimized the security disaster incurred...