Did a talk about implementing password security right last night at Five Minutes of Fame.
If you don't want to go through the slides, here's the TL;DR version:
TL;DR User Security
- Use a password manager like LastPass or 1Password (with Dropbox) and use their password generation.
- If no manager available (routers, OS logins, etc), use pass phrases with non-English words or acronyms (see xkcd)
- Assume sites get compromised all the time and you never hear about it. NEVER reuse a password.
- If you're at a coffee shop or hackerspace, use a public VPN service.
- OAuth / Twitter / Facebook based authentication is putting your auth credentials in their hands.
TL;DR Encryption Security
- Use bcrypt. Bounce up the factor every few years.
- Do not limit password field length. (bcrypt takes up to 55 bytes of input.)
- Run a JS password tester to reject weak passwords.
- Run a password cracker regularly to test your security.
- Suggest to your users that they use passphrases with acronyms, punctuation or LOLspeak.
- Generate random passwords for your users.
- Consider removing password masking.
TL;DR Operational Security
- Use HTTPS for both rendering and submitting login page.
- Show Cain and Abel video to everyone you work with.
- Use HSTS headers with HTTPS.
- Use Synchronizer Token to prevent CSRF attacks (or use a decent web framework).
- Use a captcha / throttle on password attempts.
- Use double validation for registering accounts (register sends email, clicking email link heads back to site).
- Use one time use password reset links.
- Send email notifications on password change attempts.
- Add Honeypot Logins.
- Use login token IDs with hidden check bits and math invariants that indicate tampering.
- Implement a secret in the session management system to keep state on the client and verify it on server interaction for better session authentication.
OWASP also has cheat sheets which look useful if you're putting a site together. It still disturbs me how freaking MANUAL so much of this is, but I suppose web frameworks can't do everything for you. There are some options if you're on Rails.
It was a surprisingly tough talk to give. At first I was like, "lol, look at all the companies with crappy security", but it's a murky field in general. For example, the XKCD cartoon about passphrases is missing the problem that most people type passphrases in standard English, and only use about two thousand words in general conversation. It may look like there's more entropy generated, but if your attackers know that your customers use passphrases, you may have just made their jobs much easier.
Also, brute force cracking is surprisingly effective. MD5 and the SHA-* algorithms are inappropriate because GPUs chew through them very quickly, but the newer FPGA chips can do a reasonable implementation of bcrypt in hardware. It's an issue that computers are fast, but a bigger problem is that they just keep getting faster.
The biggest thing has to be to not let your users pick crappy passwords. Even if you have bcrypt with all the factors, if your users are entering "12345" as the password, it's not going to make a difference.