How could GitHub improve the password security of its users?
20th November 2013
My answer to How could GitHub improve the password security of its users? on Quora
By doing exactly what they’re doing already: adding more sophisticated rate limiting, and preventing users from using common weak passwords.
Their account security practices are already best-in-industry: they support two-factor authentication and their “Security History” interface at https://github.com/settings/secu... is the best I’ve seen on any website.
The way they store passwords (correctly, using bcrypt) had nothing to do with this particular security incident.
More recent articles
- Weeknotes: datasette-enrichments, datasette-comments, sqlite-chronicle - 8th December 2023
- Datasette Enrichments: a new plugin framework for augmenting your data - 1st December 2023
- llamafile is the new best way to run a LLM on your own computer - 29th November 2023
- Prompt injection explained, November 2023 edition - 27th November 2023
- I'm on the Newsroom Robots podcast, with thoughts on the OpenAI board - 25th November 2023
- Weeknotes: DevDay, GitHub Universe, OpenAI chaos - 22nd November 2023
- Deciphering clues in a news article to understand how it was reported - 22nd November 2023
- Exploring GPTs: ChatGPT in a trench coat? - 15th November 2023
- Financial sustainability for open source projects at GitHub Universe - 10th November 2023
- ospeak: a CLI tool for speaking text in the terminal via OpenAI - 7th November 2023