Password Security During Reset Process

I wanted to share this article about websites/applications’ password reset process by Troy Hunt. It has a ton of information and examples of how to securely store passwords (with encryption and 1-way hashing), what username enumeration is, what a persistent password is, the purpose of CAPTCHAs, secret questions, etc. On […]