Information in this Chapter
- Understanding Authentication Attacks
- Employing Countermeasures
Passwords remain the most common way for a Web site to have users prove their identity. If you know an account's password, then you must be the owner of the account – so the assumption goes. Passwords represent a necessary evil of Web security. They are necessary, of course, to make sure that our accounts cannot be accessed without this confidential knowledge. Yet, the practice of passwords illuminates the fundamentally insecure nature of the human way of thinking. Passwords can be easy to guess, they might not be changed for years, they might be shared among dozens of Web sites (some secure, some with gaping ...