If there is a more hated, feared, or otherwise misunderstood word associated with information technology than ‘password’, I don’t know it.

My authentication-security baptism occurred in 1982 during my first commercial security project fixing the 30-line password algorithm of ACF2 (SKK, Inc.). Since then, I’ve only gone further down the rabbit hole of this critical area of information security.

Because ACF2 was the leading mainframe security product, and the primary product protecting US and other Western governments, we were heavily involved with trust certifications. These included C2 and B1 levels of assurance documented in the ‘Orange Book’ in the noted ‘Rainbow Series’ from the Department of Defense (DoD).

The ‘Green Book’ in the ...

Get Two-Factor Authentication now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.