Passwords are Ubiquitous and the ABSOLUTE worst.

Additional Resources:

Security and Password Policies

• NPM Security Policy
• Good blog post on password policies

Password Managers

• LastPass
• Chrome Password Manager (better than a postit)

QUIZ QUESTION: :

Match some key tasks with areas of the stack to minimize risk

ANSWER CHOICES:

Data In Transit

Storing Passwords

Password Checking on API

Part of the Stack	What You Can Do
Salt and Hash Passwords before storing in database
Give server admin password to junior engineers
Store Plain Text in Database
Transmit over http (non-secure)
Store Plain Text in Text File
Never change your database password
Code Review to Ensure Not Logging Passwords
Send only over HTTPS, TLS/SSL

SOLUTION:

Part of the Stack	What You Can Do
Salt and Hash Passwords before storing in database	Storing Passwords
Code Review to Ensure Not Logging Passwords	Password Checking on API
Send only over HTTPS, TLS/SSL	Data In Transit