Simon Willison’s Weblog

Subscribe

How could GitHub improve the password security of its users?

20th November 2013

My answer to How could GitHub improve the password security of its users? on Quora

By doing exactly what they’re doing already: adding more sophisticated rate limiting, and preventing users from using common weak passwords.

Their account security practices are already best-in-industry: they support two-factor authentication and their “Security History” interface at https://github.com/settings/secu... is the best I’ve seen on any website.

The way they store passwords (correctly, using bcrypt) had nothing to do with this particular security incident.

Posted 20th November 2013 at 5:50 pm · Follow me on Mastodon or Twitter or subscribe to my newsletter

More recent articles

This is How could GitHub improve the password security of its users? by Simon Willison, posted on 20th November 2013.

Next: Is there anyway to game unique link verifications?  Like when you get sent a link of the form https:/........com/UID=TYYN04001 How would one change the digits to reproduce another working link?

Previous: In which case have you seen a non-tech sole founder rise to build a sustainable great company without a tech co-founder? How can this work? What are the steps/advice you would give to the non-tech founder?