How could GitHub improve the password security of its users?
20th November 2013
My answer to How could GitHub improve the password security of its users? on Quora
By doing exactly what they’re doing already: adding more sophisticated rate limiting, and preventing users from using common weak passwords.
Their account security practices are already best-in-industry: they support two-factor authentication and their “Security History” interface at https://github.com/settings/secu... is the best I’ve seen on any website.
The way they store passwords (correctly, using bcrypt) had nothing to do with this particular security incident.
More recent articles
- The new GPT-5.6 family: Luna, Terra, Sol - 9th July 2026
- sqlite-utils 4.0, now with database schema migrations - 7th July 2026
- sqlite-utils 4.0rc2, mostly written by Claude Fable (for about $149.25) - 5th July 2026