BSidesLV 2015 has ended
Back To Schedule
Wednesday, August 5 • 10:30 - 10:55
I Forgot My Password

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Users often forget their passwords, so applications often must have a password reset mechanism. There are several options for how to do it; some of them are good, most of them not so good. Generate a password and send it in an email? No. Security questions? No way. Reset passwords via a phone call? Rather not. This talk presents some really creative examples of botched password reset implementations, as well as a proven method for resetting passwords securely.

avatar for Michal Špaček

Michal Špaček

Michal, aka spazef0rze, is an application security engineer who's on a mission to show developers how & why to write secure code, and is the discoverer of the PHP "md5(QNKCDZO)" bug. Michal has worked for small and big, local and multinational, and is currently freelancing.

Wednesday August 5, 2015 10:30 - 10:55 PDT
Passwords Tuscany

Attendees (2)