https://wiki.owasp.org/index.php?action=history&feed=atom&title=H1._Protect_your_secretsH1. Protect your secrets - Revision history2026-04-13T01:06:25ZRevision history for this page on the wikiMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=H1._Protect_your_secrets&diff=233998&oldid=prevTgbenson at 20:54, 2 October 20172017-10-02T20:54:13Z<p></p>
<table class="diff diff-contentalign-left" data-mw="interface">
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;' lang='en'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 20:54, 2 October 2017</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1" >Line 1:</td>
<td colspan="2" class="diff-lineno">Line 1:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;"></del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div><del style="font-weight: bold; text-decoration: none;">'''H1. Protect your secrets'''</del></div></td><td colspan="2"> </td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''Description:''' Passwords are a shared secret between a user and the system providing access and the most common way to authenticate to systems, applications, and services. Authentication is how a person or system proves their identity. Three methods of authentication are: provide something you know, something you have, or something you are. Passwords fulfill the first condition, something you know. People and systems authenticate by providing something only they know, therefore proving their identity. Weak password handling vulnerabilities are weaknesses in the handling, storage, and use of passwords. Many sites use security questions such as asking for your mother’s maiden name when you want to reset a forgotten password. This practice has the problem that it often relies on easily guessable information and more importantly this cannot be changed if a data breach at a provider happens.</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>'''Description:''' Passwords are a shared secret between a user and the system providing access and the most common way to authenticate to systems, applications, and services. Authentication is how a person or system proves their identity. Three methods of authentication are: provide something you know, something you have, or something you are. Passwords fulfill the first condition, something you know. People and systems authenticate by providing something only they know, therefore proving their identity. Weak password handling vulnerabilities are weaknesses in the handling, storage, and use of passwords. Many sites use security questions such as asking for your mother’s maiden name when you want to reset a forgotten password. This practice has the problem that it often relies on easily guessable information and more importantly this cannot be changed if a data breach at a provider happens.</div></td></tr>
</table>Tgbensonhttps://wiki.owasp.org/index.php?title=H1._Protect_your_secrets&diff=233987&oldid=prevTgbenson: Created page with " '''H1. Protect your secrets''' '''Description:''' Passwords are a shared secret between a user and the system providing access and the most common way to authenticate to sy..."2017-10-02T20:47:42Z<p>Created page with " '''H1. Protect your secrets''' '''Description:''' Passwords are a shared secret between a user and the system providing access and the most common way to authenticate to sy..."</p>
<p><b>New page</b></p><div><br />
<br />
'''H1. Protect your secrets'''<br />
<br />
'''Description:''' Passwords are a shared secret between a user and the system providing access and the most common way to authenticate to systems, applications, and services. Authentication is how a person or system proves their identity. Three methods of authentication are: provide something you know, something you have, or something you are. Passwords fulfill the first condition, something you know. People and systems authenticate by providing something only they know, therefore proving their identity. Weak password handling vulnerabilities are weaknesses in the handling, storage, and use of passwords. Many sites use security questions such as asking for your mother’s maiden name when you want to reset a forgotten password. This practice has the problem that it often relies on easily guessable information and more importantly this cannot be changed if a data breach at a provider happens.<br />
<br />
'''Threats:''' The exposure of passwords through mishandling or improper storage could allow discovery and use by attackers to access online services or data.<br />
<br />
'''Impact:''' Weak password handling can result in the unauthorized access and compromise of data or systems.<br />
<br />
'''Recommendations:'''<br />
<br />
Consumers should focus on:<br />
<br />
1. Use different passwords for each site<br />
2. Use long passwords not based on a dictionary word<br />
3. Don’t share your password<br />
<br />
Tech-savvy users should also:<br />
<br />
1. Use a password manager<br />
2. Enable 2-factor authentication<br />
3. Select fake and/or random answers for security questions<br />
<br />
'''Example:''' Using an easily guessed password, such as ‘Password’ on your email account would allow an attacker to access your email. Even if it is not an account you actively used, it may be used by accounts for password resets or as backup recovery emails. It could also be used to send email from an attacker under your name.</div>Tgbenson