Olivia
Online
Password Storage Rating
@PasswordStorage
How securely do they store user passwords & how good are they at letting us know? And how do *you* store passwords? A project by Michal Špaček @spazef0rze
In your questions, asking
Joined February 2018
1 Following
438 Followers
169 Posts
Pinned Tweet
Need to rehash or upgrade existing password hashes? Here's how you should do it, by @spazef0rze: https://t.co/RCRUV3nuDb
@roman3349 Potvrzuju. To už není ani vtipný :-(
"We don't have a password complexity policy. Passwords are encrypted with salt and SHA-256."
-- @Jotform
You don't encrypt passwords for authentication, you hash them. Luckily, SHA-256 is a hashing algorithm 👍 but it's not suitable for passwords 👎
https://t.co/aB9fqvYOQX
The folks behind Slab, the knowledge base & wiki app, created a nice page where they share many security-related things including that they store passwords hashed with bcrypt: https://t.co/ta4uFWwXup Thumbs up for the transparency @slab & for bcrypt too!
https://t.co/6hTaBczWJN
Who to follow
Tekno 
@alhajitekno
[email protected] & [email protected]
Report URI
@reporturi
We're the market leader in browser security technologies, enabling you to detect and mitigate attacks, fast.
Michal Špaček
@spazef0rze
In your web, securing your app. Hacker, webdev, speaker. Security @Shoptet, ex-@reporturi. HTTPS = How To Transfer Private Sh*. Also https://t.co/FaJemVWLCx, https://t.co/claenMAOrC.
"deSEC is a free DNS hosting service, designed with security in mind" (their words) and they use "PBKDF2-based password hashing to secure your sensitive information" (also their words). Nice job @desec_io! (my words this time) 😊 https://t.co/Iw873uGFfb
The company was using unsalted SHA-1 and we migrated to bcrypt (also rehashed existing hashes, see the pinned tweet) and I thought it might be a good idea to tell the world and maybe inspire others to do the same. https://t.co/HO080al5S3
5 years of password hashing disclosures here on Twitter 😅
The project itself was launched in 2016 in this talk at @BSidesLV https://t.co/PfMJgOJNSx (waving at @thorsheim 👋) and the idea itself dates back to 2014 when I gave a talk about improving security at a company I was working for back then.
MangaDex has reached out and asked me to add their password storage disclosure announcement, very cool! Thanks @MangaDexRE & Tristan 👍 They use PBKDF2 now but some records use bcrypt and Argon2id historically.
https://t.co/4X2WdfjINL
OrgPad, a brainstorming tool, is using PBKDF2 with BLAKE2b to hash passwords. They disclose it publicly on their site and here on Twitter too. And they also have @securitytxt 😍 Good job @orgpad_official, thank you! https://t.co/JauFTmSNgl
Unfortunately Czech Railways don't use bcrypt in all their apps. Another app doesn't use hashing at all but instead uses encryption. I really hope they'll start doing what they should and that I'll be able to update the grade soon 🤞 https://t.co/oU6Me3k9Jf
Czech Railways, the largest Czech railway carrier have confirmed (although very unofficially) they use bcrypt for user passwords in one of their apps. Previously, they were using SHA-512 so switching to bcrypt is a very good news & very good job!
https://t.co/rNF96jUwYY
Good job @Vyfakturuj_cz @SimpleShop_cz @redbitcz and thanks for that!
Noted: https://t.co/6TQ8vidS9c
🎉 I am happy to announce the @Vyfakturuj_cz and @SimpleShop_cz apps from @redbitcz team are now hash all user's passwords with the Bcrypt algorithm and fully support future upgrades (rehash).
➡️ @PasswordStorage
@JakubBoucek @Vyfakturuj_cz @SimpleShop_cz @redbitcz Any docs link? I'd like to give you A :-) https://t.co/or2EXdOtKm
@MONETAMoney Thank you and thanks for getting back to me. I've updated the record, nice grade, congrats! :-) https://t.co/wjmADmODta
There's another bank disclosing how they store user passwords. @MONETAMoney says they use Argon2 and they have also included the info in their FAQ! They now score A, good job!
(They even @-me and thanked me 😇)
https://t.co/iXDY7Q6WRh
Bank admits they store passwords encrypted, not hashed, after customers started receiving passwords they created printed out via mail. Not cool @MONETAMoney but at least they say they'll move to hashing eventually. Looking forward to upgrade the score!
https://t.co/iXDY7Q6WRh
@MONETAMoney Previously, the bank admitted they store encrypted but promised to switch to hashing. Nice to see the promised fulfilled in some 3 months, thank you. (You may still see F in the thumbnail here until the cache is refreshed)
https://t.co/jUbr7vZEq4
Bank admits they store passwords encrypted, not hashed, after customers started receiving passwords they created printed out via mail. Not cool @MONETAMoney but at least they say they'll move to hashing eventually. Looking forward to upgrade the score!
https://t.co/iXDY7Q6WRh
There's another bank disclosing how they store user passwords. @MONETAMoney says they use Argon2 and they have also included the info in their FAQ! They now score A, good job!
(They even @-me and thanked me 😇)
https://t.co/iXDY7Q6WRh
@PasswordStorage Hello Michal, as part of our upgrade of Internet Banka, @MONETAMoney uses Argon2 for storing clients’ passwords since April. We disclosed this in FAQs: https://t.co/t3OtaFFKyk. Like @komercka, we’d like to express our appreciation of your work in making internet a better place.
Another company publishing they use bcrypt, cool @agilebase @agileChilli! And even their CTO @okohll DMing me to add them, good job 👍 https://t.co/6jjPLKbZXx
Czech news portal @infocz_web uses bcrypt cost 12 to hash passwords and their Head of Digital and Technology @adent has happily tweeted it himself too. Thank you 👍 https://t.co/YhpTma6LaN
Last Seen Users on Sotwe
راقيه المشاعر
Seen from Oman
Pakistani Gay🇵🇰
Seen from Pakistan
นพดล เศรษฐสิทธิ์
Seen from Thailand
Ze bOy 🏳️🌈 .145k
Seen from Turkey
Alekys Melo
Seen from Brazil
سنكل
Seen from United Arab Emirates
Blackrose88
Seen from South Africa
Tango Live12
ชักว่าวกัน
Seen from Thailand
سهى التعبانة للحصريات 🔥
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers