094: Disagree And CommitShow Details52min 18s
093: Sounds Easy! Sure Isn'tShow Details50min 58s
092: The Power of NoShow Details52min 24s
091: Side Project TherapyShow Details51min 41s
090: Passion Projects and Beer Money - Side HustlesShow Details1hr 4min
089: What Makes a Good Roadmap?Show Details1hr 2min
088: //todo: documentationShow Details58min 45s
087: Note To Self v0.2.0Show Details53min 1s
086: The Working Code TestShow Details1hr 21min
085: Shipping ComplexityShow Details1hr 1min
084: The Architectural Support Team with Jason HenriksenShow Details48min 56s
083: Alternate TimelinesShow Details39min 46s
082: GitHub Copilot - Is It Worth It?Show Details54min 37s
081: Total RandosShow Details47min 8s
080: Other Duties As AssignedShow Details48min 20s
079: Potluck #5Show Details59min 47s
078: UX - Pushing Users Into The Pit of SuccessShow Details59min 29s
077: Mid-Manager BluesShow Details44min 6s
076: Ben Needs A MinuteShow Details57min 39s
075: What Problem Does This Solve?Show Details49min 27s
074: What's On Your Workbench?Show Details58min 19s
073: Our Golden ParachuteShow Details37min 2s
072: Too Many HatsShow Details57min 31s
071: Potluck #4Show Details1hr
070: Self ReflectionsShow Details44min
069: Now I'm Catching EventsShow Details38min 27s
068: Hire Women, Inspire WomenShow Details1hr
067: We Have Feelings On LoggingShow Details38min 41s
066: Make Meetings Suck LessShow Details46min 58s
065: TDD In the Trenches with Scott StrozShow Details41min 47s
064: Should I Stay Or Should I Go?Show Details40min 9s
063: Nobody Makes It Out Alive!Show Details33min 20s
062: Note To SelfShow Details1hr 8min
061: Software Is For PeopleShow Details51min 11s
060: Technical DebtShow Details1hr
059: Everything Old Is New AgainShow Details54min 45s
058: Do 10x Developers Exist?Show Details53min 27s
057: Goals for 2022Show Details54min 40s
056: Best of 2021Show Details1hr 8min
055: Sales FailsShow Details50min 25s
054: We're So QuackedShow Details41min 41s
053: Product Management with Adam LehmanShow Details39min 18s
052: Starting Your Own Business, with Steve RittlerShow Details1hr 15min
051: You Are ReplaceableShow Details36min 31s
050: Where Do You See Yourself in 5 Years?Show Details52min 49s
049: Revisiting Replatforming - There Is No Correct AnswerShow Details49min 31s
048: // TODO: Microwave ToDo ListShow Details56min 17s
047: Email Ruins EverythingShow Details56min 2s
046: Secrets Management vs. Premature OptimizationShow Details44min 15s
045B: The AftershowShow Details24min 43s
045: Join Our DiscordShow Details10min 57s
044: Facebook's No Good Very Bad WeekShow Details55min 5s
043: Relay Race ProgrammingShow Details50min 8s
042: Potluck #3Show Details51min 53s
040: Automaticity Is a Weird WordShow Details41min 59s
039: Ben's Future at InVisionShow Details51min 54s
038: Holding Developers AccountableShow Details57min 54s
037: Brian Klaas Talks CloudShow Details1hr 17min
036: Blogs and Digital GardensShow Details58min 32s
035: Being a Swamp GuideShow Details47min 39s
034: Some of My Best Friends Are React Developers!Show Details44min 18s
033: Software PatentsShow Details42min 35s
032: What Comes After Senior Developer?Show Details49min 52s
031: To The Cloud! But Why?Show Details1hr 1min
030: Carol's Consult Catch-Up ConversationShow Details48min 34s
029: Potluck #2Show Details46min 8s
028: Buy vs. DIYShow Details47min 30s
027: Giving Technical PresentationsShow Details34min 15s
026: PasswordsHide Details59min 6s
59min 6sPublished Jun 9, 2021 at 11:00am
This week, the crew talks about passwords. Web applications store a great deal of sensitive information. But, there is something categorically different about storing passwords. Because—if compromised—a password from one application may grant a malicious actor access to another application. As such, it is essential that we store our customers' passwords using modern, one-way hashing algorithms that protect the underlying payload against increasingly powerful compute resources. And, that we have a way to evolve our password hashing strategies in order to stay a step ahead of potential attackers.
Of course, sometimes the best password hashing strategies is to not store a password at all. Using a "passwordless login" allows you to defer the responsibility of password storage off to another, trusted vendor.
Also, we've been doing this podcast for half-a-year! How awesome is that! Yay for us!
Triumphs & Failures
- Adam's Failure - While Adam has been quite keen on Testing code, he recently ran into a testing scenario that he found very challenging. And, he ended up taking half-a-day to refactor already working code just so that he could add the tests. In the long run, it wasn't a waste of time; but, it was a very humbling experience in the moment.
- Ben's Triumph - After weeks of struggling to debug an authentication issue within a Sketch plug-in, Ben and his team finally figured out what was going wrong! As fate would often have it, Ben was the engineer that originally wrote the problematic code - so, that was unfortunate. But, at least they figured out how to fix the user experience!
- Carol's Failure - Carol has been having trouble walking away from problems even when she feels stuck. So, instead of stepping back and clearing her head, she continues to beat it against the wall (often to no avail). She knows this is counterproductive; but, sometimes she gets lost in the details.
- Tim's Triumph / Failure - Tim finds himself coasting this week. Nothing has been all that note-worthy; either in triumph or in failure.
Notes & Links
- OWASP Password Cheat Sheet - industry standard best practices for storing passwords - covers Argon2, BCrypt, SCrypt, and PBKDF2.
- Have I Been Pwned - a service that tells you if your password has been exposed in a data breach.
- 1Password - the world's most-loved password manager.
- Authy - a user-friendly two-factor authentication app.
- Shibboleth - an identity provider solution.
- OAuth - a standard for granting access to a website or application without having to provide it with your password.
- SAML - a standard for exchanging authentication between parties.
- Diceware - a method for generation secure, random passwords using playing dice.
- NIST Password Guidelines - Auth0 explains new passwords guidelines from NIST.
- Single Sign-On (SSO) - an authentication scheme in which one login grantes access to several, unrelated applications.
- Netlify Identity Management - a solution for user management in a Netlify app.
- Firebase Identity Management - a solution for user management in a Firebase app.
- XKCD: Password Strength - A web comic about how we make passwords hard for people but easy for computers.
Follow the show! Our website is workingcode.dev and we're @WorkingCodePod on Twitter and Instagram. Or, leave us a message at (512) 253-2633 (that's 512-253-CODE). New episodes drop weekly on Wednesday.
And, if you're feeling the love, support us on Patreon.
025: Breaking Up With Your StackShow Details1hr 1min
024: The Archetype of an Effective DeveloperShow Details1hr 25min
023: Book Club #1 Clean Code by "Uncle Bob" Martin (pt2)Show Details1hr 6min
022: Book Club #1 Clean Code by "Uncle Bob" Martin (pt1)Show Details1hr 11min
021: Listener Questions #2Show Details1hr 21min
020: Carol Needs a ConsultShow Details58min 15s
019: MakefilesShow Details1hr 15min
018: Feature Flags (Finally!)Show Details1hr 25min
017: Premature OptimizationShow Details53min 47s
016: InterviewingShow Details1hr 16min
015: Potluck #1Show Details1hr 22min
014: Zen and the Art of Pull RequestsShow Details1hr 12min
013: Do What You Love And You'll Never Work A Day In Your LifeShow Details46min 51s
012: Idiomatic CodeShow Details42min 3s
011: Listener Questions #1Show Details1hr 10min
010: ScalingShow Details1hr 9min
009: TestingShow Details58min 13s
008: Origin Stories Pt 2Show Details1hr 11min
007: Origin Stories Pt 1Show Details58min 5s
006: Hopes for 2021Show Details57min 13s
005: Monolith vs. MicroservicesShow Details42min 44s
004: Impostor SyndromeShow Details1hr 18min
003: Burnout, Mental Exhaustion, and ProductivityShow Details1hr 4min
002: Working from homeShow Details54min 24s
001: Adam's Secret ShameShow Details1hr 8min
000: Hello, World!Show Details8min 4s