Security is complex and for many software professionals an incredibly intimidating task that is easy to just ignore as a problem "outside the scope of requirements". This guide is for the developer who doesn't want to spend a lifetime wading through cryptographic algorithms and complicated explanations of arcane system administration topics to tackle software security.

To help ensure stronger password security, leading organizations have published clear criteria to discourage users from selecting easy to guess passwords. We have assembled those criteria into one checklist of key password recommendations to help you evaluate and improve your own password policies.

More credential databases are stolen every year. Many include passwords stored in plain text, while others are one-way hashed. One-way hashing is better, but it is only as secure as is mathematically feasible. Let's take a look at one-way hashing algorithms and how computers handle them.

How can you prevent breached and common passwords from being used in your application? Performing breached password detection on your user accounts can help keep them safe without causing them hassle.

This article will break down some of the essential steps developers need to take to maintain a secure authentication system. Some of these can be automated, while others are processes that will require work across departments, but all these will increase the security of your auth system.