How to store passwords — example in Go by Eamonn McEvoy

“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.” – Kevin Mitnick What is the weakest link in the security chain? Humans, of course. It seems that every few weeks another story hits the news about a data breach; leaked by a disgruntled employee, theft of a laptop, or socially engineered access to a company’s database. A few million passwords here, few million passwords there… assume that the super secret P@ssw0rd protecting your sensitive data will be leaked! With the use of an appropriate hashing strategy we can prevent hackers from accessing passwords, even after a data breach has occurred. I will outline some of the flawed approaches to password storage, then I will describe how you should really do it. (or watch this video from the excellent youtube channel computerphile....