├── README.md
├── assets
    ├── Pass-Logo-128-Orange.png
    └── Pass-Logo-128.png
└── learn
    └── en.md


/README.md:
--------------------------------------------------------------------------------
 1 | [![Password world logo](assets/Pass-Logo-128-Orange.png)](https://github.com/MHM5000/pass)
 2 | ---
 3 | 
 4 | **Go ahead and [Learn](/learn/) everything you need to know about passwords in your language**
 5 | 
 6 | ## What is this?
 7 | 
 8 | Developers, designers and common people have different kind of concerns when it comes to Passwords. This repo will help you to achieve what you need in this area.
 9 | 
10 | ## What will it be?
11 | 
12 | This repo could become something more than a simple Markdown storage of how passwords should be handled. You can make different algorithms for different parts of this repo or even make a ```handle-password``` file in your preferred programming language.
13 | 
14 | ### How to Share
15 | + [Share on Twitter](http://twitter.com/home?status=https://github.com/MHM5000/pass)
16 | + [Share on Facebook](http://www.facebook.com/sharer/sharer.php?s=100&p[url]=https://github.com/MHM5000/pass&p[images][0]=https://github.com/MHM5000/pass/raw/master/assets/Pass-Logo-128-Orange.png&p[title]=How%20to%20deal%20with%Passwords&p[summary]=)
17 | + [Share on Google Plus](https://plus.google.com/share?url=https://github.com/MHM5000/pass)
18 | + [Share on LinkedIn](http://www.linkedin.com/shareArticle?mini=true&url=https://github.com/MHM5000/pass&title=How%20to%20deal%20with%Passwords&summary=&source=)
19 | 
20 | 
21 | ## Contribution
22 | 
23 | + Translation : All you need is [basic knowledge](http://try.github.io/) of working with github and 2 languages(if one of them is English, I'll be more happy) to strat translating/correcting. Make sure you follow [ISO 639](https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes).
24 | 
25 | + Documents : You have to have a working knowledge of how computers work. Maybe a little Cryptography, Algorithm, etc.. Or a link to a great description(video, audio, document) about passwords.
26 | 
27 | + A class or function in your preferred language that can be used as a perfect Password Checker.
28 | 


--------------------------------------------------------------------------------
/assets/Pass-Logo-128-Orange.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MHM5000/pass/ddcd57fff3d266287cb555db97c9236572b1d22a/assets/Pass-Logo-128-Orange.png


--------------------------------------------------------------------------------
/assets/Pass-Logo-128.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/MHM5000/pass/ddcd57fff3d266287cb555db97c9236572b1d22a/assets/Pass-Logo-128.png


--------------------------------------------------------------------------------
/learn/en.md:
--------------------------------------------------------------------------------
 1 | # Passwords
 2 | 
 3 | ## For Developers
 4 | 
 5 | + Never store the password itself.
 6 | + Force users to choose a longer password, not a difficult to remember password -> [xkcd.com/936/](http://xkcd.com/936/)
 7 | + Ask your users to change their password according to importance of their account / your site on a yearly/quarterly/monthly basis.
 8 | + Use HTTPS at least for Login/Signup/Reset and related pages.
 9 | + Never send plain password of users to their email.
10 | + Double check ```chmod``` of your files and folders.
11 | + Your partner(designer) will use the same validation as you, but with javascript. You should run the server-side validation, too. You [can't trust](https://en.wikipedia.org/wiki/User_agent#User_agent_spoofing) user-agent.
12 | + Use [strong](#for-everybody) passwords for accessing the developping land! After all you are an important person.
13 | + Use hash functions, not encryption functions. They aren't safe.
14 |     + ```bcrypt``` -> [How to safely store a password](http://codahale.com/how-to-safely-store-a-password/) / Also read [this](http://security.stackexchange.com/questions/4781/do-any-security-experts-recommend-bcrypt-for-password-storage)
15 |     + ```scrypt```
16 | + Create delays:
17 |     + Add punishment! If a user can't login after trying 20 times(It depends on importance of your system), punish them for about an hour or like that...
18 |     + Force a delay for each login, like 5 seconds. Users won't feel it, but an Attacker 
19 | + Don't allow these in Password:
20 |     + common passwords (```apple```, ```password```, ```aaaaaaaaaaa```, etc.)
21 |     + U+0000 (Null)
22 |     + U+202e -> [explainxkcd.com](http://www.explainxkcd.com/wiki/index.php/1137:_RTL)
23 |     + Depending to if you have character limits(ASCII,...) [don't allow other Unicodes](http://security.stackexchange.com/questions/5694/why-limit-passwords-to-ascii-printable-characters), too.
24 | + You can provide a third thing:
25 |     + Use 2 factor Auth (SMS)
26 |     + Second password (pass1, pass2)
27 |     + Second username (known_username = what others see, unknown_username = for login)
28 |     + Login with email (which you'll stop user from sharing that email in site -> It looks like paranoia, but some systems may need such a thing!)
29 | 
30 | ## For Designers
31 | 
32 | + Although there is a backend for validation, Javascript could do it's job and disable submit button until there is valid password. But don't worry. Backend would do it's job anyway.
33 | + Make the validation [inline](http://www.goodui.org/index_b.html#33).
34 | 
35 | ## For Everybody
36 | 
37 | Since Security is an important thing, I've added some recomendation for you about security, too.
38 | + A great password is:
39 |     + Don't use obvious passwords like [this](http://gizmodo.com/the-25-most-popular-passwords-of-2013-god-help-us-1504852434)
40 |     + long -> [xkcd.com/936/](http://xkcd.com/936/)
41 |     + simple to remember.
42 |     + something that nobody can guess it.
43 |     + different than other important passwords --> some site/forums force you to join for a little information! use same password for all of those sites. But use a STRONG password for your Banking Account and important files.
44 | + Make sure there is no software/hardware keylogger on your system.
45 | + Make sure you are connected to a [safe Internet](https://en.wikipedia.org/wiki/Firesheep). Read [this](http://readwrite.com/2010/10/25/at_a_cafe_i_can_hack_your_facebook_twitterwith_a_f), too
46 | + Since handheld devices(Tablet, Smart Phones, etc.) show each character when you type a password and then make a ```*```, be sure that nobody's watching you when you type your password.
47 | + What is weak password in [video](http://vooza.com/videos/weak-password/) - from Vooza
48 | 


--------------------------------------------------------------------------------