Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update: Credential_Stuffing_Prevention_Cheat_Sheet - Issue #1315 #1362

Merged
merged 3 commits into from
Mar 20, 2024
Merged

Update: Credential_Stuffing_Prevention_Cheat_Sheet - Issue #1315 #1362

merged 3 commits into from
Mar 20, 2024

Conversation

SCFTW
Copy link
Contributor

@SCFTW SCFTW commented Mar 19, 2024

  • Added link to MFA Cheat sheet
  • Updated MFA statement to include FIDO2 Passkey info
  • Added risk-based step-up MFA bullets
  • Added definition of CAPTCHA and commentary including "or similar puzzle" to include modern Captcha replacements, also mentioned risk-based conditional use for improved usability
  • Added minor commentary in IP Mitigation section

This PR covers issue #1315

been a long time since I did anything in GitHub so LMK if I did anything wrong 馃槃

@SCFTW
Update Credential_Stuffing_Prevention_Cheat_Sheet.md
d512944 
Added MFA CS link and Passkey statement
@SCFTW
Update Credential_Stuffing_Prevention_Cheat_Sheet.md
8530faa 
Added risk-driven MFA bullets and several content additions throughout
jmanico
jmanico requested changes Mar 19, 2024
View reviewed changes
Copy link
Member

@jmanico jmanico left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we augment "MFA, however with modern browsers and mobile devices now supporting FIDO2 Passkeys, MFA is attainable for most use cases." with:

"...however with modern browsers and mobile devices now supporting FIDO2 Passkeys, and other forms of MFA, it is attainable for most use cases.

@SCFTW
Update Credential_Stuffing_Prevention_Cheat_Sheet.md
b59a820 
updated MFA section per reviewer comment and resolved linter detected formatting issue.
@SCFTW
Copy link
Contributor Author

SCFTW commented Mar 20, 2024

committed the suggested change and resolved the linter spacing issue

@SCFTW SCFTW requested a review from jmanico March 20, 2024 03:10
jmanico
jmanico approved these changes Mar 20, 2024
View reviewed changes
Copy link
Member

@jmanico jmanico left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

excellent edits

@jmanico jmanico merged commit d2776a9 into OWASP:master Mar 20, 2024
3 checks passed
@ekmixon ekmixon mentioned this pull request Apr 2, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmanico jmanico jmanico approved these changes

@mackowski mackowski Awaiting requested review from mackowski mackowski is a code owner

@szh szh Awaiting requested review from szh szh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@SCFTW @jmanico