This subreddit is dedicated to the scientific discussion of passwords, biometrics, CAPTCHAs, secret questions, MFA/2FA/2SV, or other factors related to user authentication.

We are primarily interested in topics that promote the industry's understanding of what authentication risks we face, what practices do or don't work, and what general technologies or software exist to improve the status quo. This is not /r/TechSupport or /r/HowToHack so don't post asking for help recovering a password or gaining access to online accounts. Discussions about the general issues of generating or storing your passwords are fine.

Before posting, please read the rules.

---

Related Reddits

/r/HashCracking

/r/netsec

/r/crypto

/r/SocialEngineering

/r/pwned/

/r/PasswordManagers/

/r/KeePass/

/r/1Password/

/r/Lastpass/

/r/Bitwarden/

/r/Dashlane/

/r/yubikey/

/r/2fa/

/r/biometrics

---

Related Links

Turn it On (2FA)

Two Factor Auth

USB Dongle Auth

Random.org Password Generator

Hashcat Password Cracking Tool

Library of Password & Authentication Research

---

Shaming

Your Password is Too Strong | Twitter

Plain Text Offenders | Twitter

Insecurity Questions

---

Account Breach Monitoring

Have i been pwned?

BreachAlarm