Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update: Credential_Stuffing_Prevention_Cheat_Sheet #1315

Open
SCFTW opened this issue Feb 7, 2024 · 3 comments
Open

Update: Credential_Stuffing_Prevention_Cheat_Sheet #1315

SCFTW opened this issue Feb 7, 2024 · 3 comments
Assignees
@SCFTW
Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet.

Comments

@SCFTW
Copy link
Contributor

SCFTW commented Feb 7, 2024

What is missing or needs to be updated?

A couple of suggestions for the Credential Stuffing cheat sheet:

  1. MFA section should link to MFA cheat sheet (reciprocating the link to cred stuffing from MFA)
  2. With 2023 expansion in support for FIDO2 passkeys, the line that MFA may not be practical should be replaced with suggestion of passkeys to prevent cred stuffing.

How should this be resolved?

Changes suggested inline above. Could also mention FIDO UAF or U2F device bound software or hardware passkeys as well- not sure if this is getting too far into the weeds for a cheat sheet?
@SCFTW SCFTW added ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. HELP_WANTED Issue for which help is wanted to do the job. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet. labels Feb 7, 2024
@jmanico
Copy link
Member

jmanico commented Feb 7, 2024 via email

@mackowski
Copy link
Collaborator

@SCFTW awesome issue. Do you want to make a PR for this?

@mackowski mackowski added ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. and removed ACK_WAITING Issue waiting acknowledgement from core team before to start the work to fix it. labels Feb 18, 2024
@SCFTW
Copy link
Contributor Author

SCFTW commented Mar 15, 2024

I'm working on these and a few other minor updates to the cred stuffing CS.

@szh szh removed the HELP_WANTED Issue for which help is wanted to do the job. label Mar 15, 2024
@SCFTW SCFTW mentioned this issue Mar 19, 2024
Merged
jmanico pushed a commit that referenced this issue Mar 20, 2024
@SCFTW
Update: Credential_Stuffing_Prevention_Cheat_Sheet - Issue #1315 (#1362)
d2776a9 
* Update Credential_Stuffing_Prevention_Cheat_Sheet.md

Added MFA CS link and Passkey statement

* Update Credential_Stuffing_Prevention_Cheat_Sheet.md

Added risk-driven MFA bullets and several content additions throughout

* Update Credential_Stuffing_Prevention_Cheat_Sheet.md

updated MFA section per reviewer comment and resolved linter detected formatting issue.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@SCFTW SCFTW

Labels
ACK_OBTAINED Issue acknowledged from core team so work can be done to fix it. UPDATE_CS Issue about the update/refactoring of a existing cheat sheet.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jmanico @szh @mackowski @SCFTW