Passwords, Security and Drupal

Passwords (still) represent a significant aspect of online security, and one which all too often turns out to be a weak link in the chain. This session covers how passwords are handled in Drupal, and how this has changed over the years. We'll look at the latest guidelines and best practices for passwords, and how Drupal sites can implement these. We'll also consider how bad actors leverage and abuse passwords, and how Drupal can protect against these attacks. Finally we'll contemplate a utopian Drupal future where passwords are no longer a thing.