From 651dd4f180efca605bf962884fa333a7900ecb8f Mon Sep 17 00:00:00 2001 From: Shivam Pal Date: Mon, 22 Dec 2025 13:05:40 +0530 Subject: [PATCH] Add OWASP reference and remove vague Google mention Removed the vague reference to "Google does nowadays" and added a clear source reference to the OWASP Secure Coding Practices Quick Reference Guide. --- .../validation-and-storage.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/authentication-password-management/validation-and-storage.md b/src/authentication-password-management/validation-and-storage.md index bb22898..41bb1c4 100644 --- a/src/authentication-password-management/validation-and-storage.md +++ b/src/authentication-password-management/validation-and-storage.md @@ -15,10 +15,9 @@ securely_". We recommend you read all other "Authentication and Password Management" sections, since they cover recommendations about reporting back wrong authentication data and how to handle logging. -One other preliminary recommendation is as follow: for sequential authentication -implementations (like Google does nowadays), validation should happen only on -the completion of all data input, on a trusted system (e.g. the server). +One other preliminary recommendation is as follow: for sequential authentication implementations, validation should happen only on the completion of all data input, on a trusted system (e.g. the server). +Source: OWASP Secure Coding Practices Quick Reference Guide ## Storing password securely: the theory