User credential / Password Security. Recent security related embarrassment at Yahoo, LinkedIn and Sony has only proved that securing user information needs more considerations. Security is not a product rather a process. First identifying how username/password can be leaked and its price. Basically there are four ways an adversary can find out username/password for one or more accounts stored on the server. 1. Password guessing - Assuming adversary knows username for one or more accounts and they can deploy dictionary attack to find correct password. 2. Adversary eavesdropping on user network ( Man in Middle Attack) 3. Adversary getting access to user computer through some virus/worm 4. Adversary getting access to username/password table or system on the server. Password Guessing : Fix : Max invalid attempts strategy should be deployed, i.e. temporary lock the account after 4 or 5 invalid...