Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications.

Your application may be perfectly secure, but if one of your users uses the same username and password on a less secure application that gets cracked or XSSd their account on your service can be compromised as well.

Designing for a security breach