TL;DR

This time we share with you excellent blog post The Web Authentication Arms Race – A Tale of Two Security Experts [source] that explains web authentication security techniques in the form of a fictional engaging conversation between hacker and site owner.

By reading this exciting story, you will figure out why your site needs to use username/password and HTTPS, what is a MITM attack, what is the purpose of Strict-Transport-Security and Public-Key-Pins headers.