password-reset's questions - English 1answer

73 password-reset questions.

The library of the Technical University in my city (Europe) has a password reset system which I did not encounter anywhere else. Students have to go to some office inside the university to get a new ...

At our organization, we came across some frequent incidents such as: Reported successful password guessing attacks Frequent password reset complaints We started an investigation to identify the ...

I just received an email from Citi saying "We've locked your access for 24 hours due to multiple failed login attempts." and "If you didn’t attempt these logins, we recommend that you reset your ...

I need to implement a reset password feature with Multifactor authorization. The plan is to use these 2 factors: ask a security qs and email/sms a code to the user. I think the order of these should ...

I'm updating my company's forgot password workflow. Currently we use Duo Security as our second factor on login (but for the purposes of my question this can be any such service). I've been walking ...

Are there any security concerns with logging that a user changed their password? I'm already logging whenever an admin changes a users password for audit purposes, but is there a reason to not have a ...

I need to provide the Reset Password Feature for my product. For this I have two competing solutions: Send the password reset link in mail to the user Provide the Security Question based solution ...

The OWASP Forgot Password Cheat Sheet suggests: Whenever a successful password reset occurs, the session should be invalidated and the user redirected to the login page I'm failing to understand ...

I run a SaaS used by teams to collect company-related information (think something like Crashlytics). Even if the tool lets users invite their colleagues, we often find cases of individuals who ...

Here's the scenario: Your account has multiple active “password reset” links out in the world. They expire after 24 hours, and after you change your password. Instead of changing your password, you ...

I'd like to start using a password manager, but I'm not sure how to handle account recovery. I'm not a criminal or a secret agent, so if I lose my master password (or my second authentication factor, ...

I've been trying to answer the following question but can't seem to find a clear answer... When a user resets their password after forgetting it, should they be allowed to change it to the password ...

I'm designing a system so that it encrypts a user's profiles. The only way of accessing the information stored in it is by either: Providing the password for the account Resetting the password using ...

When a user changes their password this will force all users who is logged in on the website via cookies to be forced to login again. However, there is a mobile application that logs in the user via ...

The Devise documentation states that "For security purposes, sometimes you need to notify users when their passwords change." In general, when would you need to provide such notification, and why?

I am working with another UX guy and he's let me know that there have been some studies surrounding the fact that when a person goes through a "forgot username/email" process, they enter in extra ...

I'm thinking out my password recovery logic for an ecommerce system. Some backround: Passwords are stored using bcrypt, password recovery involves the standard reset link, which then can be used to ...

I have received a few password reset emails for the "admin" user (ie login name admin) in an old (but patched up-to-date) Wordpress install. The owner of the site did not request these password ...

I'm confused about how to implement password reset functionality. I'm testing a Web application with two roles - administrator and normal user. Only administrators can use the password reset ...

I need to crack my Asus. My roommate put a password on it and I can't figure it out. The password hint on the login page says crazed. If anybody knows how to get in this M.F. P.O.S. It would be ...

My question is how is it possible to know if I am reusing a password? Are they storing my old password as well [in plaintext]? If an admin had access to the backend, wouldn't they have access to all ...

We have a web application which requires users to log in with username and password. We have a password reset feature for users which more or less successfully follows the guidelines outlined by Troy ...

Suppose I want to implement an OTP system that generates 6 to 10 digit numbers. (assume its used for reset password, or send money) The OTPs have an expiry time, so they keep getting removed from the ...

My router got hacked. And people suggest that the best way is to factory reset the router, then reset all the devices using the network. I'm getting a new router so the reset router part is solved. ...

I develop a sort of social network for mobile and desktop browser with a REST API. I can't ask to users to buy a U2F key or any hardware (but I could propose to support it if they have, since Chrome/...

I am looking at password reset functionality for a project I am working on. Looking at OWASP guidelines, it suggests using SMS as an out-of-band channel for this. ( https://www.owasp.org/index.php/...

Any security issues showing if a certain e-mail address was found in a database or not when a enduser requests a password-reset on a certain homepage or should the homepage just return some kind of ...

I had this idea, that instead of generating a password reset token and emailing it to the user, I simply email the user's hashed password to them. Then upon reset, the user would submit the old hashed ...

Which is more recommended? The user security questions are asked before the forgot password reset link is send to email? or Security questions are asked in the page that shows up right after the ...

I mean, this looks like a really handy tool for every IT guy out there. But to me, it seems like it does not do anything really hard other than just simplyfing something you can do yourself. So what ...

I forgot my password to an old gmail account. I have tried the regular route of going through gmail password recovery: answering questions, it keeps looping back to the questions, so I think I'm ...

I recently had one of my accounts compromised after falling victim to an online phishing scam. To make matters worse, while I've used unique passwords for any account created in the past few years, my ...

I have received this email from Google: Someone just used your password to try to sign in to your Google Account xxxxxx@gmail.com. Details: Sunday, July 9, 2017 11:27 AM (France Time) *****...

Suppose I setup an online account with 2FA on my phone, and an attacker gains access to my phone. My phone is logged into my email account. The attacker knows my online service's account username or ...

Today on my Facebook I saw a new (to me at least) feature to access your account if you lose access somehow. The process is simple. You add 3 to 5 friends as trusted friends. Then if you lose access ...

Is it secure for a user to manually reset his password every login (via email or 2 factor authentication) to a random token via email or 2 factor authentication, when OTP isn't forced ? I mean an ...

Let's assume this situation: I am a user of an online shop, I forgot my password. So I use the functionality of this online shop to reset my password. The online shop sends me an email with a link I ...

I notice that the default ASP.NET Core Identity templates ask for email address after the reset email notification link has been followed (i.e. the "choose a new password" form in the ResetPassword....

I've heard that SMS use in Europe isn't even close to how much it's used in the US. How do they do two step authentication when a user forgets their password? Is it as simple as just using a robocall ...

This was found on a password reset feature of a government website, where you enter your username, then it takes you to a screen where you can enter a new password enter confirmation of new password ...

So I managed to change my password on a service to the "wrong" password, for simplicity let's just say I changed it to an insecure password. Now, I wanted to change it to a more secure password but ...

I've been tasked to work on a password reset tool for my company website. This tool is for a support person to provide a new reset password over the phone in case the customer does not receive the ...

I'm trying to figure out how to issue a one-time use JWT token for password reset feature and still keeping it stateless. Came across Single-Use Tokens w/ JWT which basically suggests to include hash ...

I want to create a public (password given out to everyone) gmail account that anyone can use (for subscriptions, using useful websites that require your real email but spam you, etc.) and that's the ...

I got an email from at least one site saying they use Cloudflare and due to the recently discovered leak they're recommending I change my password on their site. But I don't have a password on their ...

What are the pros and cons of the different ways of handling reset links? I see two ways of handling them: Generate a random string, for example with uuid4. Store it in the database with the user and ...

I have noticed that some sites would not let you login with the old password if a new password is requested, but was not changed. Example: I forgot my password and requested a new one in the email. ...

I have an account on a major company website that has for some reason fallen under attack. Periodically over the course of the day I will get a text message from the company saying your password has ...

I was reading through the delegated password recovery process introduced by Facebook. I am trying to relate the whole process with traditional password recovery mechanisms (i.e., sending a reset ...

Recently I applied for a job at a company creating security-critical solutions for military, aerospace, ... After registering at their webpage, I received an email with my username and a ...

Related tags

Hot questions

Language

Popular Tags