passwords's questions - English 1answer

2.892 passwords questions.

I am creating a small utility for generating passwords based on the diceware method. At the moment I am very close to the algorithm of real diceware - i.e. I simulate rolling dice n-times to get a ...

I'm looking at a web application that does something I find very unusual in the handling of login sessions. The application hashes the password with SHA256 and salt and saves it either in session ...

How can shoulder surfing be prevented or mitigated when unlocking mobile devices? I found other questions about shoulder surfing that focus more on desktop machines, but I believe the issue is much ...

I know, I know, cleartext passwords are terrible and you should always store a hash! However, I'm interested in all of the issues with storing cleartext passwords so I can make a reasonably secure ...

Reusing passwords pose as a terrible risk for users because in the event of a data breach, with the passwords not being stored securely enough, this means that, by default, all other services that ...

In my search for an encrypted NAS i have come across a few products that talk about backing up the encryption key and storing it in a safe location. My question is if this backed up keyfile is enough ...

Received email stating my account had not been used in two years. Not true. It was sent to the very email they are claiming is inactive. This is very suspicious. Please assist.

Let's say there's a simple website hosted on the web, based on Flask + MySQL. The website's functionality is secure and does not allow arbitrary queries to be run against the database. However, let's ...

I have always wondered why so many websites have very firm restrictions on password length (exactly 8 characters, up to 8 characters, etc). These tend to be banks or other sites where I actually care ...

Consider a service that stores files. Users create accounts, secured by passwords, to access these files. PBE is used to secure the contents of these files. However, it is desirable to be able to ...

I am evaluating the possibility of using Outlook mobile client with an on-premise Exchange 2013 server. However it seems that the app sends quite a bit of data to Microsoft's cloud servers. It also ...

I am developing an application where one can add SSH credentials for servers and then an automated python script can fetch those credentials to login to the server and perform certain automated tasks. ...

The router was a secondary one that was no longer being used. The person who did this is my ex-friend/roommate so the wifi password was also known. With me being confused as to what was going on at ...

The OWASP Forgot Password Cheat Sheet suggests: Whenever a successful password reset occurs, the session should be invalidated and the user redirected to the login page I'm failing to understand ...

Let's say Alice logged into https://www.facebook.com with her email and password: Email: Alice@gmail.com Password: correctHorseShoeBattery Nonce given by ...

I have a personal home computer which I took to work. I work for a government agency. I took this computer to work because none of my software applications work and my computer kept freezing. My ...

Are there any security concerns with logging that a user changed their password? I'm already logging whenever an admin changes a users password for audit purposes, but is there a reason to not have a ...

Some password systems will enforce at least X of a type of character - a common one I see is 'minimum 3 numeric characters'. As far as I understand, simply allowing certain character classes, like ...

I usually generate strong passwords using various online tools. Some time ago I mentioned it to a friend of mine and he was shocked that I do such dangerous thing. Is it really so unsafe to generate ...

My friend uses Firefox's built-in password manager feature to save passwords for sites. Later, after installing Avast Free Antivirus there was a feature called Passwords on the Avast UI. When accessed ...

I'm considering emulating the "Show password" functionality, available in some newer browsers, on a website, essentially as a polyfill for browsers which don't. The common way to do this is to call a ...

I have a REST service A, which communicates with REST service B (both are internally hosted within the company network). REST service B is accessed via a service ID & plain password. How do I ...

I am creating a UDP server in Python that will act as a game server to fully validate and authenticate a game client. I would like to use some way of securing the channel in which a user sends me ...

If the input for the security question is completely digital, should the answer to a security question be hashed (or at least encrypted) on the authentication server?

I think my smartphone is being hacked into + controlled by a third party, possibly my internet connection as well. Some very odd things have been ongoing for many months. On my phone I hear constant ...

I'm a student and have one challenge about cryptography. I need clear definition or simple definition to better understand cryptography and related security. I’ve been reading lots of material, seeing ...

I recently came across some password code that hashed the password and then compared it with the saved hash in the naive way: one character at a time, short-circuiting as soon as a non-match was found....

I am trying to use Hydra to brute force a HTTP POST form page, however the page is returning a HTTP Continuation I'm not sure what that is. This is being caused by the HTTP/1.0 at the top of the ...

I have obtained some hashes using crackmapexec and dumping from the LSA process. The hashes are in this form (data below is fake): adm_name:c6f132a235209036744ba5d303bd5d9b:SOME.ORGANISATION.COM:...

Windows stores the (NTLM) hashes of local users' passwords in the SAM hive. By booting from a live system (for example), one can not only extract those hashes for offline cracking, but also simply ...

Apologies if this has been asked countless times. I've seen it a few times around here however they usually pertain to someone having written permission. And I don't... Or if someone could post a ...

I am talking about this password - 23##24$$25%%26 and the similar ones consisting of special characters appearing in a pattern, which the users these days use a lot. At work (finance company), I was ...

Yesterday, Twitter anounced that they recently identified a bug that stored passwords unmasked in an internal log. Recently, Github also had a similar bug. In both cases, they claim that nobody had ...

With some colleagues we're having a debate regarding the randomkeygen.com website. I do think that there is a security risk using the generated keys of this (or any of this kind) website. Why ? ...

Suppose that you are on a cybercafe, at a friend's home or at your work office, and you need to log in on a site, but you feel that the the computer can not be trusted (e.g. your friend isn't tech-...

Pros: The complexity in managing passwords is maintained by a company with stronger security policy. Let's assume they secure passwords properly. The user doesn't have to maintain yet another ...

I'm looking for a definitive guide to the rules that determine a "strong" password for website authentication. It seems many websites have many different rules, and I'm not sure what is the best ...

From this wiki page, I learned that the strength of a password is affected by two main factors, the length (L) and the possible symbols (N), and it's calculated using the equation: H = L * log2(N) ...

I've been asked to implement a system to prevent reusing passwords on the same account. The most secure way I know to do this is to compare hashes of the password + a known salt. bcrypt.hash(sha256(...

I just tried to add some details to a bug I have reported at bugzilla.mozilla.org (BMO) but wasn't let in because my password had been nullified. Now they want me to create a new password meeting ...

With iOS 11 I was compelled to switch from two-step-verification to two-factor-authentication. This has the implication that somewhere at Apple there is some blackbox that can decide, using my AppleID ...

Twitter revealed that its passwords got unmasked in internal logs. But correct me if I am wrong, passwords are never unmasked, right? E.g. if the plaintext is "password", it is stored as "#masked". ...

For a beginner, how can I encrypt a password text into a cipher text that I would send via an email to someone, such that they can decrypt locally (offline) and read the password? To clarify, the ...

At work we use an authentication system called Swivel Secure without implementation specifically when connecting to our customers devices such as: routers, switches, firewalls, etc we must provide a ...

I have the following setup: A server and a client will be connected over tcp. The server and client both have access to the preshared secret key. When the client connects to the server, the client and ...

I'm making an app whose functionality includes creating a database and its user. This is accomplished like so: mysql -e "grant all on database.* to 'user'@'localhost' identified by '$PW';" $PW is ...

I was messing around with bcrypt today and noticed something: hashpw('testtdsdddddddddddddddddddddddddddddddddddddddddddddddsddddddddddddddddd', salt) Output: '$2a$15$jQYbLa5m0PIo7eZ6MGCzr....

According to XKCD: Password Strength, if the password consists of “four random common words”, it will be secure and memorable. I want to make a web application and make users create their passwords ...

Related: how to get cookies from aspx site to use it with hydra My problem is similar to the above case, I get "20 valid passwords found" but the server I'm trying to brute force sends the header set-...

I have an API where clients authenticate via Http basic auth (account:apikey). Users can generate (and revoke) many apikeys for the same account. I currently only accept HTTPS requests, but I am ...

Related tags

Hot questions

Language

Popular Tags