passwords's questions - English 1answer

2.969 passwords questions.

Every year an automated password reset occurs on a VPN account that I use to connect to the institution's servers. The VPN accounts/passwords are managed by the institution's IT department, so I have ...

Today I tried to change my password on GitHub, but the site rejected my new password: The new password you provided has also been reported as compromised due to re-use of that password on another ...

The way that we hash passwords and the strength of password is important because if someone gets access to the hashed passwords, it's possible to try lots and lots of passwords in a surprisingly short ...

The general opinion on password policies seems to be that complexity rules are counterproductive to security due to the human nature [1]. Does this also apply to password policies prohibiting the re-...

Everyone knows that if they have a system that requires a password to log in, they should be storing a hashed & salted copy of the required password, rather than the password in plaintext. What I ...

In creating a login for this site I chose a nondictionary password that would be extremely hard to guess, but easy to remember. I was told that it did not meet complexity rules. After several ...

When considering the strength (or secureness) of passwords and passphrases, where some can have a mix of letters of either case, numeric digits, punctuation characters, arithmetic operators, and any ...

A service account is a user account created for the sole purpose of running an application. For example, an online banking web site may have a single service account under which the code runs. ...

A while ago, the EFF published new wordlists to be used with diceware, to create passphrases with “better” words. One variant is the “short word list (with words that have unique three-character ...

Does Microsoft have a password checker such as http://howsecureismypassword.net/

The file key3.db contains the key that is used to encrypt the Firefox passwords stored in logins.json file. I don't use master password in Firefox, but according to this article, my passwords are ...

UPDATE: I found the answer to the "How To?" part of my question on superuser: Require Fingerprint AND Password/Pin for Windows Logon Is it possible to require a TOTP on Windows Login using existing ...

If I connect a portable router like GL-AR150 to a public, unsecured Wi-Fi network at a hotel and create my own private, password-protected Wi-Fi network, how much more secure is this compared to just ...

I always read that using the same password on multiple sites is a risk. I'm wondering what is the real reason for this? In my case, I use the same password on multiple sites everywhere. My password ...

I am wanting to secure some highly sensitive data in a database. This would mean that the data needs to be encrypted and remain secure for 100 years if it were to fall into adversary hands. I also ...

I was unsure whether to ask this on StackOverflow or here, but decided that it is more appropriate here. I'm creating a fully-automated local script that will run on a schedule. Once set up, the ...

Am I safe using keepass for generating passwords? For example my accounts, am I safe using a keepass generated password? Could my future keepass master-keys be safely generated in keepass? What method ...

Today I opened a bank account to invest my savings. Here's the link to the login page: http://www1.directatrading.com/ I noticed it doesn't use Https protocol (neither is that page nor in the landing ...

Someone has hacked into my Wi-Fi and downloaded a film, TV shows and other content over a 2 year period using BitTorrent, I am now being sued by a copyright infringement company. The TV programs as ...

I am running a VM on a spare laptop we have in the office, and have set it up for SSH access from my workstation. Currently I am using user/password authentication, but I would like to remove the ...

On Chrome, if you open a sign up page, it will offer to fill and remember the password field. I did this and got the following sequence of passwords offered as generated: suCipAytAyswed0 ...

Let's say in my database I store passwords hashed with salt with a fairly expensive hash (scrypt, 1000 rounds of SHA2, whatever). Upon login, what should I transfer over the network and why? Password ...

Why do systems that do password authentication actually send the password over the wire? Why not just have the server issue a challenge, and have the client append append that challenge to the ...

Is it possible to hack into secured wifi and download using BitTorrent from my IP address? I live in Denmark- if that makes any difference. We changed to a new WIFI service provider a few years back (...

NIST guidelines discourage password policies that require multiple character sets. Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or ...

I have the following setup: A server and a client will be connected over tcp. The server and client both have access to the preshared secret key. When the client connects to the server, the client and ...

The original question was about the minimum password (or PIN) length (or entropy) for the screen lock in Android. Seeing that nobody answered, and following Schroeder's advice, I'm going to edit it ...

This is more of a philosophical question. Suppose that you are trying to choose a good password for a particular online service, say your bank's e-banking service. Now the bank has some restrictions ...

After a lot of frustration I've finally cracked my local Windows 10 password using mimikatz to extract the proper NTLM hash. In particular, samdump2 decrypted the SAM hive into a list of users with "...

I'm making an app whose functionality includes creating a database and its user. This is accomplished like so: mysql -e "grant all on database.* to 'user'@'localhost' identified by '$PW';" $PW is ...

I am currently working on a web application with a significant security risk attached to its function. We're using Microsoft Identity Framework to handle user logins, with the system forcing strong ...

My understanding of Have I Been Pwned is that it checks your password to see if someone else in the world has used it. This really doesn't seem that useful to me. It seems equivalent to asking if ...

I feel like this should be a duplicate, but I don't see it anywhere. The question is pretty simple. When giving a mail client (say, Thunderbird) access to your e.g. Gmail account, you have the option ...

Related: how to get cookies from aspx site to use it with hydra My problem is similar to the above case, I get "20 valid passwords found" but the server I'm trying to brute force sends the header set-...

I can understand why you wouldn't want to email someone their password, but on an SSL encrypted web page, I dont understand why websites always require you to reset the password when you'd probably ...

There are known good practices for password reset functionality from OWASP and other resources. On the other hand, I believe most of us agree that security questions are not user friendly, they either ...

Let's say there is a low quality website,myfirstblogwebsite.com, that stores user passwords in plain text. Someone could get hold of those passwords and try them out on websites like Gmail, Facebook, ...

I need to store really sensitive data in a client-hosted database. Since there's no way I can protect this database (because I don't own it), my idea was to encrypt it by using the user's password, so ...

Wall Street Journal wrote that Bill regrets his password recommendations NIST SP 800-63 Appendix A. Apprendix A is titled "Estimating Password Entropy and Strength". It is about how we might assess ...

I recently found out that the Phone company where I have my contract is storing passwords on their server in clear text and employees can access it given the name or contract number of a person. ...

While selecting unique passwords for each purpose is a great idea, in practice this rarely happens. Therefore many select passwords from a personal pool of passwords that are easily remembered. When ...

How can I change a Veracrypt (master) password efficiently and securely? Based on the answers here, it is not safe to use system --> change password due to various reasons. I cannot simply image ...

Can malware record your keystrokes on the login screen of Windows 10? Or only after the login screen? I ask this because sometimes I enter my credential of another distro by mistake.

i'm using Hashcat for a while & try to solve this challenge: is this possible to crack at least half the possibilities combinations password of 10 character using 94 characters from keyboard with ...

My company Gmail was logged into by someone else and sent out unhealthy messages to people in my company. I looked back to my login history and found a phone device login which is not mine. Can I ...

I'm building a number of automated scripts that will run within an encrypted environment (full disk encryption). Many commands in both Windows and *nix have two ways of entering sensitive information ...

In my search for an encrypted NAS i have come across a few products that talk about backing up the encryption key and storing it in a safe location. My question is if this backed up keyfile is enough ...

I am no crypto expert in any way so please bear with me if my question is kind of stupid. We use OpenSSH key pairs on a regular basis and due to the asymmetric nature of key pairs, as far as I ...

Yes yes I know "don't invent your own protocols unless you're an expert". No need to yell at me I just want to know if there's a flaw in this idea and if not has anyone done it before. The motivation ...

I'm in the process of building an app to let users sign up, connect their many email accounts (like Gmail) to the site, and allow email-related activities... like sending an email (please don't ask or ...

Related tags

Hot questions

Language

Popular Tags