passwords's questions - English 1answer

2.913 passwords questions.

Think whole-disk encryption. I have a similar situation where I need to encrypt some data on a device (embedded, not PC) but that data needs to be decrypted and used when the device is booted up. The ...

Reusing passwords pose as a terrible risk for users because in the event of a data breach, with the passwords not being stored securely enough, this means that, by default, all other services that ...

Are there any security concerns with logging that a user changed their password? I'm already logging whenever an admin changes a users password for audit purposes, but is there a reason to not have a ...

I am creating a small utility for generating passwords based on the diceware method. At the moment I am very close to the algorithm of real diceware - i.e. I simulate rolling dice n-times to get a ...

I'm looking at a web application that does something I find very unusual in the handling of login sessions. The application hashes the password with SHA256 and salt and saves it either in session ...

How can shoulder surfing be prevented or mitigated when unlocking mobile devices? I found other questions about shoulder surfing that focus more on desktop machines, but I believe the issue is much ...

I know, I know, cleartext passwords are terrible and you should always store a hash! However, I'm interested in all of the issues with storing cleartext passwords so I can make a reasonably secure ...

Let's say there's a simple website hosted on the web, based on Flask + MySQL. The website's functionality is secure and does not allow arbitrary queries to be run against the database. However, let's ...

I have always wondered why so many websites have very firm restrictions on password length (exactly 8 characters, up to 8 characters, etc). These tend to be banks or other sites where I actually care ...

Consider a service that stores files. Users create accounts, secured by passwords, to access these files. PBE is used to secure the contents of these files. However, it is desirable to be able to ...

I am evaluating the possibility of using Outlook mobile client with an on-premise Exchange 2013 server. However it seems that the app sends quite a bit of data to Microsoft's cloud servers. It also ...

I am developing an application where one can add SSH credentials for servers and then an automated python script can fetch those credentials to login to the server and perform certain automated tasks. ...

The router was a secondary one that was no longer being used. The person who did this is my ex-friend/roommate so the wifi password was also known. With me being confused as to what was going on at ...

The OWASP Forgot Password Cheat Sheet suggests: Whenever a successful password reset occurs, the session should be invalidated and the user redirected to the login page I'm failing to understand ...

Let's say Alice logged into https://www.facebook.com with her email and password: Email: Alice@gmail.com Password: correctHorseShoeBattery Nonce given by ...

Some password systems will enforce at least X of a type of character - a common one I see is 'minimum 3 numeric characters'. As far as I understand, simply allowing certain character classes, like ...

My friend uses Firefox's built-in password manager feature to save passwords for sites. Later, after installing Avast Free Antivirus there was a feature called Passwords on the Avast UI. When accessed ...

I'm considering emulating the "Show password" functionality, available in some newer browsers, on a website, essentially as a polyfill for browsers which don't. The common way to do this is to call a ...

I have a REST service A, which communicates with REST service B (both are internally hosted within the company network). REST service B is accessed via a service ID & plain password. How do I ...

If the input for the security question is completely digital, should the answer to a security question be hashed (or at least encrypted) on the authentication server?

I think my smartphone is being hacked into + controlled by a third party, possibly my internet connection as well. Some very odd things have been ongoing for many months. On my phone I hear constant ...

I'm a student and have one challenge about cryptography. I need clear definition or simple definition to better understand cryptography and related security. I’ve been reading lots of material, seeing ...

I recently came across some password code that hashed the password and then compared it with the saved hash in the naive way: one character at a time, short-circuiting as soon as a non-match was found....

I have obtained some hashes using crackmapexec and dumping from the LSA process. The hashes are in this form (data below is fake): adm_name:c6f132a235209036744ba5d303bd5d9b:SOME.ORGANISATION.COM:...

Windows stores the (NTLM) hashes of local users' passwords in the SAM hive. By booting from a live system (for example), one can not only extract those hashes for offline cracking, but also simply ...

I am talking about this password - 23##24$$25%%26 and the similar ones consisting of special characters appearing in a pattern, which the users these days use a lot. At work (finance company), I was ...

Yesterday, Twitter anounced that they recently identified a bug that stored passwords unmasked in an internal log. Recently, Github also had a similar bug. In both cases, they claim that nobody had ...

With some colleagues we're having a debate regarding the randomkeygen.com website. I do think that there is a security risk using the generated keys of this (or any of this kind) website. Why ? ...

Suppose that you are on a cybercafe, at a friend's home or at your work office, and you need to log in on a site, but you feel that the the computer can not be trusted (e.g. your friend isn't tech-...

Pros: The complexity in managing passwords is maintained by a company with stronger security policy. Let's assume they secure passwords properly. The user doesn't have to maintain yet another ...

I'm looking for a definitive guide to the rules that determine a "strong" password for website authentication. It seems many websites have many different rules, and I'm not sure what is the best ...

From this wiki page, I learned that the strength of a password is affected by two main factors, the length (L) and the possible symbols (N), and it's calculated using the equation: H = L * log2(N) ...

I've been asked to implement a system to prevent reusing passwords on the same account. The most secure way I know to do this is to compare hashes of the password + a known salt. bcrypt.hash(sha256(...

I just tried to add some details to a bug I have reported at bugzilla.mozilla.org (BMO) but wasn't let in because my password had been nullified. Now they want me to create a new password meeting ...

Twitter revealed that its passwords got unmasked in internal logs. But correct me if I am wrong, passwords are never unmasked, right? E.g. if the plaintext is "password", it is stored as "#masked". ...

For a beginner, how can I encrypt a password text into a cipher text that I would send via an email to someone, such that they can decrypt locally (offline) and read the password? To clarify, the ...

At work we use an authentication system called Swivel Secure without implementation specifically when connecting to our customers devices such as: routers, switches, firewalls, etc we must provide a ...

I was messing around with bcrypt today and noticed something: hashpw('testtdsdddddddddddddddddddddddddddddddddddddddddddddddsddddddddddddddddd', salt) Output: '$2a$15$jQYbLa5m0PIo7eZ6MGCzr....

According to XKCD: Password Strength, if the password consists of “four random common words”, it will be secure and memorable. I want to make a web application and make users create their passwords ...

I have an API where clients authenticate via Http basic auth (account:apikey). Users can generate (and revoke) many apikeys for the same account. I currently only accept HTTPS requests, but I am ...

I have a password-protected excel file that stores other personal passwords. Obviously there have been a number of ways to crack the password. community.spiceworks.com Where do you guys store ...

My company Gmail was logged into by someone else and sent out unhealthy messages to people in my company. I looked back to my login history and found a phone device login which is not mine. Can I ...

One of my friends, she has a lot of friends on Facebook, and uses it for marketing. Her account keeps getting broken into. Her password gets reset and/or gets locked for changing resetting password ...

My car license plates tend to have 3 or 4 digits and 3 or 4 characters. If I were to combine two (or more?) of them, throw in a plus sign or similar and uppercase one or two characters, how secure ...

I failed to answer a question in a CaptureTheFlag event, and the the question still bugs me. I want to share the question here and please help me if you know the solution. Question: You have the ...

From what I understand, Time-based One Time Passwords used a seed and a mathematical algorithm to generate unique passwords. As the seed is known by the user (or the device used by the user), and the ...

I recently wrote out a small javascript library that allows you to verify identity server password hashes in nodeJS. While I was doing the research I learnt that the type of hash, iterations and salt ...

I've seen similar questions on the site but not this exact one. The closest one was Altering passwords before storing where the accepted answer sums up by stating that transforming the password is ...

Is it safe to create a Veracrypt partition (on a USB) such that it takes up the whole device (ie. not a "file", but using the USB as the storage container) it contains only a standard volume (no ...

There's a free SMS sending service in our country. It requires a phone number to log in. Once registered, you can send SMS to any phone number within this country. The phone number which you use to ...

Related tags

Hot questions

Language

Popular Tags