passwords's questions - English 1answer

2.969 passwords questions.

When talking about password security, a lot of discussion centers on the risk of a password being guessed in a brute-force attack. For websites where a user has registered an account, what are the ...

I am working with JSP. So when a user submits a form, all the form fields say username and password gets stored in browser memory dump file in clear text. I even tried with JSP hidden fields, but ...

I am just wondering, but how can I harden the security of jailbroken or rooted devices? I understand that SD Card can be still accessible, but how could potential adversaries compromise for example ...

A well known security-vulnerability in Windows (up until Windows 8.0) is that the WDigest password is stored in cleartext and can be extracted by using Mimikatz. I found out that this password is in ...

(We really should just have a button to link this XKCD) I've just started switching my passwords into passphrases. Now, I didn't roll any dice to come up with them, which I know sacrifices entropy; ...

From time to time, some users can accidently type their password in the username field, either because they missed the tab key or because they thought their account was simply locked, not logged out (...

It seems like plaintextoffenders.com sees sending a plaintext recovery password as wrong. Instead, a link to set a password is better. But what's the difference? If a user follows a link and sets a ...

According to Is it common practice to log rejected passwords?, I know logging rejected plain text password is a bad idea, but how about if I store the hashed form of rejected passwords? I want to have ...

I've been sitting for hours trying to get PsExec and windows/smb/psexec to work without luck, always getting the "Access is denied." error, until I came across the following article on Windows Vista: ...

I'm currently job searching, and sometimes I come across sites that are just huge databases full job postings, and before you apply you have to create an account. I came across a site, but I'm ...

Suppose a user uses a password to log in to their PC. When the user logs in, the PC applies a cryptographic function to the password and compares the ciphertext to the stored ciphertext of the known ...

Searching the internet I only saw tables of encryption/hashing families and the logic. I've seen a video recently from Computerphile about breaking passwords using dictionary rules and previously ...

Let's assume that I have to store the password on a material medium (paper, etc). What is the most secure way to do that? I mean a way of storing the password that does not needs any electronic tools ...

I have a web application running on node.js, backed by a MongoDB database which stores user data etc... I'd like to offer my users an email account, so I've set up a mail server using Postfix, dovecot,...

I'm trying to create a user authentication system for an application. I can't use a built in library for that such as ASP.NET Identity, but I can use any simple methods in .net. Not wanting to ...

Please Note: I'm aware that the proper method for secure password storage hashing is either scrypt or bcrypt. This question isn't for implementation in actual software, it's for my own understanding. ...

I'm using the following library for hashing my password. string password = BCrypt.Net.BCrypt.HashPassword("stackoverflow"); The length is apparently 60 each time. My question is, I'm planning to ...

I'm making a desktop application in C# and I want to know If I'm handling this (from security perspective) as should be or not. My Users table have both hashed_password and salt, both are binary(32). ...

A couple of days ago, I attempted to log into the website of a well-known SaaS provider. I used a password manager on my browser (so user/pass were correct) and the NoScript plugin which had limited ...

This TED talk brought me here. First of all, to those who created ProtonMail: Nice job!!. Regardless of what people say, it's definitely a big step forward from tradition options like Hotmail, Gmail ...

Assume a client authenticates using the password, which includes hashing and salting. The hash values are stored in a remote database server. Questions: For the hash values stored in the database ...

At our organization, we came across some frequent incidents such as: Reported successful password guessing attacks Frequent password reset complaints We started an investigation to identify the ...

A few days ago I changed my KeePass password and forgot it unfortunately. It isn't that much different from the previous one, but I kept trying and trying and it says it's incorrect I found https://...

With iOS 11 I was compelled to switch from two-step-verification to two-factor-authentication. This has the implication that somewhere at Apple there is some blackbox that can decide, using my AppleID ...

Given that a communication over HTTP uses SSL encryption uses public key pinning to prevent MiTM attacks is security in any way elevated by using Salted Challenge Response Authentication Mechanism (...

I am connected to a WPA/WPA2 Access Point and I want to sniff all wireless traffic inside that network. How can I decrypt the traffic even though I don't have the pre-shared key?

We can calculate the Entropy S of a string simply like this: S = L * log_2(N) Where L stands for used characters in the string And N for every possible character Example: We want to calculate the ...

At the moment I use KeepassXC on macOS. Before I used KeepassX, which discontinued their development. I am considering switching to command line client pass - the standard unix password manager, ...

In some password-authenticated sites, you are asked to enter a random selection of specific characters from your password rather than the whole word/phrase. For example, it might say 'Enter the 1st, ...

I thought that if you repeated a sequence of characters in your password, the password would get easier to crack. I tried one of those websites which gives you an estimate of how much time it would ...

I am not an information security professional as such. I am a self-taught web developer so I hope this question is not too basic. I have set up a web store via WordPress using WooCommerce and ...

I'm currently writing my own little password manager that stores the key in a SHA256 hash, with salt. I create the hash by doing the following: def sha256_rounds(raw, rounds=100001): obj = ...

For a while now I have been interested in the passphrase concept as a potentially more secure replacement for classical passwords. My interest stemmed from a gut feeling that passphrases would be of a ...

I just received an email from Citi saying "We've locked your access for 24 hours due to multiple failed login attempts." and "If you didn’t attempt these logins, we recommend that you reset your ...

I have read: PCI DSS 1.2 SOX 404 AR 25-2 ISO 27001 But only PCI DSS specifies a minimum password length. Are there any other regulations that dictate password lengths for any industry? NIST ...

Why do some apps/sites require you to use or not use certain characters when creating a password. For instance below are JetBlue's requirements. Your password must be 8 – 20 characters long. Only ...

I have an app in which there's a Main Account Owner who has a completely secure server-side-checked password, hashed and salted, which is great. No worries there. But each account also has a list of '...

I understand that it's to protect the user credentials but my question is, If the hacker managed to get access to our database, what difference would it make? Let's give an example with facebook for ...

We are migrating some users to a new database from a legacy app's database and have written a script to pull the users and all their data from an existing database. As the user's passwords are hashed ...

Imagine you have a private RSA-key on your computer encrypted (through PBKDF2, AES-CTR, HMAC256) with a password, now if the user would like to tick "Remember Password", what is the most secure way to ...

I've been trying to make use of the current wifi audition techniques in regards of Router Password retrieval. GEAR: I've been through car boot sales and acquired some of the current routers on the ...

Where I work I'm forced to change my password every 90 days. This security measure has been in place in many organizations for as long as I can remember. Is there a specific security vulnerability ...

I am making an mobile application that interacts with a server. I want to figure out a way to transfer passwords safely. If I send the passwords in plain text or hashed form, it can be sniffed. How to ...

Let's say that I've a relatively strong password, but I don't want to use many different passwords for each different service, and let's say that those services provide two-factor authentication using ...

I have obtained a hash for a password that I know is 10 characters and contains lowercase, uppercase and numbers. No special chars. I have created the following incremental mode: [Incremental:myown] ...

We are saving password in a database using PHP: return hash('sha256', PASSWORD_SALT . $password); Recently a (fortunately) good hacker SQL-injected us and cracked some passwords including the admin ...

So, my computer crashed during the night and when I came to work in the morning I had the following screen on. I did not type the password a single time after the crash. It appears to be related to ...

Here is a question that I asked on "AskUbuntu" and I've been suggested to ask it here: Searching for answers about ways to record Firefox passwords in Gnome Seahorse Keyring vault, I found severals ...

I'm university student studying for my certification exam, and I was doing some reviewing today when I found a question that I can't find an answer to. Basically, in the CCNA3 2.4.1 Cisco Netacademy ...

I know that when setting up VTP across switches in a network you should set a secret/password to prevent unauthorized requests. My question is I know that this uses an MD5 hash to ensure that ...

Related tags

Hot questions

Language

Popular Tags