passwords's questions - English 1answer

2.970 passwords questions.

The router was a secondary one that was no longer being used. The person who did this is my ex-friend/roommate so the wifi password was also known. With me being confused as to what was going on at ...

The OWASP Forgot Password Cheat Sheet suggests: Whenever a successful password reset occurs, the session should be invalidated and the user redirected to the login page I'm failing to understand ...

Let's say Alice logged into https://www.facebook.com with her email and password: Email: Alice@gmail.com Password: correctHorseShoeBattery Nonce given by ...

Some password systems will enforce at least X of a type of character - a common one I see is 'minimum 3 numeric characters'. As far as I understand, simply allowing certain character classes, like ...

My friend uses Firefox's built-in password manager feature to save passwords for sites. Later, after installing Avast Free Antivirus there was a feature called Passwords on the Avast UI. When accessed ...

I'm considering emulating the "Show password" functionality, available in some newer browsers, on a website, essentially as a polyfill for browsers which don't. The common way to do this is to call a ...

I have a REST service A, which communicates with REST service B (both are internally hosted within the company network). REST service B is accessed via a service ID & plain password. How do I ...

If the input for the security question is completely digital, should the answer to a security question be hashed (or at least encrypted) on the authentication server?

I think my smartphone is being hacked into + controlled by a third party, possibly my internet connection as well. Some very odd things have been ongoing for many months. On my phone I hear constant ...

I'm a student and have one challenge about cryptography. I need clear definition or simple definition to better understand cryptography and related security. I’ve been reading lots of material, seeing ...

I recently came across some password code that hashed the password and then compared it with the saved hash in the naive way: one character at a time, short-circuiting as soon as a non-match was found....

I have obtained some hashes using crackmapexec and dumping from the LSA process. The hashes are in this form (data below is fake): adm_name:c6f132a235209036744ba5d303bd5d9b:SOME.ORGANISATION.COM:...

Windows stores the (NTLM) hashes of local users' passwords in the SAM hive. By booting from a live system (for example), one can not only extract those hashes for offline cracking, but also simply ...

I am talking about this password - 23##24$$25%%26 and the similar ones consisting of special characters appearing in a pattern, which the users these days use a lot. At work (finance company), I was ...

Yesterday, Twitter anounced that they recently identified a bug that stored passwords unmasked in an internal log. Recently, Github also had a similar bug. In both cases, they claim that nobody had ...

With some colleagues we're having a debate regarding the randomkeygen.com website. I do think that there is a security risk using the generated keys of this (or any of this kind) website. Why ? ...

Suppose that you are on a cybercafe, at a friend's home or at your work office, and you need to log in on a site, but you feel that the the computer can not be trusted (e.g. your friend isn't tech-...

Pros: The complexity in managing passwords is maintained by a company with stronger security policy. Let's assume they secure passwords properly. The user doesn't have to maintain yet another ...

I'm looking for a definitive guide to the rules that determine a "strong" password for website authentication. It seems many websites have many different rules, and I'm not sure what is the best ...

From this wiki page, I learned that the strength of a password is affected by two main factors, the length (L) and the possible symbols (N), and it's calculated using the equation: H = L * log2(N) ...

I've been asked to implement a system to prevent reusing passwords on the same account. The most secure way I know to do this is to compare hashes of the password + a known salt. bcrypt.hash(sha256(...

I just tried to add some details to a bug I have reported at bugzilla.mozilla.org (BMO) but wasn't let in because my password had been nullified. Now they want me to create a new password meeting ...

Twitter revealed that its passwords got unmasked in internal logs. But correct me if I am wrong, passwords are never unmasked, right? E.g. if the plaintext is "password", it is stored as "#masked". ...

For a beginner, how can I encrypt a password text into a cipher text that I would send via an email to someone, such that they can decrypt locally (offline) and read the password? To clarify, the ...

At work we use an authentication system called Swivel Secure without implementation specifically when connecting to our customers devices such as: routers, switches, firewalls, etc we must provide a ...

I was messing around with bcrypt today and noticed something: hashpw('testtdsdddddddddddddddddddddddddddddddddddddddddddddddsddddddddddddddddd', salt) Output: '$2a$15$jQYbLa5m0PIo7eZ6MGCzr....

According to XKCD: Password Strength, if the password consists of “four random common words”, it will be secure and memorable. I want to make a web application and make users create their passwords ...

I have an API where clients authenticate via Http basic auth (account:apikey). Users can generate (and revoke) many apikeys for the same account. I currently only accept HTTPS requests, but I am ...

I have a password-protected excel file that stores other personal passwords. Obviously there have been a number of ways to crack the password. community.spiceworks.com Where do you guys store ...

One of my friends, she has a lot of friends on Facebook, and uses it for marketing. Her account keeps getting broken into. Her password gets reset and/or gets locked for changing resetting password ...

My car license plates tend to have 3 or 4 digits and 3 or 4 characters. If I were to combine two (or more?) of them, throw in a plus sign or similar and uppercase one or two characters, how secure ...

I failed to answer a question in a CaptureTheFlag event, and the the question still bugs me. I want to share the question here and please help me if you know the solution. Question: You have the ...

From what I understand, Time-based One Time Passwords used a seed and a mathematical algorithm to generate unique passwords. As the seed is known by the user (or the device used by the user), and the ...

I recently wrote out a small javascript library that allows you to verify identity server password hashes in nodeJS. While I was doing the research I learnt that the type of hash, iterations and salt ...

I've seen similar questions on the site but not this exact one. The closest one was Altering passwords before storing where the accepted answer sums up by stating that transforming the password is ...

Is it safe to create a Veracrypt partition (on a USB) such that it takes up the whole device (ie. not a "file", but using the USB as the storage container) it contains only a standard volume (no ...

There's a free SMS sending service in our country. It requires a phone number to log in. Once registered, you can send SMS to any phone number within this country. The phone number which you use to ...

Here's the scenario: Your account has multiple active “password reset” links out in the world. They expire after 24 hours, and after you change your password. Instead of changing your password, you ...

Using Internet Explorer 11 I have been able to login to HTTPS web applications by providing a username and password and then subsequently logout. Whilst the browser process is running I can then dump ...

I'm curious if anyone has any advice or points of reference when it comes to determining how many iterations is 'good enough' when using PBKDF2 (specifically with SHA-256). Certainly, 'good enough' is ...

I am wondering about the safety of my passwords stored in FF > 57. I guess passwords stored in a Keepass database file are safe against cracking, as much as possible given its AES algorithm. Are ...

I am wondering how safe are my passwords stored in the passwords manager built into Mozilla Firefox. Currently I am using Firefox Quantum 59.0.2 64-bit under Ubuntu 16.04 in one machine. I guess ...

Justin Schuh defended Google's reasoning in the wake of this post detailing the "discovery" (sic) that passwords saved in the Chrome password manager can be viewed in plaintext. Let me just directly ...

I like LastPass but having to have it as a browser plugin means an attacker could steal all my passwords at once. It makes a lot of sense to use a hardware device to store my passwords, like yubikey ...

Well, please tell me, what's wrong with this code: $password = "hello"; $password = md5($password); for($i=1;$i<20;$i++){ $password = md5($password); } It's exactly the same as this one: md5(...

I saw someone's interesting practice to store sensitive information. He is saving all his thousand logins (including banks and email) in a access-restricted Google spread sheet, stored on his Google ...

This is loosely related to one of my recent answers. I've listed 4 methods of adding a new user via mkpasswd and useradd combination on Ubuntu 16.04. Command substitution: sudo -p ">" useradd -m -...

I'm currently working on an offline authentication system for a multi-user mobile environment. In order to avoid storing all passwords locally, which seems to be a bad idea, I proceed this way: A ...

I am noticing a trend in web development where login screens are no longer showing both the username and the password input fields simultaneously. Instead, you are required to type in your username ...

In the old days I would emphasize that people should not select the remember passwords option because (besides the fact you tend to forget what the browser remembers) a bad guy could display the ...

Related tags

Hot questions

Language

Popular Tags