passwords's questions - English 1answer

2.970 passwords questions.

I was thinking last night after reading an article about pen testing and security audits, why would you get a list of all the passwords for the company you are auditing and put them through a piece of ...

In researching on best practices in hashing passwords using a salt I came across a presentation on slideshare. The approach outlined is as follows Client requests login page Server-side code ...

I skimmed through How Companies Can Beef Up Password Security and I thought that several assertions were completely wrong, in particular: Cryptographic hash (like md5) with salt are bad. It isn't ...

Of the information entered on the command line (command name and arguments) have to be considered public (everyone can access it using commands like ps). Is there a known tool to automate this kind ...

Possible Duplicate: How does changing your password every 90 days increase security? Some sites require users to change their password every x days. For example, at least 3 online banking system ...

I am looking for a really secure password manager and I really like the fact that Password Safe supports encryption/decryption using a Yubikey programmed in challenge-response mode. Read more here: ...

leakedin.org claims to offer a service checking if your LinkedIn password has been stolen and whether it has been cracked. The website claims that it's pure Javascript, that is your password won't ...

In the past I used varchar(255) for storing hashed passwords (no salt). Is this still enough? Or are longer fields required?

Some bank sites force me to use system generated numerical login (ie. 8 digit number). Apart from singnificantly decreasing usability and giving impression of security (to some), does it serve any ...

My sons' school sends both ID and PW for a portal through USPS at various times during the year, (e.g. class registration) whether I need it or not. If I change the password, it sends a confirmation ...

I am writing line of business software for a company, and we want to authenticate users, so we can manage workflow and do some auditing. Basically my employers don't want me to piggyback off of ...

Are there any academic articles on how people handle their passwords - how many they use in total, how often they change it, whether they commonly store it somewhere or just remember them and so forth?...

Possible Duplicate: How does changing your password every 90 days increase security? What are best practices for password expiration policies? There are some questions that already address this ...

In order to allow users to connect to my website, I encrypt their password using BCrypt since it is one of the slowest algorithms to decrypt (making a compromised database longer to be decrypted). ...

This question has always intrigued me whenever the subject of passwords is brought up. Does anyone have direct experience or a reputable source to answer what percentage of password breaches are ...

Are there any scientific papers or publications on GPU password cracking?

Objective: HIPAA compliance. Here is the process: Receive PDF File through secure website Open the PDF (Which involves downloading to some folder) No longer need PDF The Question: Is there any way ...

I had this idea to permanently conceal user password by requiring minimum length then stripping certain characters. For example if the user password is secret123, the system will strip it down to ...

Let's say you use a program like Truecrypt or Keepass which allows you to have a password + key file. I understand that passwords can be brute-forced/dictionary-attacked but is the same true for key ...

In a world where most people used passphrases instead of passwords, wouldn't an attack that generates a random string of words (alternating between word delimiters) be similarly effective to a brute ...

Reading an answer to another question ("Is there a method of generating site-specific passwords which can be executed in my own head?") I came across this link, describing a way to use a physical ...

pesudo random password

4 answers, 179 views passwords random
I post a question before about one password repeating to make it longer, now its a new way want to ask about, if take the word 'secure' and instead of repeating it put somenumbers between it, exp: ...

At this link there is a claim that if an RSA key has a strong passphrase security might be broken in a few hours if an attacker has the private key. Is there something weak about the security of RSA ...

I am about to set up a new account on my Linux server for a user that lives in another state in the U.S. I can't think of a good way to get them this user their password. There must be a standard ...

The problem: I have an open-source client (a Firefox add-on written in JavaScript) and a server containing somewhat sensible user information: username and user history (all from YouTube). The client ...

I would like to implement a "Remember Me" time-limited auto-login type feature on a mobile application (on Android). To start the app, the user must type in a username and password. For convenience, ...

In the company that I work there is a security rule: If you enter your password 3 times wrong, your login will be blocked! Then I have to go to mainframe program and re-register my new password. ...

I'm wondering how others verify the identity of users they're resetting passwords for. We currently try to speak to a manager at work, but it frustrates end users and seems like we don't trust them. I'...

My bank has recently replaced passwords with occasionally asking me information that is "known only to me". Such information includes my date of birth, postcode, and my mother’s maiden name. ...

Correct me if I am wrong, but I think Windows 7 is the only operating system out there that requires a hint for the first user created on the system (have not had a chance to check out Windows 8 Beta)....

How does the password that we enter (to connect to a wireless network) encrypt the data on the wireless network? Through my reading I am not sure if the password that we enter is the same as the ...

In certain cases we need to establish a key/password/certificate as a first timer and then as a client we need to use this key/password/certificate to get authenticated. Therefore the key/password/...

Say there is a line of business application which has username/password datatable in the DB. Personal email address is not stored, and usernames are assigned by an administrator. Someone gains access ...

I am studying about OTPs (One Time Passwords). I have gone through all the methods: HOTP (HMAC-based One Time Password), TOTP (Time-based One Time Password) I have no issues with HOTP. But according ...

If we suppose that it is found that P=NP, how will security measures need to be changed? I'd like to know the major security measures that are affected, and how they would need to be changed. We can ...

I am interested what features VMWare uses to protect passwords inside the virtual machine.

In my new secret document encryption utility, the key for symmetric encryption = the hash of a random salt and a user provided password. It is necessary to have a slow hash function in order to ...

I have put together a portable apps USB stick for when I need to use random site computers, I also threw truecrypt on with an encrypted volume for some word documents. The password I am using is ...

When I was a kid, WEP had a 40 bit key. Later, they came out with a 128-bit key. But as we all know, WEP was so badly-designed that the RC4 key length didn't really matter much. Ignoring this, my ...

What is a good resource for wordlists used in auditing passwords in non english languages. I have extensive wordlists in English ranging to several GB's, but can't find similar resources for other ...

I'm currently trying to write a web service for customer and requirement is to use WS Security. On their server side, they have passwords stored as SHA-1(salt+password). According to WSS spec, ...

I am looking for a simple but reasonably safe way to secure my home pc (and laptop, nas, etc.) with a hardware token. I would like the system to be secure, but practical enough to be used on a day to ...

Possible Duplicate: What to do about websites that store plain text passwords When using a system as it was designed to be used, and the system provides proof that it is storing and/or ...

The auditing company found a bug "The Auto-complete form attribute is set in password field". They suggested to disable autocomplete for this field to prevent disclosure of it "when working on shared ...

Does Windows XP or Windows 7 encrypt saved passwords? I'm assuming that the user uses local password to logon. The user then uses his own computer to connect to server in work and sets the "remember ...

Given a one-time password generator that is time-based (such as Google Authenticator), how many instances of (time, PIN) pairs would one need to significantly weaken the algorithm to a point where one ...

Do token-based authentication solutions (such as RSA SecurID) mitigate tools like incognito and/or pass-the-hash tools?

I had to use my utility company's online account information application and forgot the password. Going through the steps of resetting the password I was emailed the password in the open. I found this ...

My bank (and every bank I've come across) only ever asks for individual characters from my password when logging in. Is my bank storing my password in plain text?

Possible Duplicate: Which password hashing method should I use? I want the best cryptography algorithm for storing passwords in database, which one should I use and how can I implement using java ...

Related tags

Hot questions

Language

Popular Tags