passwords's questions - English 1answer

2.912 passwords questions.

Is there any phycological research that appears relevant to making passwords easily forgettable under adverse circumstances? Circumstances might include when under duress, after some duration of non-...

Firefox stores passwords (I am not referring to the Master Password feature) and I would like to know if a survey website can steal those passwords. I was typing a URL and perhaps I mistyped it and ...

I came across this plug-in that started some alarm bells ringing. The add-on would help submit a website to web directories. The first 100 submissions are free, then you need to pay $20 via pay-pal (...

What is the best, most secure, easiest way to: store unique, strong passwords for every service which requires authentication make the system resistant (total loss of security is avoided, breaches ...

I was wondering if it possible to encrypt a flash drive (or any other external medium) using certificates instead of a password. The idea is to have a number of encrypted pendrives that can be used on ...

I am trying to solve a problem with a password system. I need to figure out the probability of the password being guessed. If I have an 8-character alphanumeric password. it cannot be all #'s, ...

I connect to the VPN of another company with a company-specific username and password (they aren't giving everyone the same password to every company to access it or anything ridiculous like that.) ...

I'll readily admit I'm pretty clueless when it comes to cryptography, so there may already be some false assumptions in the question title itself :-) Still, I "heard" that it is more secure to store ...

I consider implementing a Secure Remote Password (SRP-6a) verifier that omits the username from the x key hash. The intention is to allow authentication with multiple alternate user identifiers such ...

Entropy is a term used often in relation to password security and brute-force attacks, but it is a topic that can get complicated quickly. What is the best way to describe password entropy (what it is ...

I copy-pasted a function that implements the PBKDF2 hashing algorithm in PHP. The function asks for the amount of time that I would want it to loop in order to produce a hash. Now, I'm wondering, ...

We know that key loggers are the most effective and most annoying means of getting compromised over login id/password on the web or any application.... and your whole privacy is breached. Is there ...

I've just realised that facebook accepts 3 forms of a password: Source: Facebook actually accepts three forms of your password: Your original password. Your original password with the ...

I know a few people with pretty weak passwords. What kind of systems exist to prevent dictionary attacks? Would it make sense to restrict the number of connection attempts in a certain timeframe? ...

When I read about a password being secure and stating that it would take X amount of week, years, etc. isn't that referring to the worst case? What happens if the brute force method is successul in ...

I have often seen that takes x amount of time to crack a certain length password. But this just seems to be the amount of time it takes to iterate through all the possibilities. What about the time it ...

Is it ever appropriate to use real-world passwords to encrypt files to be sent via unsecure means. By real world, I mean a password that is memorable and memorisable by a mere person? I am implying ...

Is it okay to use the primary key as the salt in a Users table? The only disadvantage that I can see is if the PK changes (unlikely), then the passwords break. What are your thoughts?

I am looking for an encryption algorithm that would allow me to know if the password supplied is the correct one or not. This question can be considered as a follow-up for Q. In particular the answer ...

We had an incident where some of our managers were given passwords for the people they supervise using a particular company website. Ostensibly it was done so the managers could check in on the users ...

I'm referring to "remembered" password that the domain keeps so a user cannot reuse that password until it has expired in what was set at Password Policy on DC (W2003/W2008). Where is password ...

I've been looking for ways to improve security and security awareness for both internal and external clients and I happened upon the idea of generating a one-time, random "password suggestion" on the ...

Bob has a password (for his WPA encrypted wifi) which is 8 characters, all lowercase, and not a dictionary word. Eve lives next door to Bob and wants to illegally hack his WPA. The number of ...

So when it comes to security, when I have an idea that seems good, but no one else seems to be doing, I try to assume that I'm overlooking something obvious or otherwise significant. This is one such ...

When generating a password, should it be "truly random" or should I make it a little less random by enforcing some rules? If a password is generated at random, it could come out all-lowercase letters ...

I thought the strength of a password depended on the total number of possible combinations. Therefore, allowing longer passwords should be safer because you then have more possibilities. But why do ...

Possible Duplicate: Sharing passwords and credentials between founders and employees I use KeePass for my personal passwords. I would want to use it for my business, too, but the only way I ...

When a user's logging in to my site, they send their username and password to me over https. Besides the ssl, there's no special obfuscation of the password - it lives in memory in the browser in the ...

If a company has terrible security policies like letting people email password in cleartext emails, what to do if they reject all fair minded advice?

I called customer service of a well known company and discovered that the operator had the ability to view my website password in clear text on her screen. I asked her about this and she defended the ...

What would be your recommendation for replacement of an MD5 hash approach to password storage within an MS-SQL database be?

Existing questions on this site discuss some of the heuristics used by password cracking tools to avoid doing a completely naive brute-force search (for example, "dictionary word with number ...

I am looking for THE or a real function I can use to generate salt for my mobile app on Windows Mobile. In case I am not abusing in this request but in the future I plan as well the same app for ...

I was trying to design an authentication system that would make it much harder to guess a password via brute force, and reduce the risk to a user if the hashed password was stolen through a snooping ...

I'm creating a webapp, and part of my authentication method is password length. Should I put one in place? (say, 50 characters?) Or should I just put a minimum length (Currently at 6). Are there ...

In the olden days, one could trivially bypass BIOS passwords on most PCs by removing the BIOS battery and clearing the CMOS. My question is: On modern PCs equipped with a Trusted Platform Module (TPM)...

I was just reading a discussion about cracking passwords that said the person running the tool might know things about the target like the birthday of his first girlfriend's dog but the tool won't. ...

A popular way to login to iPhones and other phones is to use a "connect the dots" password. For those unfamiliar, it looks something like this: Is this kind of passwords secure from brute force ...

When creating a new password, people often recommend you use both uppercase and lowercase characters, numbers, and symbols. How does adding any of these increase the strength of a password? There ...

Possible Duplicate: How are browser saved passwords vulnerable? How secure are the password managers that are built into modern web browsers? Currently I use lastpass plugin as I believed the ...

Am I wrong to think that scrypt(bcrypt(password)) would be better than using sole (s|b)crypt? Especially when considering two different key for the two algorithms. I am also interested in some papers....

Possible Duplicate: Do non-keyboard characters make my password less susceptible to brute forcing? Every article on password security that I read tells people to make the password more ...

I was using Lotus Notes today and I realized that the program asks password is encrypted in many ways. even without access to the stored passwords notes I can say that they are at least as recorded in ...

Do you know any good approach for de-hashing/actually bruteforcing hashed passwords in the shadow file? On various operating systems, any good solutions/methods/programs. Or is it better to upload ...

Possible Duplicate: From a security point : Is it OK to tell your password to an admin? I am working in a small company (20 employees) as a senior SW engineer. After having some email problems, ...

Can a hashed password be recovered if the hashing is done with DES based crypt function in PHP and both the hash and salt are known by the attacker? Consider the following example: $salt = 'mysalt'; ...

Do you guys think salting password with the first 8 bit of the password itself will have same result as using stored salt to hash password? [Clarification] I am not storing salt but creating from the ...

I wrote a game which stores high score information on an ftp server. In the the source code I need to write out the ftp link with the account name and password in it. For example: url = new URL("ftp:...

Possible Duplicate: Do non-keyboard characters make my password less susceptible to brute forcing? Bruteforce tries cracking the hash with every possible combination of letters. Then, If I'll ...

I'm starting to write my first serious web application and am thinking about how to store username and password information. There are plenty of articles detailing how storing plain text passwords is ...

Related tags

Hot questions

Language

Popular Tags