Collaborate Disseminate
I’m working with some middleware that requires username/password authentication. The middleware uses MD5 hash for the password. The MD5 hash, of course, is not fit for the purpose of storing passwords. We need to address this.
We tried mod… Continue reading Is it safe to store a password using a secure hash followed by an insecure hash?
Sharing passwords should be avoided when possible. But if you have to use a shared web password, secure the password with Idaptive to reduce the risk of unauthorized access, enforce role-based access, and track who used the account and when.
Us… Continue reading Securing Shared Web Passwords with Idaptive
Office 365 lockouts are a major employee productivity issue – here are tips and tricks to stop account lockouts.
Active Directory account lockouts caused by brute force attacks on Office 365 are one of the top reported issues for Office 3… Continue reading How to Prevent Office 365 Account Lockouts
The use of security questions as two-factor authentication is one of the more popular options. Security questions don’t rely on smart phones or hard tokens, making them highly convenient. However, users tend to create weak or easy to guess an… Continue reading How to Make Security Questions More Secure
Using VPN client certificates and authentication cookies can help increase VPN security and improve the user experience by reducing the need to enter or re-enter a password. However, the use of these authentication methods can be like leaving your … Continue reading These VPN Configurations Could Be Your Weak Spot
A service account is a user account created for the sole purpose of running an application. For example, an online banking web site may have a single service account under which the code runs.
Service accounts, like any othe… Continue reading Does PCI-DSS password guidance apply to service accounts?
This question already has an answer here:
Is there a benefit to having SSL connections on localhost?
2 answers
Using HTTPS … Continue reading Is there any value to encrypting connections to localhost? [duplicate]
Next month, the EU’s General Data Protection Regulation (GDPR) takes effect.
Our organization is already PCI-DSS compliant.
Do we need to do anything additional to make sure we are consistent with GDPR standards? Or are all the requirem… Continue reading If I’m PCI-DSS compliant, do I need to worry about GDPR?
Our team works with sensitive financial applications and we want to be sure we are not introducing dangerous code into our projects. But we want to be able to use packages from Nuget.
What due diligence steps should be foll… Continue reading What steps should a developer take to ensure that a nuget package is not dangerous?