Collaborate Disseminate
Apologies if this is a basic question.
I understand that when I log into a website, I send my password in an encrypted form. This gets unencrypted by the server and my password is hashed and compared to the hash stored by the server. If my… Continue reading Hashed passwords question and encryption [duplicate]
I have seen that access to third-party mobile applications (specifically banking apps) can be authorised using the mobile’s (in my case Apple’s) native Face ID system.
If my facial image is being authenticated on my device, what is being s… Continue reading How does Face ID authenticate third party app access? [closed]
I have just signed into google using my browser, and google two step authentication has just started. When signing into google on my browser, it informed me that an authentication had been sent to my YouTube app on Rich’s iPhone.
How does… Continue reading How does google know my iPhone device name?
NordVPN popped up with
"Couldn’t establish a secure connection." "We couldn’t validate this
TLS certificate and ensure a secure connection required for NordVPN to
run. It looks like your internet traffic might be intercepte… Continue reading Couldn’t establish a secure connection
What attack vectors exist for "bad" FIDO USB keys? What would the weaknesses of a "bad" key be? How could they be compromised?
I have been looking at several "make your own key" projects, and wonder how they… Continue reading FIDO2 security keys – what attack vectors/weaknesses exist for "bad" keys
I remember ten years ago in Android I would go to settings – encrypt disk – to protect all my data. That was different to a screen lock password.
However, I just bought a new Samsung Galaxy A23 phone and there is no option anywhere in sett… Continue reading Are Android phones now encrypted by default?
Question in short:
If I consider just the first 16 bytes of SHA-1 and SHA-256 hashes, do they have substantially the same collision risk?
Background:
I have an application where I need a 16-byte (exactly) hash of a short string (a few byte… Continue reading For common hashes, are their collision risks similar when considering only the first N bytes?
A big web service asked me to upload a .HAR file from Chrome incognito to help them with my support request.
What sensitive information could I expose and how can I remove it?
I don’t mind IP address and username, but stuff like:
Google a… Continue reading How to make a HAR file safe to send?
I’m building my own authentication and deciding on the signup/login flow. I’m would like some security feedback on this type of flow:
User submits email address.
6 character alphanumeric one-time-code is generated and sent to the provided… Continue reading Security of email OTP authentication
I have just discovered that my local bank, Nordea, has decided to remove the only good thing about their entire operation: the so-called “simplified login” feature on their website, which allows (soon allowed) the customer to… Continue reading Is there some secret way to access basic Nordea bank account data (balance) now that they have killed the "simplified login"? [migrated]