client-side – Page 17 – WindowsTechs.com

Why one time passwords using nested hash chain are not used?

Posted on May 1, 2013 by bobo

I am wondering, why web sites do not use one-time passwords generated by hash chain. By that I mean that a client chooses a secret and after being salted, he applies some secure hash function F() on it n times (e.g. n=1000000… Continue reading Why one time passwords using nested hash chain are not used?→

How to remember a trusted machine using two factor authentication (like Google’s system)

Posted on February 22, 2013 by Marryat

We are developing a web application that will use two factor authentication. We are likely to try and emulate something similar to that used by google, where to login you enter a username and password, and then receive a token in an SMS me… Continue reading How to remember a trusted machine using two factor authentication (like Google’s system)→

How to prevent attacks against client side validations?

Posted on February 21, 2013 by Vikas V

I have a login form where am accepting Mobile Number of the User for login.

When Mobile Number is submitted, am calling a JavaScript to validate the Mobile Number. My client side validations consist of checks like does Mobi… Continue reading How to prevent attacks against client side validations?→

Do client certificates provide protection against MITM?

Posted on December 28, 2012 by Christopher

I’m looking for a way to protect clients from a MITM attack without using a VPN, and ToR. My thought is that client certificates might do the job, but I’m not entirely sure since not too much server or browser support has be… Continue reading Do client certificates provide protection against MITM?→

Client side password hashing

Posted on October 23, 2012 by Foy Stip

Edit: Updated to put more emphasis on the goal – peace of mind for the user, and not beefing up the security.

After reading through a few discussions here about client side hashing of passwords, I’m still wondering whether it might be OK … Continue reading Client side password hashing→

How to protect against clickjacking attack but allow legit iframes?

Posted on July 19, 2012 by Paul Podlipensky

I’m aware of modern anti-clickjacking approaches, such as X-Frame-Options header or framekiller scripts. But all these tactics prevent content to be inside iframe. But what if there is a requirement for content to be in iframe, such as Twi… Continue reading How to protect against clickjacking attack but allow legit iframes?→

Why do some people really hate security via client-side?

Posted on May 18, 2011 by Incognito

For instance, lets look at a common login system for a website

HTTPS connection is made
User submits credentials via POST
Server-side code hashes the password and looks if it matches the user name
Session is initialized, an… Continue reading Why do some people really hate security via client-side?→

How secure are my passwords in the hands of Firefox using a Master Password?

Posted on November 17, 2010 by Roger C S Wernersson

I’m relying on Firefox to remember my passwords, using a Master Password of more than 25 characters. How secure is this set-up?

Continue reading How secure are my passwords in the hands of Firefox using a Master Password?→