Collaborate Disseminate
I’m not entirely convinced of the importance of verifying the authenticator attestation, and I’ve asked a question about it, I’m open to it, and if you want, you can post an answer at that question, but this one is specifically about "… Continue reading How does it "allow a malicious website to obtain valid credentials." – WebAuthn
I’m building a sharing protocol where users share data. To make it so only those authorised to read the data can do it, I’m using AES256 encryption. Every authorized person has a keyset (IV & key) to decrypt the information. The same k… Continue reading AES mode for reusing same keyset
I created an app that requires users to make multiple different logins within the app. Is it possible to use Google’s Identity API to ensure that the different required login credentials are stored/retrieved by Google whenever they are nee… Continue reading Credential management for an app requiring multiple different logins within a single application [closed]
I’ve made a list of the services/devices that require a PIN code. Shockingly, it’s over 10, which I find impossible to remember, so I need a strategy to reuse the codes.
What could be a strategy for doing it in the most secure way?
Devices… Continue reading How to reuse PIN codes in the most secure way?
Brand A has multiple, separate websites – these websites reference each other as part of the brand family, but do not have a shared single sign on system.
Instead, each website has their own login and account creation page – on which, ther… Continue reading Shared credentials logins between separate websites and trust issues
Despite best efforts it is pretty clear that most users reuse their credentials, especially for what they consider non-critical sites such as forums. While TFA does mitigate the potential damage of this a bit (aside from its other benefits… Continue reading Does a password-derived public key authentication improve security over pure password-based authentication?
The UK pharmacy chain says it wasn’t hacked, its systems are fine. It’s all the password reusers mucking things up again! Continue reading Boots yanks loyalty card payouts after 150K accounts get stuffed
Unfortunately for companies, cybercriminals don’t need to invent the wheel when choosing a way to hack corporate networks. Black hat hackers have a choice of cyberthreats and attack methods on a silver platter. Nevertheless, certain types of cybercrim… Continue reading Orchestrating Network Security to Handle Cyberthreats
Assume I have two Github accounts, one for regular use and one for testing purposes. Or two PGP keys, one for pass and the other for encrypted email communication, and my backup scheme is exactly the same for both keys.
Wikipedia describes credential stuffing as
a type of cyberattack where stolen account credentials typically
consisting of lists of usernames and/or email addresses and the
corresponding passwords (often from a data breach) are used… Continue reading What are the differences between credential stuffing and password spraying?