Collaborate Disseminate
Most of the banks uses OTP (One Time Password) to enrich the authentication through dual factor.
But I observed Banks are sending the OTP to mobile as well as email.
I suppose sharing passwords on email is not secure and it’s not a recom… Continue reading Bank sends one-time password by e-mail (while sending on SMS) for transaction verification; is this insecure?
The global digital giant’s services like facebook/gmail/twitter/etc are not following standard password policies (like the standard password policies used by most of the Enterprises/Corporate).
For example there are no pass… Continue reading Is my personal data at risk with global digital giant’s services?
We are working on an online eCommerce site and we need to have online transactions. The common mechanism of verifying the online transaction seems the OTP (one Time Passwords) over SMS.
But this mechanisms is alarming as cam… Continue reading Will evolving bio metric capabilities on mobiles replaces online transaction verification through SMS (OTP)?
On a Windows Server 2003 machine seems like someone has logged in through RDP without using credentials: there is a logged access, but there are nor userid nor password.
I am wondering how is this possible, and I can’t figure… Continue reading RDP violation without credentials
On one of my web servers, I have set up a password-protected directory using the well-known .htaccess / .htpasswd mechanism. The web server is run by Apache 2.4.10 under Debian jessie, if that matters. The relevant snippet from the virtual… Continue reading Firefox not deleting HTTP Basic authentication credentials although being instructed to do so
I am having a network issue that every time in a while it requires me to enter my windows credentials (it is company security thing)
If I don’t do that I will have no internet connection on my laptop
The procedure I do ever… Continue reading Auto-Fill Windows Security Credentials
My friend just asked me: “why is it actually that bad to put various passwords directly in program’s source code, when we only store it in our private Git server?”
I gave him an answer that highlighted a couple of points, bu… Continue reading Why is storing passwords in version control a bad idea?
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building. Continue reading Microsoft Flaw Allows Full Multi-Factor Authentication Bypass
A hacker has compromised Reddit’s systems and was able to make away with email addresses and account credentials. Continue reading Reddit Breach Stems from SMS Two-Factor Authentication Breakdown
I’ve been searching for a good answer to this problem for a while now, and have seen questions that could be duplicates, but none of them seem to have good/definitive answers that work for my case.
I am building an Electron … Continue reading How to safely store OAuth2 credentials in a Desktop application