Collaborate Disseminate
I’m doing a review of my personal digital security and recovery and I’m trying to figure out how to recover from the scenario in which all my belongings are gone (e.g. house goes up in flames). I have all of my passwords in a password mana… Continue reading Recover passwords from a full disaster scenario
LastPass released findings from its fifth annual Psychology of Password report, which revealed even with cybersecurity education on the rise, password hygiene has not improved. Regardless of generational differences across Boomers, Millennials and Gen … Continue reading False sense of safety undermines good password hygiene
Sometimes, we see a project where it’s clear – its creator seriously wants to make a project idea accessible to newcomers; and today’s project is one of these cases. The …read more Continue reading An Easy-To-Make Pi-Powered Pocket Password Pal
I am a big fan of 1Password. And I try to save my passwords in 1Password as much as possible.
However, there are environments where 1Password cannot be used. That is the password to protect 1Password itself and the password for full disk e… Continue reading How do I remember passwords for environments where Password Manager is not available?
There are two kinds of companies in the world: those that have been breached by unethical hackers, and those that have been breached and don’t know it yet. Hackers are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise […]
The post How to Keep Your Secrets Safe: A Password Primer appeared first on Security Intelligence.
Continue reading How to Keep Your Secrets Safe: A Password Primer
For example the KeepassOTP plugin is one of a few plugins for Keepass, that allows users to view their OTP code from within the password manager itself. Does this defeat the purpose of having a OTP as a form of 2FA? If the database is comp… Continue reading Does having authenticator app/OTP generator built into Password Manager defeat its purpose?
I often get this question:
I have sensitive data such as system credentials which my web application needs to secure. Some things I can store in a database, but others (like the credentials to access the database itself) need to be stored … Continue reading How do I secure sensitive information like system credentials in a configuration file?
Best practices say that when users choose a password (at signup or when changing an existing password), the application should reject that password if it appears on a list of passwords known to be unsafe. For example, NIST Special Publicat… Continue reading Should one reject login attempts when the correct password is newly added to a password deny list?
This is a slightly tough one to explain with my current experience, lacking mainstream terminology. But here goes.
I have an encryption/security model whereby I do not store users plaintext passwords. It’s pretty simple actually:
1 – on si… Continue reading How can a users plaintext password be acquired while using biometricID with the following security model?
I have been thinking about how to store my master passwords (password manager, email and device passwords) for quite a while and I just haven’t been able to come up with a satisfying solution yet. I really want to avoid having outsiders ga… Continue reading Amnesia and death proof master password