Collaborate Disseminate
I am a big fan of 1Password. And I try to save my passwords in 1Password as much as possible.
However, there are environments where 1Password cannot be used. That is the password to protect 1Password itself and the password for full disk e… Continue reading How do I remember passwords for environments where Password Manager is not available?
There are two kinds of companies in the world: those that have been breached by unethical hackers, and those that have been breached and don’t know it yet. Hackers are relentless. Today’s cyberattacks have evolved into high-level espionage perpetrated by robust criminal organizations or nation-states. In the era of software as a service (SaaS), enterprise […]
The post How to Keep Your Secrets Safe: A Password Primer appeared first on Security Intelligence.
Continue reading How to Keep Your Secrets Safe: A Password Primer
For example the KeepassOTP plugin is one of a few plugins for Keepass, that allows users to view their OTP code from within the password manager itself. Does this defeat the purpose of having a OTP as a form of 2FA? If the database is comp… Continue reading Does having authenticator app/OTP generator built into Password Manager defeat its purpose?
I often get this question:
I have sensitive data such as system credentials which my web application needs to secure. Some things I can store in a database, but others (like the credentials to access the database itself) need to be stored … Continue reading How do I secure sensitive information like system credentials in a configuration file?
Best practices say that when users choose a password (at signup or when changing an existing password), the application should reject that password if it appears on a list of passwords known to be unsafe. For example, NIST Special Publicat… Continue reading Should one reject login attempts when the correct password is newly added to a password deny list?
This is a slightly tough one to explain with my current experience, lacking mainstream terminology. But here goes.
I have an encryption/security model whereby I do not store users plaintext passwords. It’s pretty simple actually:
1 – on si… Continue reading How can a users plaintext password be acquired while using biometricID with the following security model?
I have been thinking about how to store my master passwords (password manager, email and device passwords) for quite a while and I just haven’t been able to come up with a satisfying solution yet. I really want to avoid having outsiders ga… Continue reading Amnesia and death proof master password
Malicious 2FA attacks, account takeovers on the rise and how to dictate text on your iPhone lead this week’s tech news.
The post Tech news you may have missed: Sept. 22 – 29 appeared first on TechRepublic.
Continue reading Tech news you may have missed: Sept. 22 – 29
I’ve been pondering some potential cybersecurity applications for enclaves. One of them being the problem of password hashing.
Some clients have enclave support, meaning part of their CPU can securely execute code in an encrypted and authe… Continue reading Practicality of outsourcing password hashing using enclaves
LastPass has announced that its development environment was recently compromised… Continue reading LastPass Confirms Internal Source Code Compromised in Security Breach