Collaborate Disseminate
What are the alternatives of storing tokens when password managers are discouraged?
Some of the ideas that come to my mind are storing in a text file and encrypting with GnuPG but that’s asks for extra password.
I’m building a simple CLI password manager. My current version uses getpass to securely read the master password in the shell which will be used to decrypt a stored password and copy it to your clipboard.
Since I’m using a Mac I thought it… Continue reading How to build a simple but secure password manager using a fingerprint sensor [migrated]
Background: I’ve always reused same username/password on all websites and got hacked regularly. I am considering using a password manager, but I don’t like the need of storing a database. So I came up with my own idea.
Assume there are mul… Continue reading Cryptographic hash functions and personal password management
TL;DR: running npm i … not long after pass my-password allows a malicious package to steal my entire password store.
I use pass as a password manager, on Linux. And like probably all Linux users, I use sudo to run commands as root.
The … Continue reading How to securely use `pass`, `sudo`, and `npm` on the same machine
I’m asking myself what are the benefits of refresh token over saving the user password (securely) on user device and perform a transparent login (background) with its credentials to get a fresh new access token?
Note: you would have to “id… Continue reading Auto-login (password stored on device) vs refresh token
I don’t know much about AD or Windows security. As in this question, I understand that pwd change notification can be useful for both users and for system administrators.
As an AD administrator on Windows Server 2012 R2, can I configure th… Continue reading How to notify administrators of an Active Directory pwd change?
In a recent podcast from England Rugby Union coach Eddie Jones, he made reference to the adage about trying to be “world-class at things that require zero effort.” Relating that adage to the work environment, people can become world-class in some ways that require ‘zero effort’: Being on time for online meetings Paying attention […]
The post How to Become World Class at Cyber Hygiene appeared first on Security Intelligence.
Bitwarden announced the results of a global survey of enterprise security decision makers, conducted by 451 Research, which explores enterprise password management practices and intent. Overall, the survey finds that strong passwords remain a priority … Continue reading Strong passwords still a priority strategy for enterprises
In this comparison between Bitwarden and LastPass, we explore their features, security, ease of use and pricing. Find out which password manager is best for you. Continue reading Bitwarden vs LastPass 2023: Which Password Manager Is Best?
Are there any best practices for storing app specific PINs (e.g. 6 digit PIN that isn’t part of the device lock screen) on mobile devices (Android/iOS)? I know several banking and authenticator apps do this. Seems like bcrypt with a reason… Continue reading Storing app specific PINs on mobile devices for local authentication