Collaborate Disseminate
Is there any security issue if I use for example my Gmail account to store passwords from another resources instead of using any password manager like a KeePass?
If my password for Gmail account is not duplicated on any other resources, it… Continue reading Password manager vs Gmail
I’ve never seen any example of this and I’m just curious why? Why is it not okay just to pass it through HTTPs + encoded in a JWT? I will not be storing the password anywhere on the client side, I will just be reading it once. I’m pretty s… Continue reading Passing password back from server to client?
A one-time password (OTP) is an automatically generated sequence of characters that authenticates a user for a single transaction or login session. OTP is a widely popular security strategy, but does it provide true password safety? This type of password security is certainly better than traditional, static passwords. But recently security analysts discovered that you […]
The post One-Time Password Security Might Fail 80% of the Time. IAM is Better appeared first on Security Intelligence.
Continue reading One-Time Password Security Might Fail 80% of the Time. IAM is Better
Q: how to securely use pass tool to for scheduled jobs?
One of the tools to store and manage passwords on a unix machine is pass, which is a layer on top of gpg. Any password that I create is encrypted and stored locally, which can be decr… Continue reading Using pass cli for background (cron) jobs securely
A GoodFirms survey outlines the current password behavior of online users, risk factors associated with password management, and the best measures, policies, and practices to safeguard passwords from attacks or breaches. 30% of surveyees reported passw… Continue reading 30% of online users suffered security breaches due to weak passwords
I would love to gather some information on how to program my own password manager properly as I’m pretty new to security. Currently, I’m using pythons cryptography module and a sqlite database.
The data in the database is encrypted with Mu… Continue reading password manager and key management
I’m designing a password vault that’s accessible to clients through an existing web application. The clients are small, (and mostly non-technical) businesses that aren’t using password managers, but are using this existing application that… Continue reading Design of a web based password vault
I would like to know what encryption 1Password uses.
On the About the 1Password security model page, it says:
Your 1Password data is kept safe by AES-GCM-256 authenticated encryption. The data you entrust to 1Password is effectively impos… Continue reading What algorithm does 1Password use for encryption, AES-GCM-256 or AES-CBC-256?
Is there an application to create an archive (e.g. 7z, zip, rar, etc) that can be accessed with multiple valid passwords?
For example the password protected archive "example.7z" can be extracted using either "Passw0rd",… Continue reading Application to archive a file with multiple passwords [duplicate]
I had a situation where I clicked an email link send to me by a financial institution. The link first sent me to their login page where my chrome password extension automatically filled in my username and password. Usually I would never en… Continue reading Do password autofill extensions securely validate the site they are autofilling?