Collaborate Disseminate
Q: how to securely use pass tool to for scheduled jobs?
One of the tools to store and manage passwords on a unix machine is pass, which is a layer on top of gpg. Any password that I create is encrypted and stored locally, which can be decr… Continue reading Using pass cli for background (cron) jobs securely
A GoodFirms survey outlines the current password behavior of online users, risk factors associated with password management, and the best measures, policies, and practices to safeguard passwords from attacks or breaches. 30% of surveyees reported passw… Continue reading 30% of online users suffered security breaches due to weak passwords
I would love to gather some information on how to program my own password manager properly as I’m pretty new to security. Currently, I’m using pythons cryptography module and a sqlite database.
The data in the database is encrypted with Mu… Continue reading password manager and key management
I’m designing a password vault that’s accessible to clients through an existing web application. The clients are small, (and mostly non-technical) businesses that aren’t using password managers, but are using this existing application that… Continue reading Design of a web based password vault
I would like to know what encryption 1Password uses.
On the About the 1Password security model page, it says:
Your 1Password data is kept safe by AES-GCM-256 authenticated encryption. The data you entrust to 1Password is effectively impos… Continue reading What algorithm does 1Password use for encryption, AES-GCM-256 or AES-CBC-256?
Is there an application to create an archive (e.g. 7z, zip, rar, etc) that can be accessed with multiple valid passwords?
For example the password protected archive "example.7z" can be extracted using either "Passw0rd",… Continue reading Application to archive a file with multiple passwords [duplicate]
I had a situation where I clicked an email link send to me by a financial institution. The link first sent me to their login page where my chrome password extension automatically filled in my username and password. Usually I would never en… Continue reading Do password autofill extensions securely validate the site they are autofilling?
While using a password+ manager is a know must for sensible security, one nuisance (from an UX point of view) I encounter is that there are different password "tiers". Pretty obviously my e.g. file encryption and online banking a… Continue reading How to best separate password "tiers" or not at all?
I am currently making my own password manager as my main project. But of course, I want to make it sturdy, in case I release it to the public.
The password manager follows this simple structure: A field holds key-value pair (like "Pas… Continue reading How would one be able to abuse which fields are linked to which record in a password manager?
The consequences of a breach have never been more severe, with global cybercrime collectively totaling $16.4 billion each day, a Devolutions survey reveals. A recent study by IBM revealed that organizations with fewer than 500 employees had an average … Continue reading 52% of SMBs have experienced a cyberattack in the last year