Collaborate Disseminate
As I understand things, given a user with proper password management (e.g. with a libre password manager like KeePassXC) the only realistic threat is having passwords leaked the following ways:
A: password keylogged (e.g. logging in to yo… Continue reading Is it a bad idea to replace passwords with OTP?
I’m looking for a process to replace the status quo of notepad and Excel. We’ve tested a market-leading password manager. An issue that comes up with this is that the secure sharing password facility has some significant vulnerabilities. W… Continue reading Does a solution exist to permit account sharing without revealing the account password?
I was recently assessing a web application where during user registration the application would send a password reset link via email where the token portion of the URL was the following in base64:
<Email address>:<randomly generat… Continue reading Web Application Sends Newly Registered Users Plaintext Password. Could you assume that passwords are not hashed in DB storage?
I want to store the passwords of accounts hashed into a database that can be accessed through a python-flask application. When you would login, this python application is supposed to provide you with a token that will be saved in the front… Continue reading How do I properly secure my login using bcrypt in react and a python-flask backend?
Not sure about the rest of the world but at least in Canada, nowadays more and more online-only banks and stock brokers, so called FinTechs, are emerging. To allow customers moving funds across banks faster, these FinTechs use 3rd party se… Continue reading Is resisting giving online banking password to 3rd party becoming increasingly futile and unnecessary?
So I am writing a password manager (mostly low value, application specific passwords) for a game. I need a way to store a password safely. Light reading suggests using a key derivation function (like pbkdf2), and then encrypt the password … Continue reading Reuse IV for KDF and Encryption
So I am writing a password manager (mostly low value, application specific passwords) for a game. I need a way to store a password safely. Light reading suggests using a key derivation function (like pbkdf2), and then encrypt the password … Continue reading Reuse IV for KDF and Encryption
One the Hashicorp Vault basic feature is secret leasing. They state:
Leasing and Renewal: All secrets in Vault have a lease associated with them. At the end of the lease, Vault will automatically revoke that secret. Clients are able to re… Continue reading What are the advantages of password "leasing"
One the Hashicorp Vault basic feature is secret leasing. They state:
Leasing and Renewal: All secrets in Vault have a lease associated with them. At the end of the lease, Vault will automatically revoke that secret. Clients are able to re… Continue reading What are the advantages of password "leasing"
In the Bitwarden Security Whitepaper Page 9-10 (User Login | User Authentication | Access to User Vault Data section), it’s written that the master password is encrypted locally and then stored on the server and the encryption key is hashe… Continue reading How does Bitwarden Authenticate and decrypt the vault [closed]