Collaborate Disseminate
While using a password+ manager is a know must for sensible security, one nuisance (from an UX point of view) I encounter is that there are different password "tiers". Pretty obviously my e.g. file encryption and online banking a… Continue reading How to best separate password "tiers" or not at all?
I am currently making my own password manager as my main project. But of course, I want to make it sturdy, in case I release it to the public.
The password manager follows this simple structure: A field holds key-value pair (like "Pas… Continue reading How would one be able to abuse which fields are linked to which record in a password manager?
The consequences of a breach have never been more severe, with global cybercrime collectively totaling $16.4 billion each day, a Devolutions survey reveals. A recent study by IBM revealed that organizations with fewer than 500 employees had an average … Continue reading 52% of SMBs have experienced a cyberattack in the last year
As I understand things, given a user with proper password management (e.g. with a libre password manager like KeePassXC) the only realistic threat is having passwords leaked the following ways:
A: password keylogged (e.g. logging in to yo… Continue reading Is it a bad idea to replace passwords with OTP?
I’m looking for a process to replace the status quo of notepad and Excel. We’ve tested a market-leading password manager. An issue that comes up with this is that the secure sharing password facility has some significant vulnerabilities. W… Continue reading Does a solution exist to permit account sharing without revealing the account password?
I was recently assessing a web application where during user registration the application would send a password reset link via email where the token portion of the URL was the following in base64:
<Email address>:<randomly generat… Continue reading Web Application Sends Newly Registered Users Plaintext Password. Could you assume that passwords are not hashed in DB storage?
I want to store the passwords of accounts hashed into a database that can be accessed through a python-flask application. When you would login, this python application is supposed to provide you with a token that will be saved in the front… Continue reading How do I properly secure my login using bcrypt in react and a python-flask backend?
Not sure about the rest of the world but at least in Canada, nowadays more and more online-only banks and stock brokers, so called FinTechs, are emerging. To allow customers moving funds across banks faster, these FinTechs use 3rd party se… Continue reading Is resisting giving online banking password to 3rd party becoming increasingly futile and unnecessary?
So I am writing a password manager (mostly low value, application specific passwords) for a game. I need a way to store a password safely. Light reading suggests using a key derivation function (like pbkdf2), and then encrypt the password … Continue reading Reuse IV for KDF and Encryption
So I am writing a password manager (mostly low value, application specific passwords) for a game. I need a way to store a password safely. Light reading suggests using a key derivation function (like pbkdf2), and then encrypt the password … Continue reading Reuse IV for KDF and Encryption