Collaborate Disseminate
I’m developing a multi-platform application using Flutter, which involves sensitive user data and requires both online and offline accessibility. To enhance security and usability, I am considering implementing a local password recovery me… Continue reading Is local password recovery for each device a viable security approach?
I think this should be the right SE, apologies otherwise
I have been researching ways to be more careful with how I handle important documents and credentials, but everything I found sounded incredibly inconvenient to use so I would like t… Continue reading Offline, multi-machine, 2-factor authentication information vault?
In $SomeCorpo there is a policy that passwords must never be stored anywhere else except employees’ heads. Paper notes, password managers, storing passwords in browsers, etc, are all forbidden. To facilitate this they are even willing to r… Continue reading Does the recommendation to use password managers also apply to corporate environments?
The web app I’m developing makes use of the concepts of "access token" and "refresh token", even though it uses its own auth scheme.
In certain situations, the web app needs to get an "impersonation token" fro… Continue reading Refresh tokens for impersonating user credentials: how to implement them?
I use a password manager to provide a decent information security level in my everyday life – by generating strong passwords on every occasion – and remembering only the one master-password.
But now I become concerned – what if by some acc… Continue reading What is a secure way to store the master-password of a password manager? [duplicate]
Ok- so you all probably know that a hash is used to help secure a stored password in a database, if it was stolen.
When a user logs in, and enters a password, it gets hashed, and then matched to a hash in the name of the user that tried to… Continue reading How do databases/companies change their hashing algorithm? [duplicate]
Are there any risks to writing down your digital passwords on physical paper?
I am asking because I once saw on a website that you shouldn’t do this…
Any ideas, because I just really don’t see how anyone could steal them, unless a burglar … Continue reading Security implication of writing down passwords [duplicate]
In this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. She emphasizes balancing and adopting comprehensive security controls, including cloud… Continue reading Strategies for secure identity management in hybrid environments
I’m working on a project that requires offline functionality, including offline login and secure data manipulation. I’d appreciate feedback on my chosen approach and best practices for secure design.
Scenario:
Users need to perform CRUD op… Continue reading Secure Offline Login and Data Encryption with PBKDF2 and AES-256
A while ago I wanted to deploy a service using a OCI (docker/podman) container, and I noticed to me, what seemed like a possibly distributing trend. In the build file for a lot of the containers, the password is put there in plain text in … Continue reading Passwords/password hashes in plaintext in service configs – why is this common practice?