Collaborate Disseminate
Encryption tech is obviously intended to secure things that we want to be private over an insecure medium. When I log into a site for example, my password is transmitted over HTTPS, hashed by the reciever (hopefully), and then compared to … Continue reading Is a leaked encrypted password more secure than a leaked hash?
Consider a home user who runs Linux on a laptop with full-disk encryption and uses a cloud-based password manager. Assume the laptop is firewall-protected with no SSH access. It seems reasonable to reuse the same passphrase for the OS user… Continue reading What are the risks of reusing the same passphrase for FDE, user account, and password manager?
I’m attempting to reduce the number of passphrases that I must memorize. Currently I need a different passphrase for each of:
Password manager
FDE for my personal computer
User account for my personal computer
FDE for my work computer
Use… Continue reading How can I reduce the number of passphrases that I must memorize (password manager, FDE, user accounts)? [closed]
I created an app that requires users to make multiple different logins within the app. Is it possible to use Google’s Identity API to ensure that the different required login credentials are stored/retrieved by Google whenever they are nee… Continue reading Credential management for an app requiring multiple different logins within a single application [closed]
I’m a customer of a big KYC provider and am using their API. The process to authenticate at the API requires a secret key that they are sending to me by email. If I want to revoke the key and get a new one I have to send a mail to their su… Continue reading Sending secret API Keys via email
Keeper used to be free so I had stored most of passwords on that app a few years ago from a past device. When I tried to access the passwords after five years, the app had turned into a subscription model and held my passwords as hostage. … Continue reading Password managing apps seem to have access to my passwords
Today, on an official government website, I came across the following password rules:
"Your password has to be at least 8 characters long. It can’t have any blank spaces. It has to use characters from at least three of the following s… Continue reading Reasoning behind banning ‘#’ from the start of passwords? [duplicate]
For a while I’ve been pondering a user authentication protocol that aims to ensure that a client does some computational work before the server will attempt to authenticate the password.
The reason for this is to remove some of the asymmet… Continue reading Using Proof of Work to slow down login attempts
When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has been in the news recently for all the wrong reasons, with multiple reports of data […]
The post What’s Going On With LastPass, and is it Safe to Use? appeared first on Security Intelligence.
Continue reading What’s Going On With LastPass, and is it Safe to Use?
Given the following argon2 hash
$argon2id$v=19$m=65536,t=32,p=8$mJmKA5qamzXOPJZYw4wCEUKY$COkMH0RckaZ/3bhYCdCQjLuzoLKxcAmk4TzmHRRgTQ8
How should the hash be stored in a database? From the answers of this question it says you shouldn’t store… Continue reading How should an argon2 hash be stored? [duplicate]