password policy – Page 11 – WindowsTechs.com

What password policy should a typical web app have?

Posted on March 14, 2019 by Taymon

By “typical”, I mean in terms of the value of the data and how hard attackers are likely to try to breach it, as opposed to one that’s guarding data sensitive enough that it’s worth significant sacrifices to user convenience…. Continue reading What password policy should a typical web app have?→

Impact on required password entropy when introducing two-factor authentication [duplicate]

Posted on March 13, 2019 by JFB

This question already has an answer here:

Is it safe to use a weak password as long as I have two-factor authentication?

11 answers

… Continue reading Impact on required password entropy when introducing two-factor authentication [duplicate]→

Password Spraying Attacks

Posted on March 6, 2019 by john_zombie

Has anyone ever came across this type of attack in a work environment? I am doing some research and cant seem to find any information on companies who experienced this type of attack and how they remediated it. How many compa… Continue reading Password Spraying Attacks→

Should a mobile banking app force clients to change their password periodically, e.g. every 3 months?

Posted on March 4, 2019 by globizer

Is there an internet bank that forces users to change their passwords periodically?

In Poland, none of the banks forces a change of the password for Internet banking. Of course, banks educate and suggest changing the passwor… Continue reading Should a mobile banking app force clients to change their password periodically, e.g. every 3 months?→

Is password dependent iteration count a good practice?

Posted on March 2, 2019 by kasperd

I consider the possibility of improving password security by increasing the hashing iteration count for short passwords.

The security benefits I see of this practice are:

Short passwords are better protected by making brute force more e… Continue reading Is password dependent iteration count a good practice?→

Creating a unique password for each device

Posted on February 28, 2019 by steuck92

My team is currently working on an IoT product and we’re having some issues thinking about a good way to create a unique password for each device.

Each device runs on GNU/Linux and we have an application that generates an im… Continue reading Creating a unique password for each device→

Which password policy is more secure: one password of length 9 vs. two passwords each of length 8?

Posted on February 28, 2019 by carlos

What is more secure, having one password of length 9 (salted and hashed) or having two different passwords, each of length 8 (salted and hashed using two different salts)?

Continue reading Which password policy is more secure: one password of length 9 vs. two passwords each of length 8?→

Is there a need for test account protection?

Posted on February 20, 2019 by Ahmet Arslan

Test systems are just for software testing and there is only test data. Is sharing a test password considered as a security risk? Do I have to protect test passwords like production passwords?

Continue reading Is there a need for test account protection?→

Users can change their password with the same password

Posted on February 6, 2019 by Lucian Nitescu

What are the security implications of an web application that allows users to change their passwords with the current (exactly the same) password?

Continue reading Users can change their password with the same password→

Can password strength be enforced with PAKE protocols?

Posted on January 27, 2019 by Reality

Can a password strength policy i.e.:
must contain at-least 8 chars
must contain one uppercase letter
must contain one lowercase letter
must contain one number

Be enforced if a PAKE protocol is used, such as OPAQUE?
Is there … Continue reading Can password strength be enforced with PAKE protocols?→