Collaborate Disseminate
When writing about best practices for authentication, I find that today’s best practices still leave gaping holes in security, specifically not solving the problem of password reuse by users – websites are currently sent the … Continue reading An authentication protocol to prevent phishing & solve the problem of password reuse?
There’s a lot of news right now about haveibeenpwned but I don’t understand why people need a service like that in first place. If you’re a security conscious user, you’d change your passwords regularly on any website that ma… Continue reading Why check your email in haveibeenpwned rather than regularly changing your password regardless of any leaks?
I’m currently testing password policies on websites to get a feeling for what might be an acceptable policy/trade-off that provides good protection for our users without frustrating them.
I was surprised to find out that eac… Continue reading Many websites allow passwords equal to username or e-mail address. Is this not a security risk?
I created an online account on a website, they do not ask me for a password but just an email address, then, after acknowledging “terms of service” I was already logged-in.
Then I received an email with a password (ten chara… Continue reading Is it a common practice to give a user an unmodifiable password?
Some websites display a remaining password retry count when I input wrong passwords more than twice. For example, displaying that there are 3 retries remaining until locking out my account. Is this dangerous from security per… Continue reading Is displaying remaining password retry count a security risk?
Can anyone please suggest any drupal contrib modules or suggest any custom hooks to implement the below password policies in drupal 8
1.Apply a password dictionary and/or other checks to prevent users from selecting password… Continue reading Can anyone please suggest any drupal contrib modules or suggest any custom hooks to implement the below password policies in drupal 8
Anyone know how to look into the contents of a private instagram accounts? Needed for PI work. Please advise.
Thank you
Continue reading Need help with an account’s password management [on hold]
Paul Moore argues that one legitimate reason to disable paste in the password field (despite the downsides) is so that the server can use keystroke dynamics (behavioral biometrics) as a second form of authentication.
Are th… Continue reading Disable Paste in Password field to use keystroke dynamics as 2FA
I would like to have your point of view about something I found on internet.
The goal here is to help people to use stronger passwords, it’s not perfect, but I believe that asking people to use passwords like “4*k#j56$Nbq!\l… Continue reading Choose a sentence, a number, and the name as password
Somehow related to this other question. I am dealing with the following case: a medium-large company (with about 200 on-premises employees) is applying the following procedure for all the newly recruited employees (immediatel… Continue reading Is it OK that a sysadmin knows the password for a newcomer / act as a user (immediately after his/her recruiting)?