Collaborate Disseminate
I’m a security neophyte, so apologies if I’m not phrasing this correctly.
If we design a system to allow connections to “external” OAuth providers (such as Azure AD), do we have any control over the password policy used by t… Continue reading Can we require a certain password policy of "external" OAuth providers?
If you try creating an account using your smartphone, these platforms don’t seem to have strong password requirements. They both enforce a minimum 6 character limit and nothing else (I did however notice Twitter seems to filt… Continue reading Why don’t Twitter and Facebook enforce password complexity during sign up?
I’ve recently started to use iCloud’s automatic strong passwords. I feel like that if iCloud were down for some reason, the passwords would be lost. Considering it, should I back them up on other device or actual paper? Or am… Continue reading Should I back up automatic strong passwords of iCloud?
This question already has an answer here:
How secure is e-mail landscape right now?
1 answer
People always forgot passwor… Continue reading How can I much can I consider an email secure? [duplicate]
I am devising a set of password requirements. I am requiring users to use the following:
Minimum 8 characters
Minimum 1 number
Minimum 1 special character
Minimum 1 letter (any case)
I would like to replace “Minimum 1 le… Continue reading Would it be more secure to enforce "at least one upper case" or to enforce "at least one letter (any case)"
I’m writing up advice for selecting a master password for a password manager, and I’m wondering if there is available data about the likelihood of different attacks that result in a cracked password. I’m interested in data re… Continue reading Do hacks of mainstream web applications tend to happen more from random attackers brute forcing or from targeted heuristic attacks?
What is the best (or good) practise to deal with users, who are determined to reuse their old password, whether it be good or bad? Or simply use a bad password?
Scenario:
A user wants to create an account on our website. W… Continue reading Dealing with users who reuse bad passwords
I have seen many experts advising usage of some kind of OTP as second step of 2FA schemes.
I fully understand 2FA is more secure than Single Authorization, but it is also more inconvenient for a casual user.
What about replacing passwords … Continue reading Is using HOTP only authorization considered weak?
For English we have some good practice when we want to create an password, like Add numbers, symbols and capital letters. As result we have password like this: P@ssW0rd.
Is there any rule like this to create password in Japa… Continue reading Validate Japanese passwords
is there any defense against this kind of attack?
https://youtu.be/7U-RbOKanYs?t=974
I know someone who uses a password encryption hashing that generates the same length of keys as in this video and it makes me worried that… Continue reading Is there any defense against this kind of attacks? (key comparison attack, or something)