Collaborate Disseminate
I just tried to add some details to a bug I have reported at bugzilla.mozilla.org (BMO) but wasn’t let in because my password had been nullified. Now they want me to create a new password meeting certain requirements, listed here
I am talking about this password – 23##24$$25%%26 and the similar ones consisting of special characters appearing in a pattern, which the users these days use a lot.
At work (finance company), I was creating a list of bad passwords that u… Continue reading Confused about using a password that "would take centuries to break"
NOTE: I am aware that many similar questions exist on the topic of storing passwords, however, I am posting this because I believe it is different enough from existing password storage questions because this particular servic… Continue reading Is it possible to email a user a randomly generated password while still storing it securely?
There are numerous recommendations for how frequently to change users’ passphrases, and I think the most recent NIST recommendation is “no minimum time to change passwords” (I might be mis-quoting). Are the recommendations an… Continue reading recommendation to change encrypted-drive passphrases
According to XKCD: Password Strength, if the password consists of “four random common words”, it will be secure and memorable.
I want to make a web application and make users create their passwords in this way. Each passwo… Continue reading What considerations do I need to keep in mind when enforcing passphrases?
I’m reading about the GDPR here and there. However, I see no requirements on how data actually is to be protected like
Mimimum password length requirements
Second factor authentication
Backup protection policies
and the l… Continue reading EU GDPR – Data protection requirement standards missing?
This question already has an answer here:
What is the purpose of the “Password minimum age” setting?
4 answers
… Continue reading System prevents changing password too soon after previous change [duplicate]
I am trying to find the smartest way to handle the root password in my product.
For legacy reasons, I need to have a technical account. My services create a token associated with this account directly in the DB to authentica… Continue reading Should I use a random password for my technical user?
For the purposes of security, is there any difference in having a 50 character randomly-generated secret username accompanied by a 50 character randomly-generated secret password, versus a 100 character randomly-generated sec… Continue reading Is a password really necessary?
We’ve already established elsewhere on this site that an admin asking for your password is not acceptable. Security concerns abound. S/he could impersonate you, or you could do something malicious and blame that admin.
What… Continue reading Admin asking for domain password: SOC-2 compliance issue?