Collaborate Disseminate
How do environments like Active Directory determine if you reuse parts of previous passwords in a new password? I understand that it keeps a list of your last passwords, hashed. But how do they determine if I reuse parts of a last password… Continue reading How is "partial" password reuse determined? [closed]
Besides “your password must contain this” complexity requirements, some places also have “your password must not contain this” rules, sometimes with fairly short substrings of the username, a day of the week,… being enough for a password t… Continue reading Password restrictions limit Diceware word list – (when) can this get bad enough one should choose another strategy?
A bank I (previously) used in Australia forced users to comply with a 6-character limit on every password. Specifically, the rules were:
6 characters exactly, including at least 1 number and letter
No more than 2 repeating characters
No b… Continue reading My Bank Enforces A 6 Character Limit On Passwords. Is This Bad?
The bank of a friend changed password policy, such that you are limited to 20 characters. However, he used 24 letters before and thus was not able to log in anymore.
He called his advisor, who suggested, he should try to log in with the fi… Continue reading Should a bank be able to shorten your password without your involvement?
There has been many discussions about this topic on this website. But mostly outdated. I wanted to draw your attention back to this. Although nothing has changed, but I can’t come up with any reasons to not use TOTP as a replacement for pa… Continue reading Use TOTP as a single factor authentication [closed]
I am testing a web app in which there is a section where it is possible to view all the users who can access it with their passwords in clear text. Is it normal this thing?
Continue reading unencrypted user credentials accessible from the web app
A huge problem is PIN guessing from birthdays (dd/mm/yy lends to a 6 digit number that is easily guessed, dd/mm/yyyy for 8 digits). It’s very often that a PIN number is taken from someone’s birthday or year, either their own or relatives. … Continue reading Why are PIN codes usually even-numbered (4 or 6)?
A huge problem is PIN guessing from birthdays (dd/mm/yy lends to a 6 digit number that is easily guessed, dd/mm/yyyy for 8 digits). It’s very often that a PIN number is taken from someone’s birthday or year, either their own or relatives. … Continue reading Why are PIN codes usually of even length (4 or 6)?
Is it possible to design a system with two passwords prompts?
The system will have to prompt for two passwords
The system would have to validate first password before prompting for second password
User cannot be prompted for second passwo… Continue reading Is it possible to design a system with two passwords?
How do I increase the maximum number of characters allowed in the BitLocker password? The current maximum is 20. I know that it’s possible, because I have a second machine where the length is 8-256 characters.
The group policy option &quo… Continue reading How to increase maximum BitLocker password length? [migrated]