Collaborate Disseminate
“Open, Sesame!”Upon reflection it’s easy to see that passwords have an incredibly long history: from shibboleths to military codes, they’ve been used in many situations to preserve privacy and identity. With the creation of comp… Continue reading Trusting Passwords: Best Practices for Threat-Proofing Credentials
My team is responsible for the creation and management of many passwords (hundreds), which we do almost exclusively programmatically (all generation is random-enough). We leverage a variety of of tools for automating different aspects of … Continue reading Is password strength exclusively a function of character set size multiplied by password length-in-characters?
Note: This is an comprehensive version of the question asked on
Law SE. As also suggested in the (so far) only answer there, the question would be better served here.
It’s well known that you should never reveal your password to anyone -… Continue reading Reference request: Password disclosure regulations and practices [closed]
Our so-called startup company asked us to work from home due to coronavirus but did not provide us with any company laptops and we were told they are unavailable.
So, I bought my own laptop and now my manager/IT people are asking for admin… Continue reading Company asking admin rights of my personal laptop [migrated]
A company I know of has a password policy that requires employees to change passwords (on AD server) every 90 days. The vast majority of its new hires start on the 1st of the month. Thus, several hundred password resets happen on a predict… Continue reading Are there any known attacks (technical or social) against enterprises where password resets are scheduled on fixed (known) intervals?
Few months ago, my bank forced me to change my password. It was a random 32 characters long password, stored in a well-known password manager.
The new password had to be exactly 8 digits, to be entered manually by clicking on a randomly o… Continue reading Security of bank account using a 8 digit password
I’m wondering, would it be clearer to declare a company wide requirement with regard to password theoretical entropy, rather than the usual “at least one big letter, and a small latter, and special character…”
Thus if we target a reason… Continue reading Specific character based policy for passwords
The recent epidemic situation has given me enough time to reconsider my password security seriously. I have devised a detailed plan for how to use elements such as a password manager, 2FA, U2F keys, etc. in conjunction with each other to c… Continue reading Is it safe to share your password security plan with others?
Our mobile devices(iPhones, iPads) don’t have iCloud Keychain which seems to have AES 256 bit encryption for storing credentials. The mobile browsers in those devices like Safari, Firefox, Chrome ask users if they want to save their Office… Continue reading Risks of choosing yes for remembering password for iPads, iPhones not having iCloud Keychain
I use a password manager with a long rememberable master password for logging into all of my online accounts. When signing up for new accounts my password manager prompts me to generate a strong password which it then autofills. This auto … Continue reading Is it better for me to bang on the keyboard for 12 characters or use my password manager’s generator?