Collaborate Disseminate
In the past few weeks I’ve seen periodic attempts of someone logging in to my linkedin accounts. They appear to use some sort of one time login link feature that linkedin has, which allows passwordless sign in if you know (and can access) … Continue reading Repeated passwordless login links from linkedin
In the past few weeks I’ve seen periodic attempts of someone logging in to my linkedin accounts. They appear to use some sort of one time login link feature that linkedin has, which allows passwordless sign in if you know (and can access) … Continue reading Repeated passwordless login links from linkedin
I have received many security emails from LinkedIn over the past few weeks. An example is shown below (redaction mine)
I do not live in the USA and I did not try to access LinkedIn at the times these were received.
Two things suggested to… Continue reading Is it bad practice to prompt users to reset password when there is no evidence of a breach?
Our company is scaling back some helpdesk services and rolling out a self service password reset service from specopssoft.com, and I have been unable to locate what backup authentication methods they use. Does anyone know anything about th… Continue reading How secure is specopssoft.com password reset service? [closed]
I have noticed on most websites that all previous password reset links are automatically expired when a new one is requested.
Why is this so common and what are some possible consequences if this isn’t done?
Continue reading Should newly password links reset old ones? if so, why?
It has crossed my mind to include the requesting IP address in password reset emails. The intention being that if someone is receiving unexpected reset emails, this allows them to do a basic level of investigation. Ok, people can hide thei… Continue reading Pros & cons of including requesting IP address in password reset emails?
I’m doing some work for a government subsidiary in underdeveloped region in a developing country. (Giving this context to confirm that this is NOT FOR NEFARIOUS reasons).
I’ve got an email address like so dept@organization.gov.kr. Because … Continue reading How to find hosting site/login page for organization email [closed]
I am writing an application to do the following procedures automatically:
It resets (or change – I know the old password) Windows local Administrator password using net user Administrator *
After resetting Windows password, it encrypts a … Continue reading How to sync Windows password with current session after password reset? [migrated]
A friend has lost her iPhone and has forgotten her AppleID. There seems to be no way to find out what your AppleID is unless you have a Mac or iPad, which she doesn’t have.
She also has her Google account set as the recovery account for he… Continue reading Google – How to recover account [closed]
Scenario:
The setup is that each user has a randomly generated key A used for encrypting data stored on the server and a password-derived key B used to store A on the server without the server getting access to A. So the server stores the … Continue reading How could one use multi-factor authentication to derive a static secret key?