Collaborate Disseminate
For websites that have nothing of value nor any personal data, that only have emails and hashed passwords, the only motivation for attackers (except those who just want to be locally disruptive) is to break passwords that people might reus… Continue reading Why are obsurantist approaches to improving password hashing security ineffective? [closed]
For websites that have nothing of value nor any personal data, that only have emails and hashed passwords, the only motivation for attackers (except those who just want to be locally disruptive) is to break passwords that people might reus… Continue reading Why are obsurantist approaches to improving password hashing security ineffective?
What does the internet password StheH0A mean it’s a fake password meant for a internet thief
I continually entered my password incorrectly whilst trying to login to Windows 11. I expected that after N failed attempts I would then start to see an increasing time delay after each subsequent attempt, yet instead what I found was that… Continue reading Why might an operating system require a restart after N failed login attempts?
I have a server set up to run a PowerShell script every 15 minutes. This script needs to make API requests with keys and passwords. The script runs even when no user is logged in, so encryption based on the user profile wouldn’t make sense… Continue reading What’s the best method of securing keys/passwords used by a PowerShell script that runs when no user is logged in, using only one server, for free?
Password policies are a cornerstone of cybersecurity for any organization. A good password policy ensures every end user has a strong and unique password, significantly reducing the risk of unauthorized access and data breaches. These policies not only… Continue reading Product showcase: Securing Active Directory passwords with Specops Password Policy
I have a niche website programmed by a volunteer. Like pretty much every website it’s secured via TLS, and the main page doesn’t let you do much except login via username & password or request an account. Some users recently requested … Continue reading How to allow a user to login via client X.509 certificate or username/password?
Whether it be a private key for a TLS certificate, an SSH server, or a code signing cert, is it bad practice to use the same password across multiple?
My assumption would be no, seeing as a key compromise does not necessarily compromise th… Continue reading Is it bad practice to reuse a private key password across multiple keys?
I am wondering what attacks would be theoretically possible against a Python script that executes a subprocess involving sudo. I know that asking for the sudo password using input() or getpass(), then passing it to the subprocess’s stdin c… Continue reading How to exploit Python script and sudo subprocess shared file handle?
Windows 10 and 11 have an authentication method based on entering a lower complexity code under certain circumstances. This is widely referred to as a PIN, indicating that these are widely thought of as number only sequences.
This answer … Continue reading What is the logic of using numbers for Windows PIN?