Collaborate Disseminate
I am looking to implement 2FA. I know of duo and eg. Eset secure authentication. But both solutions seem to be implemented in a strange way, that is they require some form of communication with either Duo or Eset servers. For Eset, I know … Continue reading 2FA implementation security
I am creating an authentication system that is able to login to the same account with different sets of credentials. I also want to allow users to login with either username or email with the same given password. To make it a little easier… Continue reading Two different salted hashes of the same password for the same user
I created an app that requires users to make multiple different logins within the app. Is it possible to use Google’s Identity API to ensure that the different required login credentials are stored/retrieved by Google whenever they are nee… Continue reading Credential management for an app requiring multiple different logins within a single application [closed]
The single sign-on market leader’s Security Center, now generally available, uses Okta Customer Identity Cloud for insights into authentication activity for insights into anomalies, threats and security friction.
The post Okta’s Security Center opens w… Continue reading Okta’s Security Center opens window to customer insights, including threats and friction
A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still … Continue reading KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
I hear some people can find out the passcode to a keypad by looking at the fingerprints you left all over it. Is this a concern with iPhones?
Continue reading Can someone get my iPhone password by looking at my fingerprints? [duplicate]
The technology sector had the highest number of malware-infected employees, most exposed corporate credentials and the majority of all stolen cookies, according to SpyCloud. Drawing on SpyCloud’s database of 400+ billion recaptured assets from th… Continue reading 56,000+ cloud-based apps at risk of malware exfiltration
After reading this post, I understand that a password’s entropy depends on the assumptions made when it is to be attacked (e.g. if it is generated randomly from a list of 2048 words, etc.).
Let’s suppose an attacker managed to enter some u… Continue reading Is there any good way of calculating a brain-generated password’s entropy?
I read the infamous xkcd cartoon comparing two passwords and their strength. Curious whether their calculation was accurate, I searched many entropy calculators and plugged in the two examples from xkcd.
According to xkcd (https://xkcd.co… Continue reading Why do entropies of passwords significantly differ from site to site?
The standard way to unlock a device is with a password. TPMs have improved this to the point that we can create devices that can be unlocked with very short passwords such as PINs and we can create devices that are resistant even in the f… Continue reading What is the most resistant way to unlock a device