Collaborate Disseminate
The standard way to unlock a device is with a password. TPMs have improved this to the point that we can create devices that can be unlocked with very short passwords such as PINs and we can create devices that are resistant even in the f… Continue reading What is the most resistant way to unlock a device
A security value called Restriction of Repeated Characters for Passwords (QPWDLMTREP) can be configured in IBM i. If QPWDLMTREP has a value of 1, then "the same character cannot be used more than once in a password, even if the repeat… Continue reading Does a password policy with a restriction of repeated characters increase security?
I am wondering how to distinguish (password) prompts that the OS issued from prompts that are delivered application-side. This question first occurred to me when considering Firefox master passwords, but it just occurred to me that install… Continue reading Distinguish origin of password prompts
Password resets could unnecessarily cost FTSE 100 businesses over $156 million every month, according to MyCena Security Solutions. This raises the question of the necessity of password resets, at a time when organisations must identify cost savings to… Continue reading Password reset woes could cost FTSE 100 companies $156 million each month
Keeper used to be free so I had stored most of passwords on that app a few years ago from a past device. When I tried to access the passwords after five years, the app had turned into a subscription model and held my passwords as hostage. … Continue reading Password managing apps seem to have access to my passwords
Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers are receptive to using new technology that simplifies their lives, according to 1Password. Passkeys, the newest and most s… Continue reading Unlocking the passwordless era
Today, on an official government website, I came across the following password rules:
"Your password has to be at least 8 characters long. It can’t have any blank spaces. It has to use characters from at least three of the following s… Continue reading Reasoning behind banning ‘#’ from the start of passwords? [duplicate]
For a while I’ve been pondering a user authentication protocol that aims to ensure that a client does some computational work before the server will attempt to authenticate the password.
The reason for this is to remove some of the asymmet… Continue reading Using Proof of Work to slow down login attempts
Looking at configuration data, 56% of decommissioned routers disposed of and sold on the secondary market contained sensitive corporate data, according to ESET. Of the networks that had complete configuration data available: 22% contained customer data… Continue reading Researchers discover sensitive corporate data on decommissioned routers
The developers of Kodi, the widely used open-source media player app, have revealed a data breach of its user forum. What happened? The breach did not happen due to a vulnerability. Instead, an unknown attacker used the account of a legitimate but inac… Continue reading Kodi forum breach: User data, encrypted passwords grabbed