Collaborate Disseminate
I have a project that calls users’ SSH servers to do some tasks.
For now, I am storing users’ passwords at my service as hashed (Username, hashed password and salt), but the SSH password (username, encrypted password and host address) is o… Continue reading Best way to connect to user SSH servers
Many online entropy calculators make certain assumptions (like assuming a password is as rare as the set of random characters that will generate it), or handwave away the math. I want to know how to calculate the entropy of a password dist… Continue reading How can you calculate the entropy of arbitrary password rules with known distributions? [duplicate]
Four straight-talking tips to improve your online security, whether you’re a LifeLock customer or not. Continue reading Serious Security: Unravelling the LifeLock “hacked passwords” story
There are a variety of roadblocks associated with moving to passwordless authentication. Foremost is that people hate change. End users push back when you ask them to abandon the familiar password-based login page, while app owners resist changing them… Continue reading Passkeys, going passwordless, and the future of authentication
Windows automatically creates a profile for each WiFi you connect to access the internet in order to make it easy to connect to them some other time on your computer. However, what happens if you format your computer and all the data is lost or if you … Continue reading How to Back Up and Transfer Wi-Fi Passwords from one PC to another
Why do I have to provide authentication when I want to read a password stored in my own web browser while I have to do nothing to read the same password on a site’s login page?
Is my conclusion correct that asking the user for a PIN is poi… Continue reading Why do I need to provide authentication when accessing a browser’s built-in password manager?
By now it’s probable that most readers will have heard about LastPass’s “Security Incident“, in which users’ password vaults were lifted from their servers. We’re told that the vaults are …read more Continue reading The Problem With Passwords
I remember some password managers like google would give me a warning about passwords that I have that have been compromised.
My question is this. How is google or able to see that the password I have chosen matches one that has been compr… Continue reading is it illegal to download passwords in bulk from the dark web to make a password checking tool to help people? [closed]
I was reading an infosec user’s take on the LastPass data breach and noted something odd in his commentary on another password manager system (emphasis mine)
I have not done a thorough code review, but I have taken a fairly long glance at… Continue reading Why would garbage collection be a problem in password managers?
When I looked up hardcoded password vulnerability in software world, I saw there are three kinds of vulnerabilities. These are that:
CWE-798: Use of Hard-coded Credentials
The Hardcoded Creds vulnerability definition:
"The software c… Continue reading Why are there multiple "Hardcoded Password" Entries in CWE instead of single one?