Collaborate Disseminate
When I investigated the Google results, the software vulnerability "Hardcoded Password" (cwe-798 & cwe-259) is a vulnerability for IoT devices’ software (see: link1) and thick client software (see: link2, link3). When passwor… Continue reading What types of software can have "Hardcoded Password" vulnerability?
HIBP and my password manager both claim that a password that I am using has been seen in a data leak.
Neither of them provide information about which data leak exactly my password was seen in.
The password is complex and not reused, and I … Continue reading How to find out which data breach my password was in?
Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse:
While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service.
[…]
To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service…
Besides “your password must contain this” complexity requirements, some places also have “your password must not contain this” rules, sometimes with fairly short substrings of the username, a day of the week,… being enough for a password t… Continue reading Password restrictions limit Diceware word list – (when) can this get bad enough one should choose another strategy?
The August 2022 LastPass breach has resulted in potentially catastrophic consequences for the company and some of its users: attackers have made off with unencrypted customer data and copies of backups of customer vault data. The information couldnR… Continue reading LastPass says attackers got users’ info and password vault data
I’m trying out home automation using a Raspberry Pi Pico with Wifi. To connect to wifi I have to send SSID and password. Since the controller has no external interface other than the Wifi, how would most efficiently I protect the password?… Continue reading How to protect wifi credentials on RP Pico W? [migrated]
I am writing a 4000-word essay on the topic "To what extent does password length and variation of characters affect the entropy of a password?".
Are there any topics or ideas I could explore within my essay title?
Continue reading Topics to explore in password entropy? [closed]
Is Rumkin.com’s password tool a reliable tool for password strength checking?
I am asking because:
I am getting confusing suggestions:
(the password in this example is 777 characters long)
D. W.’s comment to Jeff Atwood’s answer claims … Continue reading Can 777-characters long passphrase be considered too short?
Distracted employees are twice as likely to do the bare minimum for security at work, according to 1Password. The findings reveal that sustained burnout, now paired with high levels of distraction, has critical implications for workplace security. “Whi… Continue reading Distractions at work can have serious cybersecurity implications
Since I am a decent fan of the XKCD no 936 (or actually conclusions and implications it brings), I wanted to test (using try zxcvbn) the complexity and the possiblity of breaking a password like the following one:
My password for Facebook… Continue reading Why removing just one letter form passwords makes it 20x easier to break according to zxcvbn test