passwords – Page 51 – WindowsTechs.com

Is it necessary for security to have undisclosed password requirements? [closed]

Posted on January 3, 2022 by Martian2020

At Bugzilla, I typed a new password that met the requirements stated on the account creation page. But I received:

The password does not meet our security requirements for the
following reason: not enough different characters or classes

For the sake of reproducible example, password attempt can be: “Qazxswedc123” – I got same message for that one too.

Web search found Does bugzilla.mozilla.org’s “new” password requirements make sense for that type of account/service? however those question was different.

https://wiki.mozilla.org/BMO/UserGuide/Passwords

must be at least 12 characters in length
must not contain parts of your email address, or your real name
must be complex, which means:
    must be a passphrase of at least four words
    OR
    must contain a mixture of letters and symbols, containing characters from 3 out of the following 4 character classes:
    lowercase letters, uppercase letters, numbers, and other symbols

P.S. they could have at least pretended to have a valid reason, “must not contain parts of your email address” may mean any letter from the address.

I’m trying to contact Mozilla via other means, maybe they accept it as a bug.

Continue reading Is it necessary for security to have undisclosed password requirements? [closed]→

Allow for login through TOR while preventing brute force/distributed password attacks?

Posted on January 2, 2022 by johnnyApplePRNG

I am making a website with the goal of blocking bots that are trying to login from different IP addresses constantly… while still allowing regular users to login via TOR.
One of the approaches to preventing distributed password cracking … Continue reading Allow for login through TOR while preventing brute force/distributed password attacks?→

John The Ripper does not load password hash, how can I fix it?

Posted on December 30, 2021 by Ludovico Latini

I want to crack a specific hash password with JTR:
48bb6e862e54f2a795ffc4e541caed4d

I put this hash in a txt file like this:
echo ’48bb6e862e54f2a795ffc4e541caed4d’ > hash.txt

and I run JTR in this way:
john hash.txt –format=md5crypt… Continue reading John The Ripper does not load password hash, how can I fix it?→

Deterring brute force login attempts for my macbook’s operating system

Posted on December 29, 2021 by user272080

Does macOS have any features which help deter brute force login attempts? I’ve read that while iOS does have a maximum number of consecutive failed login attempts, OSX does not.
Something like the following would be nice. After 50 failed a… Continue reading Deterring brute force login attempts for my macbook’s operating system→

Could passwordless be the solution to poor shopping sign-up processes?

Posted on December 23, 2021 by Help Net Security

Retailers could be shutting down huge revenue streams due to poor shopping sign-up processes, a study from Beyond Identity has revealed. A survey of more than 1,000 people in the UK found that 62% of respondents have abandoned a shopping cart if they a… Continue reading Could passwordless be the solution to poor shopping sign-up processes?→

Send password reset email after too many failed logins versus X minutes of lock out

Posted on December 20, 2021 by Dirk Boer

Some sites lock me out for a while after too many failed attempts.
For our own site, we want to force a password reset email after X amount of failed attempts. After all, if your email is compromised, then everything is compromised.
Furthe… Continue reading Send password reset email after too many failed logins versus X minutes of lock out→

Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!

Posted on December 20, 2021 by Troy Hunt

Presently sponsored by: Kolide provides endpoint security for teams that value privacy, transparency, and employee productivity. Try Kolide for free today!

In the last month, there were 1,260,000,000 occasions where a service somewhere checked a password against Have I Been Pwned’s (HIBP’s) Pwned Password API. 99.7% of the time, that check went no further than one of hundreds of Cloudflare edge nodes spread

Continue reading Open Source Pwned Passwords with FBI Feed and 225M New NCA Passwords is Now Live!→

The supplied password does not meet the requirements for passwords on this computer

Posted on December 18, 2021 by AnandK@TWC

In Windows 11 and Windows 10, it is possible to customize the Password Policy using the Local…

For more, visit TheWindowsClub.com. Continue reading The supplied password does not meet the requirements for passwords on this computer→

Should I be concerned if a website has password restrictions that reduce complexity?

Posted on December 17, 2021 by Tarynn

Chase banking has two odd restrictions on their accepted passwords.

Passwords have a maximum length of 32 characters
Passwords can not contain special characters or punctuation

I am a software developer that has built auth/auth systems i… Continue reading Should I be concerned if a website has password restrictions that reduce complexity?→

What tools currently allow to retrieve Windows 10/11 password hashes, given admin rights or physical access to unencrypted disks?

Posted on December 16, 2021 by Polizi8

I was wondering what Windows/Linux/Live tools allow to retrieve user password hashes of modern 2021 Win10/11 installations. I am not sure if password storage differs in these cases (e.g. different location or hash in use) from previous Win… Continue reading What tools currently allow to retrieve Windows 10/11 password hashes, given admin rights or physical access to unencrypted disks?→