Collaborate Disseminate
One way to build a password is to take the first letter from each word in a sentence. For example, the password "Itsfrqbtwaawwnsl" comes from the sentence
"I tried searching for related questions but they were all about whol… Continue reading What is the entropy of a password made from the initial letters from an English sentence [duplicate]
The other day, I was creating a new account on the web. It was financial in nature, which means it gets one of my most secure passwords. I used Password Safe to generate this 16-character alphanumeric password:
:s^Twd.J;3hzg=Q~
Which was rejected by the site, because it didn’t meet its password security rules.
It took me a minute to figure out what was wrong with it. The site wanted at least two numbers.
Okay, that’s not really why I don’t like password rules. I don’t like them because they’re all different. Even if someone has a strong password generation system, it is likely that whatever they come up with won’t pass somebody’s ruleset…
I want to hash passwords for security, but strong bcrypt by nature eat up a bit of resources of the server. So I was thinking to do the encryption on the client side. This would prevent the password from being known in the case the off cha… Continue reading Is client-side bcrypt sent over tls + server-side sha hmac secure for password storage?
COVID-19 triggered many American Millennials to finally begin estate planning, according to new research, which found 72% of those respondents with wills created or updated them in the past year. Moreover, 34% of Millennials broached the subject of a d… Continue reading Digital life after death: Do you have a password-sharing plan in place?
E.g. if I were to register for a new website and am prompted for a password, my browser might generate a complicated password that looks like uv^2<YGYy}#Vj}=f which might be impossible to crack but also impossible to remember.
Why such … Continue reading Why are passwords generated by a password generator a complicated mix of letters and numbers instead of a long phrase?
What’s the alternative to storing plain-text passwords in a Database?
For example, I’m using Node.js to get a POST request for signing up / logging in a user from a webpage.
When signing up a user, I get the parameters for the email and pa… Continue reading What’s the alternative to storing plain-text passwords in a MySQL Database?
If an attacker who can watch network traffic knows a victim’s username and can figure out which request is a login, then the size of the login request will reveal something about the password length.
Is this a problem? Should login request… Continue reading Should login requests be padded to avoid revealing password length?
hI is can someone please tell me how to bruteforce this using hashcat or any bruiteforcing algo out there i really dont know which one is the salt and which one is the hash here is the information of the string
"{"iv":"… Continue reading I am stuggling to get which one is the hash and which is the Salt [closed]
With ecommerce revenues higher than ever and estimated to reach $4.89 million in 2021 (per eMarketer), cart abandonment continues to be a major pain point for the industry and adjacent sectors, including payment processors and digital wallets. A closer… Continue reading Leveraging social media background checks to balance friction and risk
Based in this post in Google Chrome help they claim that they encrypt my username and password with a secret key known only to my device.
What is the algorithm used to generate this secret which is known only to my device? Where is it sto… Continue reading How Firefox and Google password managers protect your password [duplicate]