Questions tagged [passwords]
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource.
112 questions
4
votes
2
answers
431
views
Backup for an Android offline password manager
I am building an Android password management app, where passwords are locally kept for security reasons. The network endpoints are only for creating an account, email verifications etc.
I want to ...
- 79
1
vote
2
answers
380
views
How best to securely store a password for automated access (no user interaction)?
I'm facing the classic chicken/egg problem of where to store the keys to the kingdom.
I'm building an application for retail distribution that will rely on receiving a cadence of regularly-issued Let'...
- 283
1
vote
2
answers
416
views
How to best obfuscate a built-in key in an application?
We're building an application that needs to log into a website using built-in credentials. It's not optimal to say the least, but we're stuck with "knowing" the username and password ...
- 493
0
votes
2
answers
473
views
Keeping user provided passwords to 3rd party services safe
I have a SaaS application in which users can connect their RDBMS (postgres, mysql etc) and query data from it. I'm wondering what's the best practice to keep their connection details safe. Currently, ...
- 125
0
votes
1
answer
132
views
Trying to implement a "password vault"-like solution for connection strings
I started to work on a 16 years old .net framework app that didnt receive any love for a decade and I have some time to "put it up to standards".
One of the things that ruffle my feathers is ...
- 141
0
votes
3
answers
240
views
Sysadmin password storing
I'm quite unexperienced in the sysadmin area. Now I'm facing the responsability of managing two (remote) servers. I'm working in an informal organization.
So I have passwords for the OS's users, ...
-2
votes
1
answer
141
views
mask username and password in service file, or better approach
At work there is a given task where a python application is currently running on a server, this application is using a enviorment file, which has username and password information. The current ask is ...
- 107
2
votes
1
answer
354
views
Is it a good design to have separate Hibernate entities for general user info and user password digest?
I'm developing an app with a user management system. There is a database table named user with the following columns:
| Column Name | Column Type |
|-----------------|-------------|
| userId ...
- 121
1
vote
2
answers
1k
views
How do password-protected pdf documents work?
I hope this is the right site for this question...
I tutor in my spare time, and recently I downloaded a past GCSE exam paper and was attempting to edit the pdf- to select just a few pages to send to ...
- 127
2
votes
1
answer
536
views
How to handle db password change in a live service
Suppose I have a REST application running on a remote server which connects to a mysql database. Now let's say the password of the db has to be changed. What are the right methods and practices that ...
- 129
1
vote
3
answers
1k
views
hash-like algorithm to identify passwords which are "too similar" to previous ones from history
One common issue with secure passwords is that users tend to "cheat", one common cheating pattern we meet recently is the "password swap" antipattern where the user basically keeps using the same two ...
- 121
1
vote
1
answer
956
views
Hashing from within the database or outside?
I am in the process of evolving architecture for an 'equity analysis system'. I will be using SQLServer as the database, but I am not going the .NET route and won't be using the built-in 'membership' ...
3
votes
1
answer
970
views
Azure Key Vault vs Automation Account Variables for password storage
In Microsoft Azure one can store secret values like passwords in Azure Key Vault, but also as encrypted variables in Azure Automation (these ones are stored in an Azure-managed Key Vault behind the ...
- 59
-1
votes
1
answer
363
views
Pattern to encrypt / decrypt data to / from a server without entering the secret key each time?
The title maybe it's a little bit confusing but I am certain that what I want to achieve is a common pattern, even if I didn't found anything on internet.
I'm developing a web app that store ...
2
votes
1
answer
297
views
Should usernames and passwords to external systems be documented?
This is basically an extension to my previous question. That time our internal discussions didn't end up anywhere and the whole issue was forgotten for the time being.
Now we've touched upon it again,...
- 5,440
11
votes
5
answers
2k
views
If passwords are stored hashed, how would a computer know that your password is similar to the last one if you try resetting your password?
If passwords are stored hashed, how would a computer know that your password is similar to the last one if you try resetting your password? Wouldn't the two passwords be totally different since one is ...
- 135
0
votes
1
answer
240
views
LDAP with Dovecot
I have a mail server setup with Postfix and Dovecot, and an application server setup with node.js. I have user credentials stored in my application server, and I want to use the same credentials for ...
- 449
11
votes
1
answer
520
views
During account creation, is it better to generate the password automatically and send it to the user, or to let the user create his own password?
This question came up today while discussing with a colleague about the 'create account' page for the website we're working on.
My colleague's opinion is that we should make the registration as quick ...
- 229
11
votes
1
answer
375
views
Integration tests in OSS projects - how to handle 3rd parties with authentication?
One of my (open source) hobby projects is a backup tool which makes offline backups of repositories from GitHub, Bitbucket etc.
It calls the hosters' API to get a list of repositories, and then it ...
- 1,863
4
votes
3
answers
2k
views
Saving Passwords for autologin
I know I should encrypt the password whenever I save passwords for security.
But I don't know how should I encrypt password that when I save for autologin.
If the password was just for checking user,...
- 51
9
votes
2
answers
20k
views
Will quantum computers be able to easily crack passwords?
I've recently read a number of (layman's) articles on quantum mechanics and quantum computing, and keep seeing examples along the lines of "Quantum computing can crack passwords quickly by trying all ...
- 435
1
vote
2
answers
2k
views
Best way to hash passwords in PHP?
I've switched to PHP 7.0 very recently and I was wondering that if password_hash was better than making your own salt and using the crypt function. I have three examples of code and I don't know which ...
- 11
2
votes
2
answers
142
views
How can I tell if a web sign up form actually encrypts my password?
Recently I signed up for new account for a service provider's web site.
I entered the usual the name, email , password (strong) , repeat password and I was signed up. Great everything works well.
A ...
- 21
-1
votes
1
answer
117
views
Is the mechanism used in Passwordless module widely used? [closed]
I came across Passwordless which uses email/SMS to allow the user to login. Is this mechanism widely used? What are the advantages/disadvantages of using such mechanism? I'm asking because I haven't ...
- 1,191
3
votes
3
answers
2k
views
Modern recommendations for password recovery
I'm going to implements password recovery in my authentication. I haven't put this together in a while and wondering if there is anything I ought to be aware of.
My idea at the moment is:
User clicks ...
- 795