Topics tagged under "password"

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

L

No Password in Microsoft soon?

Watching Ignoring Scheduled Pinned Locked Moved IT Discussion microsoft password security biometrics
3

0 Votes

3 Posts

1k Views

S

I think for a lot of people they are already mostly gone.
B

Hacking tool swipes encrypted credentials from password manager

Watching Ignoring Scheduled Pinned Locked Moved IT Discussion security keepass password hacking ars technica
4

2 Votes

4 Posts

2k Views

B

@JaredBusch said:

Of course once an attacker is in your system, they will have access to all your stuff.

Indeed. The moral of this story is simply that all bets are off if your systems are compromised.
H

Password Limitations

Watching Ignoring Scheduled Pinned Locked Moved IT Discussion insecure security password
18

0 Votes

18 Posts

4k Views

T

A lot of places restrict the allowed characters because they're morons who don't understand SQL injection and think it's a way to avoid it. Ideally any character should be allowed that can be transferred over HTTP without breaking the hell out of things, which is everything which can be properly encoded.

I do trim passwords though, something old school jackasses think is bad, because after all, if there's a space at the beginning or end of a password, or a newline/return character, it must be on purpose, despite the fact that 99.9999999999% of the time it's because someone copy/pasted the password from an email or something and accidentally added on the space/\r/\n. Of course you can make the argument of never sending a password in an email (and we don't), but tell that to users who will do it all day long.

I also wrote a method to deal with "easy" passwords, things like repeating words, pattern recognition for phone numbers, birthdates, etc.
M

Finger Prints Are Not Passwords

Watching Ignoring Scheduled Pinned Locked Moved IT Discussion android fail biometrics password security
125

4 Votes

125 Posts

57k Views

S

@Dashrender said:

That's definitely different than other trusted sources lead me to understand.

Check your sources. Are they quoting the laundry list of 2013 (this article was 2014) references to the opposite being true? Looks like there was reason to believe it in 2013, but nothing substantial, so everyone repeated it. But it got put to the test in 2014 and proved to not be what people had been saying.
G

Are you (your users) a Hack waiting to happen?

Watching Ignoring Scheduled Pinned Locked Moved IT Discussion security password
6

1 Votes

6 Posts

1k Views

T

@scottalanmiller Social engineering is a great way to get what you want. Buffer overflows, unescaped SQL queries can be patched, people wanting to be "helpful" is an aspect of our culture and I imagine only by hiring the most irritating, least helpful people on the planet can you begin to really secure yourself against your own employees.
S

Resetting the Password on an HP ILO

Watching Ignoring Scheduled Pinned Locked Moved IT Discussion proliant password ilo
2

3 Votes

2 Posts

1k Views

T

@scottalanmiller said:

Was doing some research on this recently and found the HP documentation on how to do this:

HP Proliant Servers - How to Reset the HP ILO Inband Root/Administrator Password in Linux

It is very useful (if you have Linux running on the box in some form, or vSphere which is similar enough.) However, it turns out that some ILO firmware editions don't work with this and cannot be reset without being patched first. Important to know.

Thanks for the heads up.