Search Results

Search found 10747 results on 430 pages for 'password'.

Page 17/430 | < Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >

  • A Firefox "master password" feature that's friendly to guest users?

    - by Josh
    I use the "master password" feature of Firefox and like it for a number of reasons. It does have it's drawbacks, though: anytime I hand my laptop over to my girlfriend so she can check her email on it, she's continually confronted with the prompt to enter my master password. I have since disabled the feature and am back to square one. Is there an addon or tweak that will help?

    Read the article

  • KeePass: use a key file or a regular password?

    - by RCIX
    I'm setting up a KeePass database and it offers the ability to use a key file, which it says is more secure because it can use a longer and more complex password but is easier to break because you only need the key file to open the database. I'll only be using the key file on 2 computers (one desktop and one laptop), wo which is the best option? Note that it's definitely more appealing to use the key file for me because i have a hard time remembering anything close to a random password.

    Read the article

  • Help to bypass password for sample projects of excel.

    - by Munna
    Hello Friend.. I am doing project in EXCEL VBA. i am taking refernce of some projects made in excel vba. But when I trid to open that excel sample projects, it ask me for password. so how can bypass password for that excel project so i can take refrence so that i can take refrence of sample. Please help....

    Read the article

  • Can a password change in Active Directory be reverted?

    - by Jordan Milne
    I often need to log in with a user's domain account to make sure that I've set up their profile correctly, but there's no easy way to do this other than to call them and give them a temp pass and force them to change it (bad, since they often forget it,) or ask for their password (worse.) Is there any way to change a user's password, then set it back to the original later? I tried to see if there was any way to get the NTLM hash so I could set it back later, but there doesn't seem to be a facility for that built into AD.

    Read the article

  • Can a password change in Active Directory be reverted?

    - by Jordan Milne
    I often need to log in with a user's domain account to make sure that I've set up their profile correctly, but there's no easy way to do this other than to call them and give them a temp pass and force them to change it (bad, since they often forget it,) or ask for their password (worse.) Is there any way to change a user's password, then set it back to the original later? I tried to see if there was any way to get the NTLM hash so I could set it back later, but there doesn't seem to be a facility for that built into AD.

    Read the article

  • Can I change a user password in Linux from the command line with no interactivity?

    - by Paul Hoffman
    I have a specific use case where I would really like to be able to change a user's password with a single command with no interactivity. This is being done in a safe fashion (over SSH, and on a system with only one user able to be logged in), so it's fine to expose the new password (and even the old one, if necessary) on the command line. FWIW, it's a Ubuntu system. I just want to avoid having to add something Expect-like to this system for just this one task.

    Read the article

  • How should I ethically approach user password storage for later plaintext retrieval?

    - by Shane
    As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the phone, etc.) When I can I fight bitterly against this practice and I do a lot of ‘extra’ programming to make password resets and administrative assistance possible without storing their actual password. When I can’t fight it (or can’t win) then I always encode the password in some way so that it at least isn’t stored as plaintext in the database—though I am aware that if my DB gets hacked that it won’t take much for the culprit to crack the passwords as well—so that makes me uncomfortable. In a perfect world folks would update passwords frequently and not duplicate them across many different sites—unfortunately I know MANY people that have the same work/home/email/bank password, and have even freely given it to me when they need assistance. I don’t want to be the one responsible for their financial demise if my DB security procedures fail for some reason. Morally and ethically I feel responsible for protecting what can be, for some users, their livelihood even if they are treating it with much less respect. I am certain that there are many avenues to approach and arguments to be made for salting hashes and different encoding options, but is there a single ‘best practice’ when you have to store them? In almost all cases I am using PHP and MySQL if that makes any difference in the way I should handle the specifics. Additional Information for Bounty I want to clarify that I know this is not something you want to have to do and that in most cases refusal to do so is best. I am, however, not looking for a lecture on the merits of taking this approach I am looking for the best steps to take if you do take this approach. In a note below I made the point that websites geared largely toward the elderly, mentally challenged, or very young can become confusing for people when they are asked to perform a secure password recovery routine. Though we may find it simple and mundane in those cases some users need the extra assistance of either having a service tech help them into the system or having it emailed/displayed directly to them. In such systems the attrition rate from these demographics could hobble the application if users were not given this level of access assistance, so please answer with such a setup in mind. Thanks to Everyone This has been a fun questions with lots of debate and I have enjoyed it. In the end I selected an answer that both retains password security (I will not have to keep plain text or recoverable passwords), but also makes it possible for the user base I specified to log into a system without the major drawbacks I have found from normal password recovery. As always there were about 5 answers that I would like to have marked correct for different reasons, but I had to choose the best one--all the rest got a +1. Thanks everyone!

    Read the article

  • How can I make my password fields always empty?

    - by ggfan
    I have a form field where users can change their passwords, but if they set their settings to remember passwords, their password shows up. Is there a way to make the field always empty? So that they always have to type their password. <label for="oldpassword" class="styled">Old password:</label> <input type="password" id="oldpassword" name="oldpassword"/><br />

    Read the article

  • change password code error.....

    - by shimaTun
    I've created a code to change a password. Now it seem contain an error.before i fill the form. the page display the error message: Parse error: parse error, unexpected $end in C:\Program Files\xampp\htdocs\e-Complaint(FYP)\userChangePass.php on line 222 this the code: <?php # userChangePass.php //this page allows logged in user to change their password. $page_title='Change Your Password'; //if no first_name variable exists, redirect the user if(!isset($_SESSION['nameuser'])){ header("Location: http://" .$_SERVER['HTTP_HOST']. dirname($_SERVER['PHP_SELF'])."/index.php"); ob_end_clean(); exit(); }else{ if(isset($_POST['submit'])) {//handle form. require_once('connectioncomplaint.php'); //connec to the database //check for a new password and match againts the confirmed password. if(eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($_POST['password1'])))){ if($_POST['password1'] == $_POST['password2']){ $p =escape_data($_POST['password1']); }else{ $p=FALSE; echo'<p><font color="red" size="+1"> Your password did not match the confirmed password!</font></p>'; } }else{ $p=FALSE; echo'<p><font color="red" size="+1"> Please Enter a valid password!</font></p>'; } if($p){ //if everything OK. //make the query $query="UPDATE access SET password=PASSWORD('$p') WHERE userid={$_SESSION['userid']}"; $result=@mysql_query($query);//run the query. if(mysql_affected_rows() == 1) {//if it run ok. //send an email,if desired. echo '<p><b>your password has been changed.</b></p>'; //include('templates/footer.inc');//include the HTML footer. exit(); }else{//if it did not run ok $message= '<p>Your password could not be change due to a system error.We apolpgize for any inconvenience.</p><p>' .mysql_error() .'</p>'; } mysql_close();//close the database connection. }else{//failed the validation test. echo '<p><font color="red" size="+1"> Please try again.</font></p>'; } }//end of the main Submit conditional. ?> And code for form: <h1>Change Your Password</h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <fieldset> <p><b>New Password:</b><input type="password" name="password1" size="20" maxlength="20" /> <small>Use only letters and numbers.Must be between 4 and 20 characters long.</small></p> <p><b>Confirm New Password:</b><input type="password" name="password2" size="20" maxlength="20" /></p> </fieldset> <div align="center"> <input type="submit" name="submit" value="Change My Password" /></div> </form><!--End Form-->

    Read the article

  • How to manually start and re-start Apache with mod_wsgi powering a password protected Python WSGI app?

    - by Mahmoud Abdelkader
    I'm working on a project where I have to meet some regulatory requirements that require at least 3 out of 5 authorized users to start a backend web service that handles very sensitive information using pre-assigned passwords. Right now, the prototype has been approved and is running using Python's wsgiref.simple_server(), which I have programmed to manually prompt for the passwords. Now that the prototype has been approved, I have to migrate the web application to a production environment where I will need to run it behind Apache and mod_wsgi. I have two questions: Right now, I use a thin Python wrapper around expect to programmatically allow for remote password entry. How do I get Apache to prompt me for a password before starting? Will this have to be in the app.wsgi script that's executed by mod_wsgi? How would that work since Apache daemonizes, and thus, has no stdin! Will I have to worry about some type of code reload? Apache probably has some maximum number of requests before it kills and restarts another worker process, but, would this require a password prompt as well?

    Read the article

  • What's the best way to get a stored POP3 password out of Outlook 2007?

    - by Tom Morris
    If you have a password for a POP3 account in Outlook 2007 (Windows 7 Home Premium) and you then forget the password, how do you retrieve it? I tried copy-and-paste. No go. I downloaded Mail PassView, but upon installing it, AVG said it was malware, so I removed it. I eventually found the account details by opening up RegEdit, and found it in HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ (...) but it was encoded in REG_BINARY. I Googled around and found various Visual Basic routines for decoding it but being a Unix dork I had absolutely no idea what to do with said scripts. By this point, I gave up and managed to get hold of the password by another means (it was written down on a piece of paper in the briefcase of the owner of the account - I know, it makes the inner sysadmin rage). I also attempted to write a simple POP3 server in Python and then get Outlook to log on to it, but that didn't really work out (it was about 4am at that point). For future reference, is there an easy and sensible way of doing this? Is Mail PassView actually evil spyware or was AVG just giving me a false positive? (Any chance of Windows 8 having something like OS X's Keychain?)

    Read the article

  • How can I estimate the entropy of a password?

    - by Wug
    Having read various resources about password strength I'm trying to create an algorithm that will provide a rough estimation of how much entropy a password has. I'm trying to create an algorithm that's as comprehensive as possible. At this point I only have pseudocode, but the algorithm covers the following: password length repeated characters patterns (logical) different character spaces (LC, UC, Numeric, Special, Extended) dictionary attacks It does NOT cover the following, and SHOULD cover it WELL (though not perfectly): ordering (passwords can be strictly ordered by output of this algorithm) patterns (spatial) Can anyone provide some insight on what this algorithm might be weak to? Specifically, can anyone think of situations where feeding a password to the algorithm would OVERESTIMATE its strength? Underestimations are less of an issue. The algorithm: // the password to test password = ? length = length(password) // unique character counts from password (duplicates discarded) uqlca = number of unique lowercase alphabetic characters in password uquca = number of uppercase alphabetic characters uqd = number of unique digits uqsp = number of unique special characters (anything with a key on the keyboard) uqxc = number of unique special special characters (alt codes, extended-ascii stuff) // algorithm parameters, total sizes of alphabet spaces Nlca = total possible number of lowercase letters (26) Nuca = total uppercase letters (26) Nd = total digits (10) Nsp = total special characters (32 or something) Nxc = total extended ascii characters that dont fit into other categorys (idk, 50?) // algorithm parameters, pw strength growth rates as percentages (per character) flca = entropy growth factor for lowercase letters (.25 is probably a good value) fuca = EGF for uppercase letters (.4 is probably good) fd = EGF for digits (.4 is probably good) fsp = EGF for special chars (.5 is probably good) fxc = EGF for extended ascii chars (.75 is probably good) // repetition factors. few unique letters == low factor, many unique == high rflca = (1 - (1 - flca) ^ uqlca) rfuca = (1 - (1 - fuca) ^ uquca) rfd = (1 - (1 - fd ) ^ uqd ) rfsp = (1 - (1 - fsp ) ^ uqsp ) rfxc = (1 - (1 - fxc ) ^ uqxc ) // digit strengths strength = ( rflca * Nlca + rfuca * Nuca + rfd * Nd + rfsp * Nsp + rfxc * Nxc ) ^ length entropybits = log_base_2(strength) A few inputs and their desired and actual entropy_bits outputs: INPUT DESIRED ACTUAL aaa very pathetic 8.1 aaaaaaaaa pathetic 24.7 abcdefghi weak 31.2 H0ley$Mol3y_ strong 72.2 s^fU¬5ü;y34G< wtf 88.9 [a^36]* pathetic 97.2 [a^20]A[a^15]* strong 146.8 xkcd1** medium 79.3 xkcd2** wtf 160.5 * these 2 passwords use shortened notation, where [a^N] expands to N a's. ** xkcd1 = "Tr0ub4dor&3", xkcd2 = "correct horse battery staple" The algorithm does realize (correctly) that increasing the alphabet size (even by one digit) vastly strengthens long passwords, as shown by the difference in entropy_bits for the 6th and 7th passwords, which both consist of 36 a's, but the second's 21st a is capitalized. However, they do not account for the fact that having a password of 36 a's is not a good idea, it's easily broken with a weak password cracker (and anyone who watches you type it will see it) and the algorithm doesn't reflect that. It does, however, reflect the fact that xkcd1 is a weak password compared to xkcd2, despite having greater complexity density (is this even a thing?). How can I improve this algorithm? Addendum 1 Dictionary attacks and pattern based attacks seem to be the big thing, so I'll take a stab at addressing those. I could perform a comprehensive search through the password for words from a word list and replace words with tokens unique to the words they represent. Word-tokens would then be treated as characters and have their own weight system, and would add their own weights to the password. I'd need a few new algorithm parameters (I'll call them lw, Nw ~= 2^11, fw ~= .5, and rfw) and I'd factor the weight into the password as I would any of the other weights. This word search could be specially modified to match both lowercase and uppercase letters as well as common character substitutions, like that of E with 3. If I didn't add extra weight to such matched words, the algorithm would underestimate their strength by a bit or two per word, which is OK. Otherwise, a general rule would be, for each non-perfect character match, give the word a bonus bit. I could then perform simple pattern checks, such as searches for runs of repeated characters and derivative tests (take the difference between each character), which would identify patterns such as 'aaaaa' and '12345', and replace each detected pattern with a pattern token, unique to the pattern and length. The algorithmic parameters (specifically, entropy per pattern) could be generated on the fly based on the pattern. At this point, I'd take the length of the password. Each word token and pattern token would count as one character; each token would replace the characters they symbolically represented. I made up some sort of pattern notation, but it includes the pattern length l, the pattern order o, and the base element b. This information could be used to compute some arbitrary weight for each pattern. I'd do something better in actual code. Modified Example: Password: 1234kitty$$$$$herpderp Tokenized: 1 2 3 4 k i t t y $ $ $ $ $ h e r p d e r p Words Filtered: 1 2 3 4 @W5783 $ $ $ $ $ @W9001 @W9002 Patterns Filtered: @P[l=4,o=1,b='1'] @W5783 @P[l=5,o=0,b='$'] @W9001 @W9002 Breakdown: 3 small, unique words and 2 patterns Entropy: about 45 bits, as per modified algorithm Password: correcthorsebatterystaple Tokenized: c o r r e c t h o r s e b a t t e r y s t a p l e Words Filtered: @W6783 @W7923 @W1535 @W2285 Breakdown: 4 small, unique words and no patterns Entropy: 43 bits, as per modified algorithm The exact semantics of how entropy is calculated from patterns is up for discussion. I was thinking something like: entropy(b) * l * (o + 1) // o will be either zero or one The modified algorithm would find flaws with and reduce the strength of each password in the original table, with the exception of s^fU¬5ü;y34G<, which contains no words or patterns.

    Read the article

  • PHP: Safe way to store decryptable passwords

    - by Jammer
    I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

    Read the article

  • PAM Winbind Expired Password

    - by kernelpanic
    We've got Winbind/Kerberos setup on RHEL for AD authentication. Working fine however I noticed that when a password has expired, we get a warning but shell access is still granted. What's the proper way of handling this? Can we tell PAM to close the session once it sees the password has expired? Example: login as: ad-user [email protected]'s password: Warning: password has expired. [ad-user@server ~]$ Contents of /etc/pam.d/system-auth: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 account sufficient pam_succeed_if.so user ingroup AD_Admins debug account requisite pam_succeed_if.so user ingroup AD_Developers debug account required pam_access.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user_unknown=ignore] pam_krb5.so account [default=bad success=ok user_unknown=ignore] pam_winbind.so account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_krb5.so use_authtok password sufficient pam_winbind.so use_authtok password required pam_deny.so session [default=2 success=ignore] pam_succeed_if.so quiet uid >= 10000000 session sufficient pam_succeed_if.so user ingroup AD_Admins debug session requisite pam_succeed_if.so user ingroup AD_Developers debug session optional pam_mkhomedir.so umask=0077 skel=/etc/skel session optional pam_keyinit.so revoke session required pam_limits.so session optional pam_mkhomedir.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_krb5.so

    Read the article

  • duplicity fail: not promping for password: "Running 'sftp user@host' failed"

    - by Thr4wn
    I have two linode VPS accounts and I want to back up one onto the other (the reasons are mainly for fun and to practice server administration.) the short version Duplicity isn't even asking for my password, but immediately says "invalid SSH password" (but I can ssh into the other server). why? the long version When I run duplicity /home/me scp://[email protected]//root/backup I get Invalid SSH password Running 'sftp [email protected]' failed (attempt #1) Invalid SSH password Running 'sftp [email protected]' failed (attempt #2) Invalid SSH password Running 'sftp [email protected]' failed (attempt #3) And it says Invalid SSH password immediately with no opportunity for me to actually type the password. When I type duplicity full -v9 --num-retries 4 /home/me scp://[email protected]//root/backup I get Main action: full Running 'sftp [email protected]' (attempt #1) State = sftp, Before = 'Connecting to 97.107.129.67... [email protected]'s' State = sftp, Before = '' Invalid SSH password Running 'sftp [email protected]' failed (attempt #1) I can ssh into [email protected] fine, and in fact have the ip in known_hosts before I tried any of this. serer 1 (from which I'm running the duplicity command) is Linode's default Ubuntu 8 setup with only a handful of programs installed via apt-get. server 2 (represented by x.x.x.x) is literally only Linode's default Ubuntu 8 setup I previously tried using SystemImager -- would that have changed settings in a destructive way? (I have removed and rebooted since then) Isn't Duplicity supposed to prompt for password? Am I using it wrong? are there common mistakes/dependencies I need to know about? Is there any way that x.x.x.x could be setup that could make this not work (I used Linode's default Ubuntu 8 setup and barely )?

    Read the article

  • How is the "change password at next logon" requirement supposed to work with RDP using Network Level Authentication?

    - by NReilingh
    We have a Windows server (2008 R2) with the "Remote Desktop Services" feature installed and no Active Directory domain. Remote desktop is set up to "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)". This means that before the remote screen is displayed, the connection is authenticated in a "Windows Security: Enter your credentials" window. The only two role services installed on this server is the RD Session Host and Licensing. When the "User must change password at next logon" checkbox is selected in the properties for a local user on this server, the following displays on a client computer after attempting to connect using the credentials that were last valid: On some other servers using RDP for admin access (but without the Remote Desktop Services role installed), the behavior is different -- the session begins and the user is given a change password prompt on the remote screen. What do I need to do to replicate this behavior on the Remote Desktop Services server?

    Read the article

  • How to reset Administrator password Windows Server 2003 installed on Vmware?

    - by Cucumber
    I want to reset administrator password on Windows Server 2003. OS installed on VMware server VMware Server version 2.0.1. And problem is this: when i try to boot from live cd, after boot disk with Windows not detected. I tried to use Windows Admin Hack - Linux Boot; Hirens.BootCD.10.4; ophcrack-xp-livecd-2.3.1.iso None of these programs did not see the hard drive! Any ideas? Thank! ADD: I want to reset LOCAL admin password, not domain. And this computer are not domain controller.

    Read the article

  • OpenLDAP Password Expiration with pwdReset=TRUE?

    - by jsight
    I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

    Read the article

  • OpenLDAP Password Expiration with pwdReset=TRUE?

    - by jsight
    I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

    Read the article

  • Blackberry Gmail password change

    - by Highstead
    I've updated my gmail password and so i must update my blackberry password. I tried updating the email password to which i got the following message. Invalid email address or password. Please verify your email address and password. The information you provided is incorrect. If the error persists contact gmail.com (Your email provider). Please try again. I tried again, with what i know the password to be, with password show on. I've also deleted the account and tried to create it. I've tried going to the "Last account activity: XXXX details" menu and signing out all devices. I'm continually getting the above error, but the account activities don't seem to show any sign of a mobile attempt to access my mail account. Has anyone had this issue before and how did you sign it. Thanks in advance.

    Read the article

  • Update saved password for basic authentication using a script

    - by Kalamane
    I have a website that uses basic authentication as described on this webpage. Each of the computers I manage have the password saved in their browser. There is only one username and password for this. After someone logs in to the site this way, they are presented with their individual username and password prompt as part of the web page. The purpose of the initial username/password is to discourage non-technical employees that aren't supposed to be using the page from even viewing it. So far, when we've had to change this password, I've manually gone to each computer and updated the saved password. I'm writing a startup script to configure other aspects of these systems so that I can maintain them easier. I'd like to be able to update the saved password via this script. The operating system running on these machines is Windows XP SP3 and the browsers they're using to access this site are IE8 and IE9. How can I update the saved basic authentication information for a website via a script?

    Read the article

< Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >