Search Results

Search found 4220 results on 169 pages for 'generating passwords'.

Page 2/169 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Password manager with checking for expired logins and passwords

    - by ldigas
    I, like most in here, use a password manager for keeping all kinds of login/pass informations inside. And over time, the heap of passwords started to grow, and grow, and now it's on about 350 (give or take) entries. The problem is, most of these have been temporary, for example, for login into forums which I wanted to visit, and never come back again; same with some pages and so on ... and because of that, every now and then I come onto a password that's long gone expired. So I was wondering, is there a utility out there that can check which of these has actually expired by logging in, and logging out ? I know this is a relatively complicated operation (auto filling doesn't always works and so on, how to log out ... etc.) , but still ... maybe someone knows.

    Read the article

  • Do similar passwords have similar hashes?

    - by SLC
    Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3, 4, 5 etc. Since all of these passwords are stored somewhere, I wondered if there was any weakness in the hashes themselves, for standard hashing algorithms used to store passwords like MD5. Could a hacker increase their chances of brute-forcing the password if they have a list of hashes of similar passwords?

    Read the article

  • Google Chrome Automatically Save Passwords

    - by benhc911
    I have seen, and at one point implemented, methods of modifying firefox's password manager popup such that it would automatically save usernames and passwords without prompt. I was wondering if there is a similar feature for Chrome. I just recently switched to chrome and it is one of a few features/modifications that didnt survive the transition, and while I am moderately capable in programming in certain languages (C+, visual etc) I don't really feel confident enough to muck around unguided. For anyone that is particularly interested, the other features I miss are things such as the slash based 'quick search' in firefox... and I am currently annoyed by a different right click menu order for opening in new tabs and new windows (the reverse of firefox). Any help would be greatly appreciated!

    Read the article

  • PHP 2-way encryption: I need to store passwords that can be retrieved

    - by gAMBOOKa
    I am creating an application that will store passwords, which the user can retrieve and see. The passwords are for a hardware device, so checking against hashes are out of the question. What I need to know is: How do I encrypt and decrypt a password in PHP? What is the safest algorithm to encrypt the passwords with? Where do I store the private key? Instead of storing the private key, is it a good idea to require users to enter the private key any time they need a password decrypted? (Users of this application can be trusted) In what ways can the password be stolen and decrypted? What do I need to be aware of?

    Read the article

  • linux passwords in configuration files

    - by user33124
    Some programs on linux that use configuration files, want me to enter my password in plain text in one of their configuration files. For example newsbeauter, the rss reader wants me to enter my google account password in a ~/.newsbeauter/config if I want to read google reader feeds. Mutt also sort of wants a password in a text file, but gives an option of entering it on every login. Is there any secure workaround to storing a password in a config file like that (eg for newsbeauter)? I was thinking of running the app as root, but that doesn't seem right. Or somehow creating and deleting the file everytime I use the app. Any ideas?

    Read the article

  • How can I make subversion reset the stored passwords/users and remember my authentication credential

    - by NicDumZ
    Hello folks! Background: I used to have everything working just fine on my fresh install: $ svn co https://domain:443/ test1 Error validating server certificate for 'https://domain:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: **REMOVED** - Valid: **REMOVED** - Issuer: **REMOVED** - Fingerprint: **checked with issuer and REMOVED** (R)eject, accept (t)emporarily or accept (p)ermanently? p Authentication realm: <https://domain:443> Subversion repository Password for 'nicdumz-machine-hostname': Authentication realm: <https://domain:443> Subversion repository Username: nicdumz Password for 'nicdumz': # proceeds to checkout correctly $ svn co https://domain:443/ test2 # checkouts nicely, without asking for my password. At some point I needed to commit stuff using a different account. So I did that $ svn ci --username other.user Authentication realm: <https://domain:443> Subversion repository Password for 'other.user': # works fine But since then, everytime I want to commit as 'nicdumz' (default user, all repos have been checked-out with that user), it prompts me for my password: $ svn ci Authentication realm: <https://domain:443> Subversion repository Password for 'nicdumz': Hey come on, why :) The same happens if I want a fresh checkout, since read-access is also protected. So I tried fixing the issue by myself. I read around that ~/.subversion/auth was storing credentials, so I removed it from the way: $ cd ~/.subversion $ mv auth oldauth $ mkdir auth It seemed to work at first, because svn had forgotten about certificate validation: $ svn co https://domain:443/ test3 Error validating server certificate for 'https://domain:443': - The certificate is not issued by a trusted authority. Use the fingerprint to validate the certificate manually! Certificate information: - Hostname: **REMOVED** - Valid: **REMOVED** - Issuer: **REMOVED** - Fingerprint: **checked with issuer and REMOVED** (R)eject, accept (t)emporarily or accept (p)ermanently? p Authentication realm: <https://domain:443> Subversion repository Password for 'nicdumz-machine-hostname': Authentication realm: <https://domain:443> Subversion repository Username: nicdumz Password for 'nicdumz': # proceeds to checkout correctly $ svn up Authentication realm: <https://domain:443> Subversion repository Password for 'nicdumz': What? how is this happening? If you have suggestions to investigate more about the behaviour, I am very interested. If I'm correct, there is no way to do a verbose svn up or anything of the like, so I'm not sure should I go for investigation. Oh, and for what it's worth: $ svn --version svn, version 1.6.6 (r40053) compiled Oct 26 2009, 06:19:08 Copyright (C) 2000-2009 CollabNet. Subversion is open source software, see http://subversion.tigris.org/ This product includes software developed by CollabNet (http://www.Collab.Net/). The following repository access (RA) modules are available: * ra_neon : Module for accessing a repository via WebDAV protocol using Neon. - handles 'http' scheme - handles 'https' scheme * ra_svn : Module for accessing a repository using the svn network protocol. - with Cyrus SASL authentication - handles 'svn' scheme * ra_local : Module for accessing a repository on local disk. - handles 'file' scheme * ra_serf : Module for accessing a repository via WebDAV protocol using serf. - handles 'http' scheme - handles 'https' scheme

    Read the article

  • Should We Mask Passwords?

    - by Abi Noda
    From Jacob Nielson's "Stop Password Masking": Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures. What do you guys think?

    Read the article

  • How do I restore a backup of my keyring (containing ssh key passprases, nautilus remote filesystem passwords and wifi passwords)?

    - by con-f-use
    I changed the disk on my laptop and installed Ubuntu on the new disk. Old disk had 12.04 upgraded to 12.10 on it. Now I want to copy my old keyring with WiFi passwords, ftp passwords for nautilus and ssh key passphrases. I have the whole data from the old disk available (is now a USB disk and I did not delete the old data yet or do anything with it - I could still put it in the laptop and boot from it like nothing happend). The old methods of just copying ~/.gconf/... and ~/.gnome2/keyrings won't work. Did I miss something? 1. Edit: I figure one needs to copy files not located in the users home directory as well. I copied the whole old /home/confus (which is my home directory) to the fresh install to no effect. That whole copy is now reverted to the fresh install's home directory, so my /home/confus is as it was the after fresh install. 2. Edit: The folder /etc/NetworkManager/system-connections seems to be the place for WiFi passwords. Could be that /usr/share/keyrings is important as well for ssh keys - that's the only sensible thing that a search came up with: find /usr/ -name "*keyring* 3. Edit: Still no ssh and ftp passwords from the keyring. What I did: Convert old hard drive to usb drive Put new drive in the laptop and installed fresh version of 12.10 there Booted from old hdd via USB and copied its /etc/NetwrokManager/system-connections, ~/.gconf/ and ~/.gnome2/keyrings, ~/.ssh over to the new disk. Confirmed that all keys on the old install work Booted from new disk Result: No passphrase for ssh keys, no ftp passwords in keyring. At least the WiFi passwords are migrated.

    Read the article

  • PHP: Safe way to store decryptable passwords

    - by Jammer
    I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

    Read the article

  • Confusion related to sigwait in multiprocess system

    - by user34790
    I am having difficulty in understanding IPC in multiprocess system. I have this system where there are three child processes that send two types of signals to their process group. There are four types of signal handling processes responsible for a particular type of signal. There is this monitoring process which waits for both the signals and then processes accordingly. When I run this program for a while, the monitoring process doesn't seem to pick up the signal as well as the signal handling process. I could see in the log that the signal is only being generated but not handled at all. My code is given below #include <cstdlib> #include <iostream> #include <iomanip> #include <unistd.h> #include <sys/types.h> #include <sys/wait.h> #include <sys/time.h> #include <signal.h> #include <unistd.h> #include <fcntl.h> #include <cstdio> #include <stdlib.h> #include <stdio.h> #include <pthread.h> using namespace std; double timestamp() { struct timeval tp; gettimeofday(&tp, NULL); return (double)tp.tv_sec + tp.tv_usec / 1000000.; } double getinterval() { srand(time(NULL)); int r = rand()%10 + 1; double s = (double)r/100; } int count; int count_1; int count_2; double time_1[10]; double time_2[10]; pid_t senders[1]; pid_t handlers[4]; pid_t reporter; void catcher(int sig) { printf("Signal catcher called for %d",sig); } int main(int argc, char *argv[]) { void signal_catcher_int(int); pid_t pid,w; int status; if(signal(SIGUSR1, SIG_IGN) == SIG_ERR) { perror("1"); return 1; } if(signal(SIGUSR2 ,SIG_IGN) == SIG_ERR) { perror("2"); return 2; } if(signal(SIGINT,signal_catcher_int) == SIG_ERR) { perror("3"); return 2; } //Registering the signal handler for(int i=0; i<4; i++) { if((pid = fork()) == 0) { cout << i << endl; //struct sigaction sigact; sigset_t sigset; int sig; int result = 0; sigemptyset(&sigset); if(i%2 == 0) { if(signal(SIGUSR2, SIG_IGN) == SIG_ERR) { perror("2"); return 2; } sigaddset(&sigset, SIGUSR1); sigprocmask(SIG_BLOCK, &sigset, NULL); } else { if(signal(SIGUSR1, SIG_IGN) == SIG_ERR) { perror("2"); return 2; } sigaddset(&sigset, SIGUSR2); sigprocmask(SIG_BLOCK, &sigset, NULL); } while(true) { int result = sigwait(&sigset, &sig); if(result == 0) { cout << "The caught signal is " << sig << endl; } } exit(0); } else { cout << "Registerd the handler " << pid << endl; handlers[i] = pid; } } //Registering the monitoring process if((pid = fork()) == 0) { sigset_t sigset; int sig; int result = 0; sigemptyset(&sigset); sigaddset(&sigset, SIGUSR1); sigaddset(&sigset, SIGUSR2); sigprocmask(SIG_BLOCK, &sigset, NULL); while(true) { int result = sigwait(&sigset, &sig); if(result == 0) { cout << "The monitored signal is " << sig << endl; } else { cout << "error" << endl; } } } else { reporter = pid; } sleep(3); //Registering the signal generator for(int i=0; i<1; i++) { if((pid = fork()) == 0) { if(signal(SIGUSR1, SIG_IGN) == SIG_ERR) { perror("1"); return 1; } if(signal(SIGUSR2, SIG_IGN) == SIG_ERR) { perror("2"); return 2; } srand(time(0)); while(true) { volatile int signal_id = rand()%2 + 1; cout << "Generating the signal " << signal_id << endl; if(signal_id == 1) { killpg(getpgid(getpid()), SIGUSR1); } else { killpg(getpgid(getpid()), SIGUSR2); } int r = rand()%10 + 1; double s = (double)r/100; sleep(s); } exit(0); } else { cout << "Registered the sender " << pid << endl; senders[i] = pid; } } while(w = wait(&status)) { cout << "Wait on PID " << w << endl; } } void signal_catcher_int(int the_sig) { //cout << "Handling the Ctrl C signal " << endl; for(int i=0; i<1; i++) { kill(senders[i],SIGKILL); } for(int i=0; i<4; i++) { kill(handlers[i],SIGKILL); } kill(reporter,SIGKILL); exit(3); } Any suggestions? Here is a sample of the output as well In the beginning Registerd the handler 9544 Registerd the handler 9545 1 Registerd the handler 9546 Registerd the handler 9547 2 3 0 Registered the sender 9550 Generating the signal 1 The caught signal is 10 The monitored signal is 10 The caught signal is 10 Generating the signal 1 The caught signal is 10 The monitored signal is 10 The caught signal is 10 Generating the signal 1 The caught signal is 10 The monitored signal is 10 The caught signal is 10 Generating the signal 1 The caught signal is 10 The monitored signal is 10 The caught signal is 10 Generating the signal 2 The caught signal is 12 The caught signal is 12 The monitored signal is 12 Generating the signal 2 Generating the signal 2 The caught signal is 12 The caught signal is 12 Generating the signal 1 The caught signal is 12 The monitored signal is 10 The monitored signal is 12 Generating the signal 1 Generating the signal 2 The caught signal is 12 Generating the signal 1 Generating the signal 2 10 The monitored signal is 10 The caught signal is 12 Generating the signal 1 The caught signal is 12 The monitored signal is GenThe caught signal is TheThe caught signal is 10 Generating the signal 2 Later on The monitored signal is GenThe monitored signal is 10 Generating the signal 1 Generating the signal 2 The caught signal is 10 The caught signal is 10 The caught signal is 10 The caught signal is 12 Generating the signal 1 Generating the signal 2 Generating the signal 1 Generating the signal 1 Generating the signal 2 Generating the signal 2 Generating the signal 2 Generating the signal 2 Generating the signal 2 Generating the signal 1 The caught signal is 12 The caught signal is 10 The caught signal is 10 Generating the signal 2 Generating the signal 1 Generating the signal 1 Generating the signal 2 Generating the signal 1 Generating the signal 2 Generating the signal 2 Generating the signal 2 Generating the signal 1 Generating the signal 2 Generating the signal 1 Generating the signal 2 Generating the signal 2 The caught signal is 10 Generating the signal 2 Generating the signal 1 Generating the signal 1 As you can see initially, the signal was generated and handled both by my signal handlers and monitoring processes. But later on the signal was generated a lot, but it was not quite processes in the same magnitude as before. Further I could see very less signal processing by the monitoring process Can anyone please provide some insights. What's going on?

    Read the article

  • Double hashing passwords - client & server

    - by J. Stoever
    Hey, first, let me say, I'm not asking about things like md5(md5(..., there are already topics about it. My question is this: We allow our clients to store their passwords locally. Naturally, we don't want them stored in plan text, so we hmac them locally, before storing and/or sending. Now, this is fine, but if this is all we did, then the server would have the stored hmac, and since the client only needs to send the hmac, not the plain text password, an attacker could use the stored hashes from the server to access anyone's account (in the catastrophic scenario where someone would get such an access to the database, of course). So, our idea was to encode the password on the client once via hmac, send it to the server, and there encode it a second time via hmac and match it against the stored, two times hmac'ed password. This would ensure that: The client can store the password locally without having to store it as plain text The client can send the password without having to worry (too much) about other network parties The server can store the password without having to worry about someone stealing it from the server and using it to log in. Naturally, all the other things (strong passwords, double salt, etc) apply as well, but aren't really relevant to the question. The actual question is: does this sound like a solid security design ? Did we overlook any flaws with doing things this way ? Is there maybe a security pattern for something like this ?

    Read the article

  • Can the Firefox password manager store and manage passwords for multiple sub-domains or different URLs in the same domain?

    - by Howiecamp
    Can the Firefox password manager store and manage passwords for multiple sub-domains, or for multiple URLs in the same domain? The default behavior of Firefox is that all requests for *.domain.com are treated as the same. I'd like to have Firefox do the following: Store and manage passwords separately for multiple sub-domains, e.g. mail.google.com and picasa.google.com Store and manage passwords separately for different URLs in the same domain, e.g. http://mail.google.com/a/company1.com and http://mail.google.com/a/company2.com

    Read the article

  • 25 Passwords to Avoid to Thwart Hackers

    SplashData, a vendor of smartphone productivity applications for consumers and businesses, recently released a list of the top 25 most commonly used passwords for 2011. The company compiled the list after analyzing files of stolen passwords that hackers posted online to share with their cybercriminal colleagues. Without further adieu, here is the list of passwords that made SplashData's top 25: password, 123456, 12345678, qwerty, abc123, monkey, 1234567, letmein, trustno1, dragon, baseball, 111111, iloveyou, master, sunshine, ashley, bailey, passw0rd, shadow, 123123, 654321, superman, qazwsx...

    Read the article

  • Multiple Passwords on One Account

    - by user110789
    I'd like to join three ideas into one interesting and sometimes useful feature. There was a question about using multiple passwords earlier this year, but it didn't receive much attention. I'd like to ask the question again after showing an interesting and new way to use the feature. The three original posts I found to be interestingly combined were: (1) Multiple passwords per user (2) http://blog.littleimpact.de/index.php/2009/09/14/automatic-encryption-of-home-directories-using-truecrypt-62-and-pam_exec/ (3) http://www.truecrypt.org/docs/hidden-volume Basically I'd like to login to my account with two passwords and depending on the password I use, I would get a different content in my home directory. In a way I would get a cryptographically hidden account into my system. So the question is, is it possible to allow multiple passwords to log on to Ubuntu/Linux for the same user?

    Read the article

  • Application passwords and SQLite security

    - by Bryan
    I have been searching on google for information regarding application passwords and SQLite security for some time, and nothing that I have found has really answered my questions. Here is what I am trying to figure out: 1) My application is going to have an optional password activity that will be called when the application is first opened. My questions for this are a) If I store the password via android preference or SQLite database, how can I ensure security and privacy for the password, and b) how should password recovery be handled? Regarding b) from above, I have thought about requiring an email address when the password feature is enabled, and also a password hint question for use when requesting password recovery. Upon successfully answering the hint question, the password is then emailed to the email address that was submitted. I am not completely confident in the security and privacy of the email method, especially if the email is sent when the user is connected to an open, public wireless network. 2) My application will be using an SQLite database, which will be stored on the SD card if the user has one. Regardless of whether it is stored on the phone or the SD card, what options do I have for data encryption, and how does that affect the application performance? Thanks in advance for time taken to answer these questions. I think that there may be other developers struggling with the same concerns.

    Read the article

  • Do passwords used for .htaccess need to be encrypted?

    - by webworm
    I am using .htaccess files to control access to various Apache2 directories. I have a main "password" file that contains usernames and passwords. All the instructions I have found regarding .htaccess talk about how the passwords added are encrypted. The usernames and passwords are created using the following command line syntax ... htpasswd -nb username password What I am wondering is ... do the passwords always need to be encrypted? Could I store usernames and passwords in a plain-text form someonewhere on the system (above the web root)? This would allow me to easily edit user names and passwords via FTP without requiring access to the Shelll (which I do not always have). Thank you.

    Read the article

  • Salt, passwords and security

    - by Jonathan
    I've read through many of the questions on SO about this, but many answers contradict each other or I don't understand. You should always store a password as a hash, never as plain text. But should you store the salt (unique for each user) next to the hashed password+salt in the database. This doesn't seem very clever to me as couldn't someone gain access to the database, look for says the account called Admin or whatever and then work out the password from that?

    Read the article

  • Dealing with passwords securely

    - by Krt_Malta
    Hi I have a Java web service and a Java web client making use of this service. One of the functions is to create a new user account. My two concerns are: How will I send the user's password securely from the client. How will I store the user's password securely on the server. How can I achieve these? I know the theory basically behind security, security algorithms etc but can anyone give me some advice on how I should go about in coding? Could anyone point me to some good (and if possible not complicated) examples to follow since I found some examples on the Internet very contorted? Thanks a lot and regards, Krt_Malta

    Read the article

  • Should default passwords always be empty?

    - by mafutrct
    I'm currently designing a system that requires an admin to log in using a password. For certain reasons, it is difficult to set this password during installation, but it can be changed later. My idea is this: If I leave the default password empty, it is so horridly insecure that every admin is going to fix this as soon as possible. If I were to use some kind of predefined password instead, admins may think "ah.. nobody would think I've got 'defaultpassword' as my password so it's not very important to change." So the basic thought is to make it so terrible that even the most lazy people are going to do something about it.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >