Search Results

Search found 2004 results on 81 pages for 'resetting passwords'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 3/81 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Salt, passwords and security

    - by Jonathan
    I've read through many of the questions on SO about this, but many answers contradict each other or I don't understand. You should always store a password as a hash, never as plain text. But should you store the salt (unique for each user) next to the hashed password+salt in the database. This doesn't seem very clever to me as couldn't someone gain access to the database, look for says the account called Admin or whatever and then work out the password from that?

    Read the article

  • Dealing with passwords securely

    - by Krt_Malta
    Hi I have a Java web service and a Java web client making use of this service. One of the functions is to create a new user account. My two concerns are: How will I send the user's password securely from the client. How will I store the user's password securely on the server. How can I achieve these? I know the theory basically behind security, security algorithms etc but can anyone give me some advice on how I should go about in coding? Could anyone point me to some good (and if possible not complicated) examples to follow since I found some examples on the Internet very contorted? Thanks a lot and regards, Krt_Malta

    Read the article

  • Should default passwords always be empty?

    - by mafutrct
    I'm currently designing a system that requires an admin to log in using a password. For certain reasons, it is difficult to set this password during installation, but it can be changed later. My idea is this: If I leave the default password empty, it is so horridly insecure that every admin is going to fix this as soon as possible. If I were to use some kind of predefined password instead, admins may think "ah.. nobody would think I've got 'defaultpassword' as my password so it's not very important to change." So the basic thought is to make it so terrible that even the most lazy people are going to do something about it.

    Read the article

  • encrypting passwords in a python conf file on a windows platform

    - by Richard
    Hello all. I have a script running on a remote machine. db info is stored in a configuration file. I want to be able to encrypt the password in the conf text so that no one can just read the file and gain access to the database. This is my current set up: My conf file sensitive info is encoded with base64 module. The main script then decodes the info. I have compiled the script using py2exe to make it a bit harder to see the code. My question is: Is there a better way of doing this? I know that base64 is not a very safe way of encrypting. Is there a way to encode using a key? I also know that py2exe can be reversed engineered very easily and the key could be found. Any other thoughts? I am also running this script on a windows machine, so any modules that are suggested should be able to run in a windows environment with ease. I know there are several other posts on this topic but I have not found one with a windows solution, or at least one that is will explained.

    Read the article

  • How can I prevent Virtualmin from storing passwords in cleartext?

    - by Josh
    I am really surprised at this behavior. In Virtualmin, I can see the password for any SSH user by clicking the "(Show..)" link next to the "Password ( ) Leave unchanged" option in a variety of locations. I have found that the passwords for all users including users with SSH access are stored in cleartext files in /etc/webmin/... This seems like an unnecessary risk! How can I prevent Virtualmin from storing passwords in this manner?

    Read the article

  • Passwords in the Password/Encryption Keys program

    - by Gaurav_Java
    I noticed that I have passwords in the Password/Encryption Keys program . It appears that anybody who walked up to my computer could go look at all my passwords without needing a master password. Did I do something wrong or is this the default behavior? And if so, why? and what if i lick my password is it get locked till i log out or for every time when i have 2to see password then i have to unlock keyrings . if then so how i protect my passwords from other . and why it is done so

    Read the article

  • Did I miss anything when checking for passwords? [migrated]

    - by Keltari
    There's a bit of a story to this, so bear with me... I am looking for a new job and came across a posting for a computer forensics position. Its not really my field, but I thought I would apply anyway, just for fun. To make a longer story shorter, they want you to uncover as many passwords as you can find. I downloaded an image and dd'd it to a thumbdrive. The only thing visible was a text file, which contained a password. I knew there had to be more, so I used an undelete utility and found 2 deleted files. First there was another text file with a password - easy. The other was a .pst file which I mounted into outlook. There were some emails with passwords, as well as an email with an image. Another email has a link to a stegenography site. Obviously, there was a file hidden in the image, so I went to the website and downloaded the stegenography decoder. I had to try some of the passwords I had found to get the file to decrypt, and sure enough, there was another text file with a password. I called it a day at that point. Did I miss any other methods?

    Read the article

  • Ubuntu 13.10 isn't remembering my passwords anymore, why?

    - by Nik Reiman
    Ubuntu's password management used to be working just fine for me, but around two weeks ago after running apt-get upgrade, I've noticed that now it keeps "forgetting" my passwords. For instance, I need to manually enter passwords to unlock my ssh keys to use git, which previously was done automatically on login. My workplace's 802.11x authentication also no longer works, I need to manually re-auth just to connect to internet. What's going on?

    Read the article

  • How to implement a safe password history

    - by Lorenzo
    Passwords shouldn't be stored in plain text for obvious security reasons: you have to store hashes, and you should also generate the hash carefully to avoid rainbow table attacks. However, usually you have the requirement to store the last n passwords and to enforce minimal complexity and minimal change between the different passwords (to prevent the user from using a sequence like Password_1, Password_2, ..., Password_n). This would be trivial with plain text passwords, but how can you do that by storing only hashes? In other words: how it is possible to implement a safe password history mechanism?

    Read the article

  • Can I make the Courier email server use a non-default salt for passwords?

    - by Vasiliy Stavenko
    I'm setting up email server for the first time and confused with strange thing. I have several user accounts which stored in previous server. Passwords for this accounts are in plain text. But I want to create crypts for them. MySQL (where my users will be stored) have function encrypt(passwd, salt). If no salt given used random value. I discovered that Courier uses one certain salt and crypted all passwords with it. So the task done. But I'd like to know if there's a way to define my own salt for my pop3 server?

    Read the article

  • Can I make the Courier email server use a non-default salt for passwords?

    - by Vasiliy Stavenko
    I'm setting up email server for the first time and confused with strange thing. I have several user accounts which stored in previous server. Passwords for this accounts are in plain text. But I want to create crypts for them. MySQL (where my users will be stored) have function encrypt(passwd, salt). If no salt given used random value. I discovered that Courier uses one certain salt and crypted all passwords with it. So the task done. But I'd like to know if there's a way to define my own salt for my pop3 server?

    Read the article

  • SQL Server stored procedure to generate random passwords

    SQL Server is used to support many applications and one such feature of most applications is the storage of passwords. Sometimes there is a need to reset a password using a temporary password or generate a random password for a new user. In this tip I cover a simple stored procedure to generate random passwords that can be incorporated into your applications. Get Smart with SQL Backup Pro Powerful centralised management, encryption and more.SQL Backup Pro was the smartest kid at school Discover why.

    Read the article

  • How do I securely store and manage 180 passwords?

    - by Sammy
    I have about 180 passwords for different websites and web services. They are all stored in one single password protected Excel document. As the list gets longer I am more and more concerned about its security. Just how secure, or should I say insecure, is a password protected Excel document? What's the best practice for storing this many passwords in a secure and easy manageable way? I find the Excel method to be easy enough, but I am concerned about the security aspect.

    Read the article

  • Why do password strength requirements exist? [migrated]

    - by Bozho
    Password strength is now everything, and they force you to come up with passwords with digits, special characters, upper-case letters and whatnot. Apart from being a usability nightmare (even I as a developer hate it when a website requires a complex password), what are the actual benefits of having strong passwords (for website authentication)? Here are the prerequisites of a system that handles authentication properly: store passwords using bcrypt (or at least use salt+hash) - hard-to-impossible to find the original password when an attacker gets the database lock subsequent password attempts with a growing cooldown - no brute-force via the site

    Read the article

  • How do I securely delete cookies and saved passwords?

    - by Matt Solnit
    Is there a way, from inside the browser, to delete cookies and saved passwords in such a way that the data is unrecoverable (similar to Secure Empty Trash)? I know I can probably track down all the files involved and then manually do this, but I'm curious if there's an easier way. Or maybe browsers already do it out of the box? I'm specifically looking for solutions for Firefox and Safari, on Mac OS X.

    Read the article

  • How do you keep track of all your passwords?

    - by Sam Saffron
    How do you keep track of all your passwords? Personally I host a personal copy of clipperz, I used keepass and passpack in the past. What password manager would you recommend, what features does it have that make it awesome? Now at 70+ "answers" it's a pretty good bet that your favourite program is already mentioned. Upvote that if that's the case. If you can't yet upvote, come back when you've gained enough reputation instead of posting a duplicate answer.

    Read the article

  • OpenSolaris won't authenticate to OpenLDAP users with md5 passwords

    - by palmer
    I have an OpenSolaris machine here; I'm using it for the first time because I want to try out ZFS. ZFS itself is working great, but I cannot get opensolaris to authenticate against our openldap directory running on Linux with md5 or sha passwords; only crypt passwords work. I'd prefer not to have to use crypt passwords; is there some magic setting I'm missing that will enable md5 passwords to authenticate?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >