Search Results

Search found 12055 results on 483 pages for 'password complexity'.

Page 64/483 | < Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >

• ASP.NET Membership Password Hash -- .NET 3.5 to .NET 4 Upgrade Surprise!

  - by David Hoerster

  I'm in the process of evaluating how my team will upgrade our product from .NET 3.5 SP1 to .NET 4. I expected the upgrade to be pretty smooth with very few, if any, upgrade issues. To my delight, the upgrade wizard said that everything upgraded without a problem. I thought I was home free, until I decided to build and run the application. A big problem was staring me in the face -- I couldn't log on. Our product is using a custom ASP.NET Membership Provider, but essentially it's a modified SqlMembershipProvider with some additional properties. And my login was failing during the OnAuthenticate event handler of my ASP.NET Login control, right where it was calling my provider's ValidateUser method. After a little digging, it turns out that the password hash that the membership provider was using to compare against the stored password hash in the membership database tables was different. I compared the password hash from the .NET 4 code line, and it was a different generated hash than my .NET 3.5 code line. (Tip -- when upgrading, always keep a valid debug copy of your app handy in case you have to step through a lot of code.) So it was a strange situation, but at least I knew what the problem was. Now the question was, "Why was it happening?" Turns out that a breaking change in .NET 4 is that the default hash algorithm changed to SHA256. Hey, that's great -- stronger hashing algorithm. But what do I do with all the hashed passwords in my database that were created using SHA1? Well, you can make two quick changes to your app's web.config and everything will be OK. Basically, you need to override the default HashAlgorithmTypeproperty of your membership provider. Here are the two places to do that: 1. At the beginning of your element, add the following element: <system.web> <machineKey validation="SHA1" /> ... </system.web> 2. On your element under , add the following hashAlgorithmType attribute: <system.web> <membership defaultProvider="myMembership" hashAlgorithmType="SHA1"> ... </system.web> After that, you should be good to go! Hope this helps.

  Read the article

• Is there Powershell way to re-apply a restored password for the IIS IUSR account?

  - by Philippe Monnet

  On one of our IIS web servers the IUSR account suddenly expired or got corrupted, I recovered the password from the IIS metabase (using Cscript adsutil.vbs get w3svc\anonymoususerpass after switching IsSecureProperty = False). I then reset the password accordingly. Now I have to re-key that password on the Directory Security tab of all virtual directories (for the anonymous account) of all web sites on that server. Is there a way to automate this using Powershell? (I have searched so far in vain)

  Read the article

• Is an 'if password == XXXXXXX' enough for minimum security?

  - by Morgan Herlocker

  If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying something like: if(enteredPassword == verifiedPassword) SendToRestrictedArea(); else DisplayPasswordUnknownMessage(); It seems to easy to be effective, but I certainly would not mind if that was all that was required. Is a simple check on username/password combo enough? Update: The particular project happens to be a web service, the verification is entirely server side, and it is not open-source. Does the domain change how you would deal with this?

  Read the article

• How can I change a network password that Windows Explorer has saved?

  - by Markus

  I use Windows 7 and I saved my login to a server in the network. But meanwhile my password has changed. When I now try to access that server then Windows Explorer automatically uses the old user and password, so I get an "Access denied" popup. And my account is blocked after 3 failed login attempts. How can I delete or change the saved password?

  Read the article

• I have a password protected USB drive with hidden partition, how to convert to normal USB drive?

  - by deddebme

  I have a generic USB drive which has password protection, and I want to stop this password protection mechanism and to use it as a normal 8GB USB drive. I received this USB drive as a gift in Hong Kong, and there was no instruction menu whatsoever, not even the manufacturer name. When I plug the drive in Windows XP, the removable drive comes up as a read only 5.28MB partition with two files. When I try to add or remove any files or formatting it, it will says the drive is write protected. After launching the Login.exe and typed in the password, a 8GB read/writeable partition will be shown, and I'm free to do anything to it. But once after the drive is unplugged and replugged, the same read only partition will still comes out no matter what I did to the hidden partition. Anyone knows about this kind if USB drive? What did the manufacturer do to hide the partition? Is there a way to "low-level" formatting this drive to convert (or revert) it to a normal drive? Before typing in the password: After typing in the password:

  Read the article

• Why appending to a list in Scala should have O(n) time complexity?

  - by Jubbat

  I am learning Scala at the moment and I just read that the execution time of the append operation for a list (:+) grows linearly with the size of the list. Appending to a list seems like a pretty common operation. Why should the idiomatic way to do this be prepending the components and then reversing the list? It can't also be a design failure as implementation could be changed at any point. From my point of view, both prepending and appending should be O(1). Is there any legitimate reason for this?

  Read the article

• How to transfer video to iPad and then be able to password protect it?

  - by Jian Lin

  Is there a way to transfer videos to iPad but at the same time password protect it? Or password protect a folder so that only people with a password can go into that folder? thanks.

  Read the article

• How can I automatically require a password when connecting to a WD MyBookLive?

  - by user-123

  I have created a user which has specific privileges to access the shares on our WD MyBookLive Network drive (ie it requires a password to connect), however after connecting once Windows seems to remember the password (or at least for the rest of the session). How can I make it so it is necessary to require a password every time the user connects to the drive or makes some change on Windows? I am particularly thinking of Cryptolocker and other variants of "ransomeware" which will try and connect to the drive and encrypt it.

  Read the article

• The field for entering password freeze if no text is enter quickly after i install cinnamon on 12.04

  - by user109162

  Iam a total newbie to Ubuntu . I installed Cinnamon through terminal . The problem is that when i boot up, if i don't enter the password before 1 or 2 minutes the password field will freeze and won't accept any text inputs.The problem was most likely caused by Cinnamon because i guess the problem started after i tried to install some Cinnamon extensions. Please answer in non-technical way as far as possible. I will never go back to Windows whatever be the outcome. Help me stay on to Ubuntu.

  Read the article

• How to copy password from Mono-executed KeePass2 to xterm on Linux?

  - by Steve Emmerson

  I use KeePass2 to access username/password information in a Dropbox file. This allows convenient access from multiple devices. I can't seem to copy a password to the clipboard on my Linux 2.6.27.41-170.2.117.fc10.x86_64 system, however, in order to supply the password to a prompt in an xterm(1). I've tried both Ctrl+C/Ctrl+V and highlighting and mouse button 2 clicking. The KeePass2 program on the Linux system is executed by Mono. How can I copy the password to the xterm(1)? [Aside: I think we need a "KeePass" tag.] ADDENDUM: My mouse buttons were misconfigured: button 2 wasn't set to "copy". Sorry for the false alarm.

  Read the article

• Why don't smart phones have an auto-forget password feature? [closed]

  - by Kelvin

  Storing passwords to external services (e.g. corporate email servers) on smart phones is very insecure, since phones are more easily stolen. Has any vendor implemented a feature to only cache a password in memory for a limited amount of time? After the time period has elapsed, the app would ask for the password again. EDIT: I should've clarified - I'm aware that many (most?) users are lazy and want to just "set it and forget it". The always-remember feature will probably always be present. I was curious about an option to enable auto-forget for the security-conscious.

  Read the article

• Can I remove a RAR file's (known) password without recompressing the archive?

  - by Abluescarab

  Long title. Anyway, I haven't been able to find an answer to this question. I know the password to the RAR file, I locked it myself, but now all I want to do is remove the password because it's too much of a pain in the butt to type it in every time. Is there a way to do this in WinRAR or an equivalent program? The only thing I knew to do was to extract it, then create a new RAR without the password. It's not a life-or-death issue, but it would be nice to know. Thanks for your time! EDIT: I just saw a bunch of related questions that appear to ask the same thing. The only solution I saw was using a DOS command to yadda yadda yadda. Here it is: How to remove password protection from compressed files Is there an easier way? Thanks again!

  Read the article

• Is an 'if password == XXXXXXX' enough for minimum security?

  - by Prof Plum

  If I create a login for an app that has middle to low security risk (in other words, its not a banking app or anything), is it acceptable for me to verify a password entered by the user by just saying something like: if(enteredPassword == verifiedPassword) SendToRestrictedArea(); else DisplayPasswordUnknownMessage(); It seems to easy to be effective, but I certainly would not mind if that was all that was required. Is a simple check on username/password combo enough? Update: The particular project happens to be a web service, the verification is entirely server side, and it is not open-source. Does the domain change how you would deal with this?

  Read the article

• How to deal with elimination of duplicate logic vs. cost of complexity increase?

  - by Gabriel

  I just wrote some code that is very representative of a recurring theme (in my coding world lately): repeated logic leads to an instinct to eliminate duplication which results in something that is more complex the tradeoff seems wrong to me (the examples of the negative side aren't worth posting - but this is probably the 20th console utility I've written in the past 12 months). I'm curious if I'm missing some techniques or if this is really just on of those "experience tells you when to do what" type of issues. Here's the code... I'm tempted to leave it as is, even though there will be about 20 of those if-blocks when I'm done. static void Main(string[] sargs) { try { var urls = new DirectTrackRestUrls(); var restCall = new DirectTrackRestCall(); var logger = new ConsoleLogger(); Args args = (Args)Enum.Parse(typeof(Args), string.Join(",", sargs)); if (args.HasFlag(Args.Campaigns)) { var getter = new ResourceGetter(logger, urls.ListAdvertisers, restCall); restCall.UriVariables.Add("access_id", 1); getter.GotResource += new ResourceGetter.GotResourceEventHandler(getter_GotResource); getter.GetResources(); SaveResources(); } if (args.HasFlag(Args.Advertisers)) { var getter = new ResourceGetter(logger, urls.ListAdvertisers, restCall); restCall.UriVariables.Add("access_id", 1); getter.GotResource += new ResourceGetter.GotResourceEventHandler(getter_GotResource); getter.GetResources(); SaveResources(); } if (args.HasFlag(Args.CampaignGroups)) { var getter = new ResourceGetter(logger, urls.ListCampaignGroups, restCall); getter.GotResource += new ResourceGetter.GotResourceEventHandler(getter_GotResource); getter.GetResources(); SaveResources(); } } catch (Exception e) { Console.WriteLine(e.InnerException); Console.WriteLine(e.StackTrace); }

  Read the article

• How to get back to Lock Screen from Password screen in Microsoft Surface?

  - by GaTechThomas

  Similar to question, Can I bring the lock screen back after dismissing it? ('go back a screen' from password entry) How do I go back to the Lock Screen once I've gone to the password screen in Microsoft Surface tablet? This is a different mechanism from using the referenced question in that no physical keyboard is available. Alternately, can the timout on the password screen be shortened?

  Read the article

• Webmail with option to change password for email account?

  - by arma

  Been testing out different webmail options to use (so far AfterLogic, Horde) And it seems that there is no options to change password for user. It's really bad thing that i have to go to server and manually change passwords for users. Is there any webmail solution that will allow me to change password, that also changes on server (as client). Or is it server setting i must use before? Or it is not possible? EDIT: Note that i have cPanel host.

  Read the article

• wordpress login encryption

  - by tech

  I am running wordpress with woocommerce and theme_my_login plugins. When a user registers on my site it sends them a confirmation email and then they can click to activate account. Problem is when the user goes to login they get an error of incorrect password. If the user uses the forgot password link and resets the password then they can login without any errors. What might cause this problem? Is the password being encrypted with the wrong method? I went through the registration process and checked the string in the php users table. password in php table after registration: $P$BF/gIt6dFfBBuNx6rP41Qv3i71TUie1 password in php table after change password to same password: $P$BxpByDbNU3vr3sytTOcbzttp1tOodH1 Do Theme my login and either woocommerce or wordpress use different encryption methods?

  Read the article

• Are password protected files immune or vulnerable to virus?

  - by Nrew

  Are password protected files immune or vulnerable to virus? I constantly password protect my files using winrar. And I noticed that it raises an alarm whenever I will scan it using my antivirus software. Isn't it safe to password protect files?

  Read the article

• one email have multiple open id , unable to retrive specific open id password?

  - by superUser

  I have multiple OPENID accouts refrencing same email address, now i forget one of my accout's password. and when i tried to recover my password then only one openid accout link sent to my mail address whereas i need another openid password reset link what i have to do?? although i m able to login through gmail, but i want to login through openid. i have mailed already? but no satisfactory answer?? how do i collect all open ID password reset link referencing same email address??

  Read the article

• Is there a way to password protect my external drive and be compatible with both Windows and MAC?

  - by Stucko

  I have an external hard drive (HD-PXTU2 Series). I used it for more than 6 months now, what I liked about it was its password protect utility that comes together with the drive. However the problem is the password protect utility is not compatible with MAC ( I'l be regularly transferring data between MacOS and Windows). Is there a way to password protect my external drive which is compatible with both Windows and MacOS?

  Read the article

• Possible? OpenVPN server requiring both certificate- AND password-based login (via Tomato router firmware)

  - by Eric

  I've been using Shibby's build of Tomato (64k NVRAM version) on my Asus N66U router in order to run an OpenVPN server. I'm curious whether it's possible to setup this OpenVPN server to require both a certificate AND a username/password before a user is allowed access. I noticed there's a "challenge password" entry when filling out the certificate details, but everyone says to leave it blank "or else"; I have no idea why, and I can't find an explanation. In addition, I've Google'd this issue a bunch and have noticed people talking about a PAM module for OpenVPN in order to authenticate via username/password, but that appeared to be an either/or option; in other words, I can force authentication via username/password OR certificate. I want to require both. Is this possible? If so, how?

  Read the article

• Why does changing a truecrypt password take such a long time?

  - by Alex

  I am changing the password of a truecrypt file container. This takes around 1 minute. Why? time truecrypt --text --change /tmp/user1.tc --keyfiles= --new-keyfiles= --password=known --new-password=known --random-source=/dev/null" If I use strace I see that it basically does not do anything: it simply reads lots of random data from /dev/urandom (even if i specified /dev/null as random source) and finally changes the password: open("/dev/urandom", O_RDONLY) = 6 read(6, "\36&{\351\212\212\343\202\34\313\242\312I\326\235\245\224\300\354O)\270Q\200 \201J\227\224\311_\212\367"..., 640) = 640 close(6) = 0

  Read the article

• Disk drive won't let go of password prompt at bootup?

  - by user54003

  I had a hacker intrude into my system, at the time it was obvious, so I reinstalled. However, I am left with what appears to be a fatal problem as far as one of my disk drives goes. When I install that drive in my system, a prompt comes up for the disk password, and what it is asking for is a root password. The disk works otherwise normally but despite all my efforts, I have not been able to fix this disk. I have gotten the operating system parted magic and done the most extreme clean up available, the internal one which sends a signal to the disk electronics which runs a built in clean up program. Darik's boot and nuke, I've tried them all but I can't seem to remove this with anything in the Linux line. Does anyone have any suggestions? I've run gparted, created a Sun, an Apple and various other schemes to partition the disk, all to no avail. Can anyone help?

  Read the article

• when i load ubuntu i get the log on screen, but even with correct password i cant log on.. have looged in several times before successfully!

  - by mybox

  I have been using ubuntu 12.04 for a few months now. but have now come across a problem that i cant get past. I am stuck at the log on screen= i enter my password but i get a black screen flases up and the log on prompt reappears!!! tried using terminal prompts and i actually have loggin it- but not according to the main log onm screen. I cant get my desktop active as the log on prompt is there. when i put a wrong password in i get an invalid password message- with the correct password the log on screen just reappears!!!please help.

  Read the article

• Regex for Password Must be contain at least 8 characters, least 1 number and both lower and uppercase letters and special characters

  - by user2442653

  I want a regular expression to check that Password Must be contain at least 8 characters, including at least 1 number and includes both lower and uppercase letters and special characters (e.g., #, ?, !) Cannot be your old password or contain your username, "password", or "websitename" And here is my validation expression which is for 8 characters including 1 uppercase letter, 1 lowercase letter, 1 number or special character. (?=^.{8,}$)((?=.*\d)|(?=.*\W+))(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$" How I can write it for password must be 8 characters including 1 uppercase letter, 1 special character and alphanumeric characters?

  Read the article

< Previous Page | 60 61 62 63 64 65 66 67 68 69 70 71  | Next Page >