Tumblr and Google are now using two page login processes where you first enter your username or email and then are sent to a second page to enter your password. What's the reason/logic behind this switch from the standard two item form?
The situation is that I manage a bunch of websites & web services, all with their own separate user accounts. It would be useful to unify all these logins. The problem is that the software infrastructure necessary to support unified logins is way beyond my capabilities. Is there a suitable technology shortcut or a way I can cheaply buy such a service? [more inside]
Is there a way to add temporary PIN authentication in order to add a contact in Jabber (to a server running ejabberd)? [more inside]
I have moved from Argentina back to the UK. Whilst there I set up my Google account with 2-Step Verification using my Argentinian phone number. Now back in the UK I no longer have access to that phone and as I unpacked I realised I threw away the notebook in which I jotted down the emergency codes in the move. Am I screwed? [more inside]
A couple of years ago I met Joe Torre, totally outside of a baseball context. He graciously gave me two signed baseballs, with no fanfare, just reached into his pockets and came out with two balls wrapped in tissue paper saying, "Want some balls?" Well, yes, of course I wanted them, and I took them home and socked them away thinking that someday—maybe when he was inducted to the baseball hall of fame—I would sell them. Well, Joe's been voted in, and I'd like to explore the best way to put my memorabilia on the market. I'm curious how to go about that. [more inside]
Does third-party use of Google Authenticator go through the Google panopticon? If I use Google Authenticator on a third-party site, will that interaction send information back to Google, thereby informing Google of what I'm doing? [more inside]
I think I bought Terry Pratchett's autograph at the Goodwill. That's really cool, only I have no idea what to do about it. [more inside]
Wireless no longer working after upgrade to Ubuntu's Precise Pangolin. I've got just enough knowledge to be confused. Please explain what to do like I'm 5 years old. [more inside]
I bought a Thinkpad through Gumtree (UK) last year and now Microsoft Office Professional Plus 10 is asking me for an authentication code. When I got the computer, windows had just been installed but I don't know if I got a trial version or a corporate version that was imaged onto the machine. Do I need to pay for an authentication code or is there a way to otherwise disable the authentication request message?
I have a question about Google's 2-factor authentication and upgrading to a new device. Can you help? [more inside]
Is there a NAS device that supports DHX2 authentication under $200, which holds 2TB? [more inside]
Are Commercial LDAP Virtual Directory Applications Worth The Money? [more inside]
How can I make Squid modify the credentials it passes to an upstream proxy? [more inside]
How to record something digitally in a way that verifies it has not been 'shopped [more inside]
Why do I get prompted for a Windows username and password when I connect to a virtual directory under IIS? [more inside]
Is there a way to force Facebook to close my session automatically when I navigate away from the site? [more inside]
Anyone know of a way to read password protected RSS feeds on the iPhone or iPad? [more inside]
Can I configure Squid to pass preset authentication credentials to an upstream proxy for a given set of websites without asking the client for them? [more inside]
Two prominent, famous or 'important' people talk on the telephone. How does either the caller or recipient know they're actually speaking to the real person ? [more inside]
Anyone know of an RSS reader for iPhone that supports SSL and authentication, and does NOT use an online aggregator? [more inside]
Doesn't Twitter authenticate email addresses when people sign up for new accounts? [more inside]
Please help a noob with client-side SSL certificates. [more inside]
On one of my WordPress hosted blogs, I previously used Angsuman’s Authenticated WordPress Plugin to restrict access to registered users. After upgrading to WordPress 2.7, the plugin doesn't work anymore. It won't let anybody log in, trapping people in a constant loop of entering (correct) passwords and being returned to the login screen. [more inside]
I just had a bunch of RSA tokens land in my lap. What's required on the other end of an RSA authentication scheme, and what's a good resource for learning what's necessary to implement it? [more inside]
In Active Directory, is it possible to direct the act of authenticating a user to one domain, but the subsequent authorization of that user to be handled by another? [more inside]
I manage a website. Some content requires authentication by password or IP. I want Google to crawl that content but not cache it, so that Google users can find it in searches but can't access it without authentication. What's the best way to do this? In 2006 Matt Cutts recommended doing a reverse DNS lookup to verify that a bot's name is in the googlebot.com domain, and then a forward DNS->IP lookup using that googlebot.com name (to thwart spoofers). Is that still the best solution? How do other people manage this?
Web server question. Can I combine htaccess and session variables from other systems? (more inside) [more inside]
I have an application installed on my PC at work that needs to connect to the internet through our ISA Server. The problem it has is that it can't connect directly unless I put in proxy settings. The problem that I have is that the proxy setting is just one long URL with no username or password. How can I get this application to connect? [more inside]
I have noticed that there seems to be a split between some banks/financial institutions who maintain complex security around their on-line account access and others who seem to have actively migrated towards a much simpler approach. Is there any evidence that the "simple" approach is either more or less secure than the "complex" one? [more inside]
How do you set up pub key auth for Dreamweaver's sftp client on a windows box? [more inside]
How do you use a single authentication system for different kind of servers, systems, and workstations? [more inside]
RADIUS without realms? [more inside]
Help me figure out Smart Cards! I work for the IT department of a company looking to use smart cards for Windows domain login. Windows (XP/2003) has built-in support for several brands of smart card. Great, it should be easy! It's not. [more inside]
Livejournal authenticated RSS feeds on Mac OS 10.4.10: why do they keep losing my credentials? May involve Keychain. [more inside]
I have a question about the authentication of a Cambridge University-issued document by a California lawyer or notary for use in Latvia. [more inside]
How exactly does authentication work in a website like Basecamp, or more generally, a site built on Rails or LAMP. When I sign-up, I enter a username and password. I presume this is stored in a database table. But after that, how does the server know who I am during the course of my 'visits' and how does the SQL database know what I have access to ( only my projects ) and what I don't have access to ( Other peoples projects)? Where do cookies, if at all, come into play. If cookies do come into play, can they not simply be forged? I am completely clueless regarding the subtleties of authentication, user sessions, and security. Please enlighten me.
I'm trying to get my head around some Microsoft Access security issues, and could use some help. [more inside]
How come if I search for this page and click on the Google link I get to the page, but if I copy the link that Google gives me and try to access it directly, I'm taken to a login page? [more inside]
Why are many financial institutions moving to a two-step login process, where you enter your username on one page and then your password on the next? For instance, Vanguard and ING. Their rationale is just that it's "more secure", but that's not much of a reason.
I have two paintings signed by Salvador Dali I am in the process in having them authenticated as legit or copies. To possibly save some resources I would like to do background on the paintings, but I am unable to find any information, any suggestions? [more inside]
I’m working on a PHP/MySQL app and would like to ensure my security is up to scratch – need tips on authentication, globals and input sanitization. [more inside]
Best practices for managing massive permission systems for a giant home-brewed PHP CMS? [more inside]
Captive Portals. I'd like one. I want it to work with a WRT54G, connected to a DSL line. [more inside]
I'd like to get a handle on computer security. Where should I start? I'd like to stress that I am NOT talking about spyware and viruses here, but the more interesting things like authentication and authorization. [more inside]
Anybody ever set up a proxy server that authenticates using an external LDAP server - so that (for example) off-campus university students can access third-party web services that are restricted to campus IP addresses? [more inside]
How come most websites roll their own authentication methods around cookie-based sessions, rather than using http authentication built in to most web servers? Is this a security issue, or a user interface issue? Or something else?
Looking for advice for replacing the floppy disk as an authentication factor for logging onto a client-server non web-based system. Anyone have any bright ideas? [Details within] [more inside]
I'm trying to get my application (VB, but that doesn't matter) to connect to the internet and support proxy servers that require a username and password. The former is easy, the latter not. What I'm doing is sending Proxy-Authorization: Basic [authentication] in the header (where [authentication] is "username:password" base64 encoded) with each request. However the proxy server keeps reporting error 407 (authentication required). I've read the RFC's, I've read google groups but I have no idea what I'm doing wrong. Any ideas?
I'm behind a university proxy firewall and wanting to access ports that are blocked from direct access through the firewall. I was wondering if there are any telnet clients out there that have HTTP-proxy capabilities with authication (user/password) as well.
What's the best way to keep track of an escalating number of logins and passwords? For the web, there's Opera's magic wand, but what about hosting accounts, ftp servers, ATM PINs, etc? Encrypted text file on the desktop? Scribbled note under the pillow? How do you manage (and hide) your password library?