I have moved from Argentina back to the UK. Whilst there I set up my Google account with 2-Step Verification using my Argentinian phone number. Now back in the UK I no longer have access to that phone and as I unpacked I realised I threw away the notebook in which I jotted down the emergency codes in the move. Am I screwed? [more inside]
Why do I get prompted for a Windows username and password when I connect to a virtual directory under IIS? [more inside]
Anyone know of a way to read password protected RSS feeds on the iPhone or iPad? [more inside]
I have noticed that there seems to be a split between some banks/financial institutions who maintain complex security around their on-line account access and others who seem to have actively migrated towards a much simpler approach. Is there any evidence that the "simple" approach is either more or less secure than the "complex" one? [more inside]
Why are many financial institutions moving to a two-step login process, where you enter your username on one page and then your password on the next? For instance, Vanguard and ING. Their rationale is just that it's "more secure", but that's not much of a reason.
I'm trying to get my application (VB, but that doesn't matter) to connect to the internet and support proxy servers that require a username and password. The former is easy, the latter not. What I'm doing is sending Proxy-Authorization: Basic [authentication] in the header (where [authentication] is "username:password" base64 encoded) with each request. However the proxy server keeps reporting error 407 (authentication required). I've read the RFC's, I've read google groups but I have no idea what I'm doing wrong. Any ideas?
What's the best way to keep track of an escalating number of logins and passwords? For the web, there's Opera's magic wand, but what about hosting accounts, ftp servers, ATM PINs, etc? Encrypted text file on the desktop? Scribbled note under the pillow? How do you manage (and hide) your password library?