30 posts tagged with password and security.
Displaying 1 through 30 of 30. Subscribe:

Should we publish online a shared password for 5000 people?

My small company is providing a web service for another organisation. One single username/password combo will be used to access the system. Either -- how should we distribute this combo to the 5,000 tech-illiterate members of the other organisation? Or -- what's a better solution? [more inside]
posted by ajp on Sep 5, 2014 - 37 answers

Should I be panicking about my Bank of America password?

(Keeping this anonymous because I'm worried my security's compromised and don't want to make it worse.) So for about the past six weeks, the log-in process on the Bank of America site has been behaving strangely for me. When I go to the BOA site I see my online userID in the normal way and click on it. That then takes me to the sitekey confirmation page where --weirdly-- my password is now showing up in plaintext on the login page, above the sitekey image. The first time this happened it was displaying my then-current password, which I immediately logged in with and changed. Since then, every time I go to log in I see the old password in plaintext, above the sitekey. When I enter either my then-current or my actually-current password it's rejected and I need to go through the reset process before I can successfully log in. I'm not freaking out, because there's no strange activity in my accounts. But still, it's unnerving. So..... what might be going on here, and what should I do about it? [more inside]
posted by anonymous on Apr 15, 2014 - 15 answers

Password paranoia

If one wanted to be paranoid about protecting access to critical accounts (bank accounts and the like) what are some steps that you can take short of building your own machine and never using it for any transactions at all other than those to the secure sites? I have used lAstpass and 1 Password for years but frankly all of the recent revelations of security breaches and key loggers and the like make me wonder if I should consider other options for critical accounts (wondering out loud: is it not likely that the password app manufacturers were not NSA's first targets?) Some accounts do not allow two step authentication.
posted by dougiedd on Mar 12, 2014 - 8 answers

Is there any reason to change this compromised password? And if so, how?

My "throw-away" password is in the list of those compromised by the Adobe hack. It's a common dictionary word that I use for sites that I really don't care about security on: things that I don't even understand why they should be password protected, "test-driving" sites or products where I don't intend to keep using them, and an old email account that was for a blog that I haven't updated in about four years. (And I don't use the account any more). I'm pretty unconcerned about it being compromised. Is there any reason I should worry? And if I do want to change it, is there any way to find out what all the sites are that I have used it on in the past? [more inside]
posted by lollusc on Nov 22, 2013 - 8 answers

Easy way to generate new passwords for each website?

Does anyone have a simple method of coming up with a excellent new passwords for every website that you can nevertheless easily remember? I'm thinking some combination of a master password combined with the website url or something like that, but the underlying rule should not be easily guessable by others even if they have a few examples in front of them. Any ideas?
posted by shivohum on May 1, 2013 - 23 answers

Is "type letters 1 4 and 7 of your password" considered secure?

Instead of the usual "username/password" challenge, some bank websites ask you for a username, and then for some letters from your password -- e.g. 'Type letters 1, 4 and 7 of your password'. I understand that the advantage of this is that you never enter your whole password, thereby making life difficult for keyloggers. But I don't see how it's possible to implement such a system without (effectively) storing the password in plain text on the server, which surely not a good idea. What is this practice called? Do security experts consider it good practice? Can you point me to a paper that explains how it is implemented securely?
posted by beniamino on Mar 28, 2013 - 39 answers

Better-security alternatives to Spam Arrest

What's a better-security alternative to Spam Arrest for challenge-response email? I received a password reminder email from Spam Arrest today. It included my full password in cleartext, and when I went to change my password to a long semi-random string of hashed characters I discovered that they silently truncate entries to 20 characters, which would have locked me out if they didn't keep everything in the clear to remind me. Frightening. Is there anyone out there who offer C/R email and knows how to store passwords?
posted by migurski on Sep 8, 2012 - 3 answers

Password management: syncing some passwords but not all

Please help me find the password management solution I'm hoping exists: the ability to automatically, dynamically sync a specific folder of passwords between accounts w/o involving Dropbox. [more inside]
posted by pavane on Mar 20, 2012 - 1 answer

Need guidance on message-digest based password generation algorithms.

Need some guidance on message-digest based password generation algorithms. [more inside]
posted by anonymous on Jul 19, 2011 - 5 answers

What simple, secure, portable password and secure data management systems do you use?

What simple, secure, portable password and secure data management systems do you use? [more inside]
posted by garlic on May 4, 2011 - 21 answers

If I only wiped 10% of a hard drive before selling it, am I 90% screwed?

What damage control measures can I do for selling my PC on eBay which was only partially wiped? Yes, I know how stupid this was. [more inside]
posted by anonymous on Dec 15, 2010 - 8 answers

Accessible and secure - can they be friends?

Help me design a secure method of keeping my passwords both safe and available. [more inside]
posted by Tehhund on Sep 23, 2010 - 31 answers

How can I stop someone from changing my gmail password?

Gmail security: Someone keeps trying to recover, or change, the password for my gmail account. I'd previously set my gmail recovery option to send me an SMS, and I'm getting a lot of SMSes saying, "Your Google Account recovery code is: ... If you did not request this code, you can safely ignore this message". I've already changed my secret question to be really obscure, but what else should I do to protect my account? Every couple of weeks, I get bombarded with SMSes because someone is trying to access my account. Can I temporarily disable the recovery option? I'm just worried that someone might guess the answer to my secret question by brute force or some other means.
posted by surenoproblem on Jun 17, 2010 - 12 answers

Secure my SSH

SSHFilter: I'm trying to disable authentication by password for SSH users accessing a server from a remote location. By everything I've read it seems like I've done exactly that, but I can still log in from a remote machine using a password only. Help me get that to stop. [more inside]
posted by scrutiny on Apr 22, 2010 - 2 answers

If a prosecutor finds a password, can he or she use it?

What are the legal implications of subpoenaing or obtaining a warrant for digital papers (such as a Gmail or Google Apps account) and finding a password? Could the prosecutor use the password to obtain more information from another digital source, such as another email account or a Facebook account? [more inside]
posted by Michael Pemulis on Apr 21, 2010 - 1 answer

is there a way to make it look like the harddrive on my osx mac book pro isn't working?

is there a way to make it look like the harddrive on my osx mac book pro isn't working? [more inside]
posted by krautland on Mar 2, 2010 - 14 answers

Demonstating password cracking

I need a utility or small program to demonstrate password cracking. [more inside]
posted by bent back tulips on Dec 3, 2008 - 15 answers

Plain Text Password in Welcome Email

Online Security Filter: Welcome email contained plain text password. Specific examples of why this is bad needed. [more inside]
posted by TauLepton on Nov 23, 2008 - 19 answers

Stop locking me out!

How can I keep PointSec from switching my screen saver preference? [more inside]
posted by anonymous on Oct 22, 2008 - 4 answers

How does my online banking fob work?

How does my online banking fob work? Does it get numbers over-the-air or does it generate the according to some math I don't understand? Background: to access my bank account on the web, I need to use the little electronic fob CitiBank sent me when I registered for online banking. The device generates a six-digit number every minute or so. But where does that number come from? Is the fob generating or receiving it?
posted by subpixel on Sep 24, 2008 - 14 answers

Would I need an anti-keylogger for Vista?

Would I need an anti-keylogger for Vista? [more inside]
posted by gttommy on Jul 5, 2008 - 10 answers

Is more simple bank web security better?

I have noticed that there seems to be a split between some banks/financial institutions who maintain complex security around their on-line account access and others who seem to have actively migrated towards a much simpler approach. Is there any evidence that the "simple" approach is either more or less secure than the "complex" one? [more inside]
posted by rongorongo on Jun 6, 2008 - 7 answers

Do password protected blogs exist?

I'm going to be doing some pretty extensive travelling next year, and I want to keep my family and friends up to date on my experiences. However, I want to do this in a way that doesn't inform general randoms about my movements... in other words, do password-protected blogs exist? [more inside]
posted by Planet F on Apr 28, 2008 - 21 answers

Could someone tell my if my door is wide open?

I believe the mail server associated with my domain name is acting as an open relay. Hosting company claims everything's good. How can I double-check? [more inside]
posted by doctorpiorno on May 15, 2007 - 12 answers

only connect: adding a password to my router screws up my signal

I can't figure out how to password-protect my wireless internet connection. [more inside]
posted by grumblebee on Oct 27, 2006 - 10 answers

Why a two-step login?

Why are many financial institutions moving to a two-step login process, where you enter your username on one page and then your password on the next? For instance, Vanguard and ING. Their rationale is just that it's "more secure", but that's not much of a reason.
posted by smackfu on Aug 20, 2006 - 13 answers

Is it possible to bypass a bios password without me knowing? How safe is my data?

I have a desktop that is located in a semi-public place. I have a bios password and a windows password on it. Sometimes I leave it logged out of windows so that I can leave in the middle of a project without restarting everything again. I was wondering how hard it would be to get my data? Short of stealing the actual hardware, is there a way to get past a bios password and access my data without me knowing? (From what I understand, resetting the cmos would clear the password so I would know if someone got in.) Also, is it possible to get in if I leave it logged out of windows with a password? How safe is my data?
posted by D Wiz on Jun 5, 2006 - 28 answers

How do a password secure an app in OS X?

How do I password protect a specific app in OS X? [more inside]
posted by photoslob on May 24, 2006 - 12 answers

Password expiration best practices?

Is there an "industry standard" for password expiration periods? [more inside]
posted by pzarquon on Feb 27, 2006 - 19 answers

Firefox password safety?

How safe is it for me to store passwords in Firefox? [more inside]
posted by Nelson on Feb 21, 2005 - 13 answers

Page: 1