Tumblr and Google are now using two page login processes where you first enter your username or email and then are sent to a second page to enter your password. What's the reason/logic behind this switch from the standard two item form?
This has happened twice now, and it is freaky. Google chrome on the iMac I use in my office at work (at a university) will have usernames and passwords for people who have never been in my office ever. The first time it happened it was my father's email, and the second time it was my stepmother's. Why would chrome be filling in these odd emails when it doesn't even save my own login information after closing the browser window? [more inside]
Today I clicked on the Chapters website's "My Account" link, which usually 'remembers' who I am and shows my email address, asking only for my password. Today, however, it showed a stranger's email address and name. Do I need to be concerned? [more inside]
Help me design a secure method of keeping my passwords both safe and available. [more inside]
Apache Filter: blocking logins after failed attempts. [more inside]
I have noticed that there seems to be a split between some banks/financial institutions who maintain complex security around their on-line account access and others who seem to have actively migrated towards a much simpler approach. Is there any evidence that the "simple" approach is either more or less secure than the "complex" one? [more inside]
Security requirements for a php website login system. [more inside]
OSX Security: I followed the instructions on this MacOSXhints article to setup my shiny new MacBook Pro to take a picture using the built-in iSight whenever there's a failed authentication attempt. I've noticed that every night at 9:53, there are multiple failed login attempts, but it's while I'm using the computer, so I end up with pictures of me. [more inside]
Why are many financial institutions moving to a two-step login process, where you enter your username on one page and then your password on the next? For instance, Vanguard and ING. Their rationale is just that it's "more secure", but that's not much of a reason.
I have a desktop that is located in a semi-public place. I have a bios password and a windows password on it. Sometimes I leave it logged out of windows so that I can leave in the middle of a project without restarting everything again. I was wondering how hard it would be to get my data? Short of stealing the actual hardware, is there a way to get past a bios password and access my data without me knowing? (From what I understand, resetting the cmos would clear the password so I would know if someone got in.) Also, is it possible to get in if I leave it logged out of windows with a password? How safe is my data?
My workplace has just instituted a system wide policy that locks machines after 5 minutes of inactivity, I monitor many machines, relogging in constantly is a pain. Does anyone know of a way to generate random mouse movements every minute or so or some other way of defeating this "security"?