A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource.
-1
votes
1answer
161 views
strongest free c++ user password storage encryption/hashing library? [closed]
If performance is of no concern, what free c++ library has the strongest encryption/hashing for user password storage?
Ease of use would be nice, but the prime concern is security.
1
vote
4answers
219 views
Why do web sites require certain characters in their credentials? [closed]
It seems like when web site lists requirements as to what characters MUST be in the password they're only providing a password map for someone who wants to hack their system.
For instance, fsd.gov ...
-5
votes
3answers
284 views
Is sending password to user email secure? [closed]
How secure is sending passwords through email to a user, since email isn't secured by HTTPS.
What is the best way to secure it? Should I use encryption?
1
vote
1answer
114 views
Storing 'sensitive' data in settings file
I'm writing a small utility in AutoIt that connects to Twitter. I would like to store the username and password in the programs setting file, but I know that it needs to be encrypted obviously. ...
3
votes
2answers
295 views
What .NET objects should I use to create a cookie based session in MVC?
I'm writing a custom password reset application that uses a validation technique that doesn't fit cleanly with ASP.NET Membership Provider's challenge questions.
Namely I need to invoke a workflow ...
21
votes
5answers
1k views
How to implement a safe password history
Passwords shouldn't be stored in plain text for obvious security reasons: you have to store hashes, and you should also generate the hash carefully to avoid rainbow table attacks.
However, usually ...
3
votes
3answers
195 views
Securing credentials passed to web service
I'm attempting to design a single sign on system for use in a distributed architecture. Specifically, I must provide a way for a client website (that is, a website on a different ...
1
vote
1answer
84 views
Why don't smart phones have an auto-forget password feature? [closed]
Storing passwords to external services (e.g. corporate email servers) on smart phones is very insecure, since phones are more easily stolen. Has any vendor implemented a feature to only cache a ...
4
votes
4answers
129 views
System that splits passwords across two servers
I stumbled upon this news article on BBC,
RSA splits passwords in two to foil hackers' attacks
tl;dr - a (randomized) password is split in half and is stored across two separate servers, to foil ...
13
votes
4answers
432 views
How can I estimate the entropy of a password?
Having read various resources about password strength I'm trying to create an algorithm that will provide a rough estimation of how much entropy a password has.
I'm trying to create an algorithm ...
7
votes
7answers
864 views
Storing plaintext passwords for detecting fraud
I am well aware of best practices for storing user passwords:
Never store passwords in plaintext
Never store encrypted passwords; always store password hashes
Always salt your password hash to deter ...
5
votes
1answer
143 views
Using account (login) password in generated PDF?
Ever since I heard about programming, I was told that any password (especially the one used on login) should be stored in database using any kind of one-way hashing algorithm, and never ever as plain ...
2
votes
2answers
413 views
SVN command line client: checkout refused when LDAP password changed “svn: OPTIONS of” (repo) “authorization failed” (but works in TortoiseSVN)
When using the command line/terminal svn client, a colleague is getting "svn: OPTIONS of " [repo] "...authorization failed" error message when they attempt to checkout the repo to be their local ...
3
votes
3answers
249 views
Saving Passwords To The Local Device
So In my app (iOS), you have to register in order to use the service (a food service). But in order to change details about your account (username, password, and email), you have to reenter your ...
8
votes
6answers
584 views
How to refuse to give an access to passwords to a customer without being unprofessional or rude?
Let's say you're creating a website for a customer. This website has its own registration (either combined with OpenID or not). The customer asks you to be able to see the passwords the users are ...
