Questions tagged [credentials]
Credentials in security context are elements that prove your identity to a system, for example a username and password or a client-side certificate. It is usually used to describe elements supplied by the authenticating client, not when the server authenticates to the client or in mutual authentication schemes.
200 questions
3
votes
1
answer
188
views
How does Windows store interactive logon credentials in memory in a domain environment?
I’m trying to understand how a user’s domain credentials are stored in the LSASS (Local Security Authority Subsystem Service) process after performing an interactive logon, such as through RDP (Remote ...
- 31
0
votes
0
answers
117
views
Is credential in URL obsolete (or should I be bold to drop support for it)? [duplicate]
As we know, it is possible to include username and password in the authority part of an URL. I see it's still being documented in MDN. BUT:
Would I do people a favor if I drop support for it in my web ...
- 402
4
votes
3
answers
1k
views
Do I really need to keep the username for a shared user in HTTP Basic auth private?
I am developing a NestJS application that makes use of the Bullboard feature which brings a web frontend to manage jobs on a job queue inside redis (looking at which jobs are running with what job ...
- 755
1
vote
3
answers
287
views
Making a keepass database more resilient against stealing of the file and potential cryptographic attacks done on that copy
I want to make sure nobody can quickly copy away my keepass database file should I ever let the person work on my PC unattended (which sometimes is inevitable unfortunately) so I was thinking about ...
- 755
1
vote
1
answer
147
views
Passing credentials in GNU Make
I don't make it a habit to pass credentials in scripts, but i'm in the process of automating some setup of my routers and using GNU make to have a simple make command to fix everything for me.
However,...
- 23
1
vote
1
answer
357
views
Storing TOTP keys
I am working on a application which requires session token to commence trading activities. This will be hosted on a cloud based Linux VM (Ubuntu) and a managed MySQL database.
Session token are ...
- 111
0
votes
0
answers
122
views
Are centralized credentials an antipattern?
At my organization we have a lot of servers. We have many common manual maintenance tasks that we'd like to automate. There's currently three approaches we're fighting over internally:
Ops engineers ...
- 1
2
votes
0
answers
421
views
Windows AD - Fake User Account with Multiple Passwords to Detect Password Spray
TL;DR
I'm trying to implement a fake user account that has multiple sets of credentials that can be used. Instead of a specific password, any one password from a list of them could be used to ...
- 21
2
votes
1
answer
814
views
Using public WPA2 Enterprise credentials for public Wi-Fi
In South Korea, I've seen a couple of public Wi-Fi networks advertise a "secure" option. Stickers on public buses in Seoul and the captive portal login page for unencrypted Wi-Fi instruct ...
- 123
0
votes
0
answers
229
views
Why would Jenkins want to read the memory of lsass.exe?
Is there any legitimate reason why Jenkins would ever need to request the memory of c:\windows\system32\lsass.exe (Local Security Authority Subsystem Service)?
The endpoint protection (Carbon Black) ...
- 359
5
votes
3
answers
5k
views
Best method to send credentials to clients
I'm constantly exchanging credentials with my clients for things like database servers, cloud accounts, etc. Neither I nor my clients, have time to implement a sophisticated method for secure ...
- 151
8
votes
4
answers
5k
views
Enabling a user to revert a hacked change in their email
I am writing a web app and I want to set up a system where, when a user changes their email, it gives them a link to have the change revert back. The purpose of this is for when a hacker changes an ...
- 513
1
vote
1
answer
2k
views
Cracking WiFi credentials without handshake or PKMS
How can I crack WiFi credentials WITHOUT using the traditional method of capturing a PKMS or Handshake?
When I connect to a WiFi network, I simply enter a password into a text box just like any other ...
- 31
1
vote
0
answers
45
views
Why is PayPal asking for my bank password? [duplicate]
Another posted the exact same question and it was dismissed saying PayPal would never do such a thing.
Well, I was adding a bank acct yesterday to transfer funds and PayPal popped up a username and ...
- 11
0
votes
1
answer
2k
views
How long would it take to crack hashed password stored in plain sight?
I want to store a password hash in plain sight. If I am using a dictionary to crack an Argon2 hashed password that I am storing in plain sight, how long would it take (assuming my password is ...
