Questions tagged [credentials]
Credentials in security context are elements that prove your identity to a system, for example a username and password or a client-side certificate. It is usually used to describe elements supplied by the authenticating client, not when the server authenticates to the client or in mutual authentication schemes.
196
questions
1
vote
1
answer
80
views
Storing TOTP keys
I am working on a application which requires session token to commence trading activities. This will be hosted on a cloud based Linux VM (Ubuntu) and a managed MySQL database.
Session token are ...
- 111
0
votes
0
answers
86
views
Are centralized credentials an antipattern?
At my organization we have a lot of servers. We have many common manual maintenance tasks that we'd like to automate. There's currently three approaches we're fighting over internally:
Ops engineers ...
- 1
0
votes
0
answers
71
views
What are the best practices for a scheduled program to store credentials to access a secure resource?
If I have a program that runs on a regular basis, such as a cron job or systemd timer and it needs to access a secure resource like a hsm or encrypted database, what are the best practices to store/...
2
votes
0
answers
252
views
Windows AD - Fake User Account with Multiple Passwords to Detect Password Spray
TL;DR
I'm trying to implement a fake user account that has multiple sets of credentials that can be used. Instead of a specific password, any one password from a list of them could be used to ...
- 21
2
votes
1
answer
437
views
Using public WPA2 Enterprise credentials for public Wi-Fi
In South Korea, I've seen a couple of public Wi-Fi networks advertise a "secure" option. Stickers on public buses in Seoul and the captive portal login page for unencrypted Wi-Fi instruct ...
- 123
0
votes
0
answers
161
views
Why would Jenkins want to read the memory of lsass.exe?
Is there any legitimate reason why Jenkins would ever need to request the memory of c:\windows\system32\lsass.exe (Local Security Authority Subsystem Service)?
The endpoint protection (Carbon Black) ...
- 369
4
votes
3
answers
2k
views
Best method to send credentials to clients
I'm constantly exchanging credentials with my clients for things like database servers, cloud accounts, etc. Neither I nor my clients, have time to implement a sophisticated method for secure ...
- 141
8
votes
4
answers
5k
views
Enabling a user to revert a hacked change in their email
I am writing a web app and I want to set up a system where, when a user changes their email, it gives them a link to have the change revert back. The purpose of this is for when a hacker changes an ...
- 503
1
vote
1
answer
1k
views
Cracking WiFi credentials without handshake or PKMS
How can I crack WiFi credentials WITHOUT using the traditional method of capturing a PKMS or Handshake?
When I connect to a WiFi network, I simply enter a password into a text box just like any other ...
- 31
1
vote
0
answers
39
views
Why is PayPal asking for my bank password? [duplicate]
Another posted the exact same question and it was dismissed saying PayPal would never do such a thing.
Well, I was adding a bank acct yesterday to transfer funds and PayPal popped up a username and ...
- 11
0
votes
1
answer
958
views
How long would it take to crack hashed password stored in plain sight?
I want to store a password hash in plain sight. If I am using a dictionary to crack an Argon2 hashed password that I am storing in plain sight, how long would it take (assuming my password is ...
0
votes
1
answer
357
views
Security and practicality of passing secrets to services running as non-privileged user
I strongly dislike and mistrust the practice to store secrets in plain text files for unattended access by services.
This is increasingly less of an issue in modern deployments where secrets are ...
- 113
2
votes
3
answers
294
views
Is it safe to check-in a RSA private key?
As far as I know, it is bad to check-in something like a password in a version control system. However, I saw in a project that a private_key.pem file with -----BEGIN RSA PRIVATE KEY----- ... content ...
- 121
7
votes
2
answers
5k
views
Should user credentials and user info be stored in seperate tables?
Should I store credentials (like email, hashed password) in a separate table than the user's profile information (bio, gender, etc)?
My main concern is that I'll be sending other user's information (...
Brandon-Perry
5
votes
1
answer
2k
views
Explanation of capabilities: CAP_NET_BIND_SERVICE
I am still studying kernel credential management (https://kernel.org/doc/html/v5.9/security/credentials.html) and I have encountered a use case I cannot explain.
I am in a VM (Kali).
❯ uname -a
...
- 205