Questions tagged [password-management]
The functions performed by the person or processes responsible for security of passwords on a given system.
1,332
questions
1
vote
1
answer
39
views
Is local password recovery for each device a viable security approach?
I'm developing a multi-platform application using Flutter, which involves sensitive user data and requires both online and offline accessibility. To enhance security and usability, I am considering ...
2
votes
1
answer
1k
views
Offline, multi-machine, 2-factor authentication information vault?
I think this should be the right SE, apologies otherwise
I have been researching ways to be more careful with how I handle important documents and credentials, but everything I found sounded ...
32
votes
5
answers
7k
views
Does the recommendation to use password managers also apply to corporate environments?
In $SomeCorpo there is a policy that passwords must never be stored anywhere else except employees' heads. Paper notes, password managers, storing passwords in browsers, etc, are all forbidden. To ...
1
vote
1
answer
113
views
Refresh tokens for impersonating user credentials: how to implement them?
The web app I'm developing makes use of the concepts of "access token" and "refresh token", even though it uses its own auth scheme.
In certain situations, the web app needs to get ...
2
votes
1
answer
123
views
What is a secure way to store the master-password of a password manager? [duplicate]
I use a password manager to provide a decent information security level in my everyday life - by generating strong passwords on every occasion - and remembering only the one master-password.
But now I ...
0
votes
2
answers
133
views
How do databases/companies change their hashing algorithm? [duplicate]
Ok- so you all probably know that a hash is used to help secure a stored password in a database, if it was stolen.
When a user logs in, and enters a password, it gets hashed, and then matched to a ...
0
votes
0
answers
71
views
Security implication of writing down passwords [duplicate]
Are there any risks to writing down your digital passwords on physical paper?
I am asking because I once saw on a website that you shouldn’t do this…
Any ideas, because I just really don’t see how ...
1
vote
1
answer
151
views
Secure Offline Login and Data Encryption with PBKDF2 and AES-256
I'm working on a project that requires offline functionality, including offline login and secure data manipulation. I'd appreciate feedback on my chosen approach and best practices for secure design.
...
0
votes
1
answer
215
views
Passwords/password hashes in plaintext in service configs - why is this common practice?
A while ago I wanted to deploy a service using a OCI (docker/podman) container, and I noticed to me, what seemed like a possibly distributing trend. In the build file for a lot of the containers, the ...
1
vote
2
answers
372
views
Is it bad practice to prompt users to reset password when there is no evidence of a breach?
I have received many security emails from LinkedIn over the past few weeks. An example is shown below (redaction mine)
I do not live in the USA and I did not try to access LinkedIn at the times these ...
1
vote
1
answer
126
views
Sharing the key to a password vault securely
We have an application that holds a bunch of passwords in an encrypted vault for various purposes. What is the best practice for storing the key for that vault? There feels like there's a ...
0
votes
0
answers
71
views
What are the best practices for a scheduled program to store credentials to access a secure resource?
If I have a program that runs on a regular basis, such as a cron job or systemd timer and it needs to access a secure resource like a hsm or encrypted database, what are the best practices to store/...
2
votes
1
answer
323
views
Why would website block password manager auto-fill?
I use a password manager and have a browser plugin installed for it to simplify entering passwords into websites. I recently encountered a website (enterprise SaaS solution I use at work), which ...
1
vote
2
answers
197
views
In general, are programs that store passwords safe?
The reason I was curious is because it provides a feature that saves the SSH password and allows me to not have to enter the password the next time I connect through VLC. If someone else gets access ...
1
vote
0
answers
165
views
Local development credential manager and best practices
I've long since been storing credentials to databases and services in local configuration files during development. Sometimes these need to be to production systems, which makes this a security issue.
...