Search Results
| Search type | Search syntax |
|---|---|
| Tags | [tag] |
| Exact | "words here" |
| Author |
user:1234 user:me (yours) |
| Score |
score:3 (3+) score:0 (none) |
| Answers |
answers:3 (3+) answers:0 (none) isaccepted:yes hasaccepted:no inquestion:1234 |
| Views | views:250 |
| Code | code:"if (foo != bar)" |
| Sections |
title:apples body:"apples oranges" |
| URL | url:"*.example.com" |
| Saves | in:saves |
| Status |
closed:yes duplicate:no migrated:no wiki:no |
| Types |
is:question is:answer |
| Exclude |
-[tag] -apples |
| For more details on advanced search visit our help page | |
Results tagged with authentication
Search options not deleted
user 5541
the process of establishing the authenticity of a person or other entity. Not to be confused with authorization - defining access rights to resources.
16
votes
Should I log users in if they enter valid login info in registration form?
From a security perspective, you should not disclose to visitor, that an account under a given name already exists.
By doing so, your users are prone to the account enumeration attack.
Depending on th …
- 4,103
-1
votes
Security of a Random Password
@BadSkillz pretty much said it.
Addendum To Part iv: You can use GRC's Interactive Brute Force Password “Search Space” Calculator to estimate how long it may take for a random password to be cracked. …
- 4,103
0
votes
How should one manage authentication on custom line of business software
Given the details in the edit part of the question, I would propose the ASP Membership model. It's dated, but still valid, and seems to fulfill your bulletpoints:
It's tried an tested (Official and 3 …
- 4,103
1
vote
0
answers
43
views
Does producing TOTP tokens weaken the stored secret? How much? [duplicate]
I am using Google Authenticator as a second factor on some sites, (including my Google Account).
Every now and then I need to produce a token to log in.
If some attacker received those tokens over …
- 4,103
1
vote
2
answers
134
views
How to sign a text in a way, so it can not be altered or split in parts unacknowledged
Given, I want to create a document (text-only for the sake of this question) and give it to someone I do not trust. I am not allowed to publish it myself. It's probably not going to be published (publ …
- 4,103
2
votes
Why do we even use passwords / passphrases next to biometrics?
While many valid points are already discussed, no one yet came up with thoughts with regard to the Fifth Amendment (in US Law) and self-incrimination. There is similar law in other countries as well.
…
- 4,103
2
votes
Accepted
What is a good way to authenticate a user to websites and applications with a smart phone?
It's a quite new, free, token based authentication system, using a client application. To authenticate, the client signs a cryptographic challenge with a per-domain private key. … From Wikipedia:
SQRL or Secure, Quick, Reliable Login (pronounced "squirrel") is a
draft open standard for secure website login and authentication. …
- 4,103
1
vote
Is there any privacy- or security-relevant difference between FIDO2 and SQRL
The most different part between the two seems to be how identities for websites are created:
SQRL derives identities for all websites from the master key
FIDO creates and stores a random identity for …
7
votes
1
answer
519
views
Is there any privacy- or security-relevant difference between FIDO2 and SQRL
I just learned about FIDO2 (WebAuthn) and try to make a comparison to the lesser-known novel SQRL authentication scheme. … Resources for FIDO2
https://fidoalliance.org/fido2/fido2-web-authentication-webauthn/
https://fidoalliance.org/specs/fido-uaf-v1.1-ps-20170202/fido-uaf-overview-v1.1-ps-20170202.pdf (Spec)
https://www.heise.de …
- 4,103