User Marcel - Information Security Stack Exchange

86 votes

Why is a link in an email more dangerous than a link from a web search?

answered Nov 23, 2020 at 6:07

47 votes

Is it possible to provide Internet to prisoners without risks of them contacting victims or accomplices as a matter of policy?

answered May 5, 2023 at 5:45

31 votes

Is it common to allow local desktop and/or active directory admin access and rights for developers in organizations?

answered Jul 16, 2018 at 5:54

21 votes

Why do I need to hide my phone's IMEI

answered Oct 28, 2014 at 11:36

16 votes

How to securely dispose of a smartphone?

answered Jun 25, 2019 at 7:42

16 votes

Should I log users in if they enter valid login info in registration form?

answered Feb 5, 2021 at 14:51

12 votes

Why would a spammer try to get a (normal) image of mine?

answered Dec 9, 2015 at 14:54

9 votes

Accepted

Surely I haven't won the lottery, but where's the scam?

answered Nov 22, 2019 at 7:00

8 votes

Password entry: are "paste from password manager" and "eyeball to view passwords" mutually-exclusive features?

answered Aug 26, 2020 at 7:37

7 votes

Can WhatsApp, Signal or Telegram be hacked through a SIM SWAP attack?

answered Sep 14, 2020 at 6:14

6 votes

Private messaging for protesters

answered Jun 14, 2019 at 6:49

6 votes

Is it secure to consume services over HTTPS which is not signed by a trusted CA?

answered Mar 27, 2017 at 11:40

5 votes

Can iterated hashes be used to create cryptographically secure random data from strong random seed?

answered Jul 30, 2021 at 6:36

4 votes

When choosing a numeric PIN, does it help or hurt to make each digit unique?

answered Apr 4, 2017 at 5:51

4 votes

What is the simplest safe way to convey a password to another person?

answered Oct 16, 2014 at 8:45

3 votes

Is it possible to force a browser to use http in an ssl enabled (https) website?

answered Oct 24, 2014 at 11:25

3 votes

How does neighbor know when WiFi/Internet is used?

answered Feb 12, 2020 at 6:59

2 votes

How to locally monitor outgoing internet traffic?

answered Jun 17, 2019 at 6:14

2 votes

Is it good practice to delete old accounts?

answered Jan 24, 2019 at 7:01

2 votes

How to respond to a user requesting deletion of their online account

answered Nov 14, 2016 at 8:51

2 votes

Accepted

When a user tries to register with an unactivated email again, should I tell user that the emails has not been activated?

answered Jun 19, 2018 at 5:43

2 votes

How to verify server ownership by public IP (without associated domain)?

answered Jun 27, 2018 at 14:31

2 votes

Accepted

What is a good way to authenticate a user to websites and applications with a smart phone?

answered Feb 12, 2015 at 15:25

2 votes

Is there something like a “Windows Sandbox software Wrapper”?

answered Oct 21, 2011 at 5:54

2 votes

Can my phone be located (e.g. by emergency personnel) when I use a VPN?

answered Jul 8, 2016 at 8:13

2 votes

Why do we even use passwords / passphrases next to biometrics?

answered Jul 8, 2016 at 21:36

2 votes

Is Array.Clear() in C# suitable for zeroing sensitive byte arrays?

answered Jun 17, 2022 at 5:56

1 vote

Malicious payload in raw media file content

answered Jun 20, 2022 at 6:10

1 vote

Is there any privacy- or security-relevant difference between FIDO2 and SQRL

answered Jul 29, 2022 at 5:26

1 vote

How should I store and distribute deployment configurations?

answered Nov 23, 2023 at 10:56

Stack Exchange Network

61 Answers

Why is a link in an email more dangerous than a link from a web search?

Is it possible to provide Internet to prisoners without risks of them contacting victims or accomplices as a matter of policy?

Is it common to allow local desktop and/or active directory admin access and rights for developers in organizations?

Why do I need to hide my phone's IMEI

How to securely dispose of a smartphone?

Should I log users in if they enter valid login info in registration form?

Why would a spammer try to get a (normal) image of mine?

Surely I haven't won the lottery, but where's the scam?

Password entry: are "paste from password manager" and "eyeball to view passwords" mutually-exclusive features?

Can WhatsApp, Signal or Telegram be hacked through a SIM SWAP attack?

Private messaging for protesters

Is it secure to consume services over HTTPS which is not signed by a trusted CA?

Can iterated hashes be used to create cryptographically secure random data from strong random seed?

When choosing a numeric PIN, does it help or hurt to make each digit unique?

What is the simplest safe way to convey a password to another person?

Is it possible to force a browser to use http in an ssl enabled (https) website?

How does neighbor know when WiFi/Internet is used?

How to locally monitor outgoing internet traffic?

Is it good practice to delete old accounts?

How to respond to a user requesting deletion of their online account

When a user tries to register with an unactivated email again, should I tell user that the emails has not been activated?

How to verify server ownership by public IP (without associated domain)?

What is a good way to authenticate a user to websites and applications with a smart phone?

Is there something like a “Windows Sandbox software Wrapper”?

Can my phone be located (e.g. by emergency personnel) when I use a VPN?

Why do we even use passwords / passphrases next to biometrics?

Is Array.Clear() in C# suitable for zeroing sensitive byte arrays?

Malicious payload in raw media file content

Is there any privacy- or security-relevant difference between FIDO2 and SQRL

How should I store and distribute deployment configurations?