recentpopularlog in

kme : passwords   40

Usernames and passwords are not saved | Firefox Help
In my case I'd made an exception (to *not*, ever, save a password) for the sites that I wanted to save my password for. I thought it had something to do with the HTTP Basic authentication, but nope.
firefox  passwords  annoyance  solution 
11 days ago by kme
Is saving passwords in Chrome as safe as using LastPass if you leave it signed in? - Information Security Stack Exchange - https://security.stackexchange.com/
The feature we've been talking about helps users. That other one was a misguided attempt at being useful by filling in forms using things you typed on other websites. So imagine an autocomplete assistant like Clippy, but with worse social skills: "I see you're trying to log in to Ebay; I'll just fill in your login from Yahoo and we can see if that works." Yeah, we had funny ideas about security back in the 90's. You can see why putting autocomplete=off into everything even remotely security-related quickly became a bullet-point in site audits.
google  chrome  security  browser  passwordmanager  passwords  crypto  clippy 
may 2019 by kme
Where Are My Saved Passwords in Chrome - AskCyberSecurity.com - https://askcybersecurity.com/
It's a SQLite3 database
Your Google Chrome password file is located on your computer at C:\Users\$username\AppData\Local\Google\Chrome\User Data\Default. Your sites with stored passwords are listed in a file names Login Data
passwords  security  chrome  passwordmanager  sqlite 
may 2019 by kme
15.7. secrets — Generate secure random numbers for managing secrets — Python 3.6.0b4 documentation
Generate a ten-character alphanumeric password with at least one lowercase character, at least one uppercase character, and at least three digits:

import string
alphabet = string.ascii_letters + string.digits
while True:
password = ''.join(choice(alphabet) for i in range(10))
if (any(c.islower() for c in password)
and any(c.isupper() for c in password)
and sum(c.isdigit() for c in password) >= 3):
break

Generate an XKCD-style passphrase:

# On standard Linux systems, use a convenient dictionary file.
# Other platforms may need to provide their own word-list.
with open('/usr/share/dict/words') as f:
words = [word.strip() for word in f]
password = ' '.join(choice(words) for i in range(4))
python  passwords  security  solution 
november 2016 by kme
Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331” | Ars Technica
In fact, there's almost nothing preventing crackers from deciphering the hashes. LivingSocial used the SHA1 algorithm, which as mentioned earlier is woefully inadequate for password hashing. He also mentioned that the hashes had been "salted," meaning a unique set of bits had been added to each users' plaintext password before it was hashed. It turns out that this measure did little to mitigate the potential threat. That's because salt is largely a protection against rainbow tables and other types of precomputed attacks, which almost no one ever uses in real-world cracks. The file sizes involved in rainbow attacks are so unwieldy that they fell out of vogue once GPU-based cracking became viable. (LivingSocial later said it's in the process of transitioning to the much more secure bcrypt function.)
hacking  cracking  security  passwords 
january 2015 by kme
Fighting Hackers: Everything You've Been Told About Passwords Is Wrong | Wired Opinion | Wired.com
Security is not just about strong encryption, good anti-virus software, or techniques like two-factor authentication. It's also about the "fuzzy" things ... involving people. That's where the security game is often won or lost. Just ask Mat Honan.

We – the users – are supposed to be responsible, and are told what to do to stay secure. For example: "Don’t use the same password on different sites." "Use strong passwords." "Give good answers to security questions." But here’s the troublesome equation:

more services used = more passwords needed = more user pain

... which means it only gets harder and harder to follow such advice. Why? Because security and practicality are in conflict.
passwords  security  encryption  interesting  article  forthecomments 
october 2012 by kme

Copy this bookmark:





to read