Questions tagged [passwords]
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource.
112 questions
4
votes
2
answers
434
views
Backup for an Android offline password manager
I am building an Android password management app, where passwords are locally kept for security reasons. The network endpoints are only for creating an account, email verifications etc.
I want to ...
- 79
2
votes
2
answers
315
views
Designing Password Recovery for an Offline-First Password Manager
I'm designing a password manager app for Android that prioritizes offline first security the idea is to store the vault locally and avoid any cloud dependencies during normal usage.
However, I'm ...
- 79
1
vote
2
answers
384
views
How best to securely store a password for automated access (no user interaction)?
I'm facing the classic chicken/egg problem of where to store the keys to the kingdom.
I'm building an application for retail distribution that will rely on receiving a cadence of regularly-issued Let'...
- 283
1
vote
2
answers
266
views
How to store an encrypted filesystem in a single file on disk on multiple platforms (maybe not portably), or alternatives
I'm in the very conceptual phase of designing an open source password manager that provides distributed Vaults that can be simultaneously accessed and managed from multiple devices with the promise of ...
- 111
1
vote
2
answers
419
views
How to best obfuscate a built-in key in an application?
We're building an application that needs to log into a website using built-in credentials. It's not optimal to say the least, but we're stuck with "knowing" the username and password ...
- 493
10
votes
8
answers
7k
views
Is Password Hashing Bad?
In software design and security, why would it not be a good idea for users to send you their passwords and it would be a better idea to delegate: use public-key auth or logging in with one of these: ...
- 527
0
votes
2
answers
475
views
Keeping user provided passwords to 3rd party services safe
I have a SaaS application in which users can connect their RDBMS (postgres, mysql etc) and query data from it. I'm wondering what's the best practice to keep their connection details safe. Currently, ...
- 125
-3
votes
1
answer
188
views
Any direct principles for writing a simple password generator
I need to write (in PHP, if that matters) my own password generator to generate simple passwords. Passwords that will be used by kids or elderly people only. That will generate passwords that are easy ...
- 2,416
0
votes
1
answer
132
views
Trying to implement a "password vault"-like solution for connection strings
I started to work on a 16 years old .net framework app that didnt receive any love for a decade and I have some time to "put it up to standards".
One of the things that ruffle my feathers is ...
- 141
3
votes
4
answers
3k
views
How to store a password so that it can be passed to another site/service which is expecting a plaintext input
I am developing a website and I would like to allow users to use XMPP for live chat. I would like users to have the option use an existing XMPP account if they wish and store their XMPP username and ...
- 43
0
votes
3
answers
241
views
Sysadmin password storing
I'm quite unexperienced in the sysadmin area. Now I'm facing the responsability of managing two (remote) servers. I'm working in an informal organization.
So I have passwords for the OS's users, ...
2
votes
4
answers
2k
views
How to compare passwords which is stored in DB in encrypted form in secure way?
Recently In an interview I was asked this question -
Question- If are storing passwords in encrypted format in DB and in future when user login into our website how will we perform authentication?
Me:...
- 147
-2
votes
1
answer
141
views
mask username and password in service file, or better approach
At work there is a given task where a python application is currently running on a server, this application is using a enviorment file, which has username and password information. The current ask is ...
- 107
-1
votes
1
answer
98
views
Protecting cryptocurrency private keys in a corporate environment
Now that Tesla has bought a large amount of BitCoin, other companies may follow suit. If my company wanted to do that, I was thinking about how it could be done.
I'm familiar with the way private ...
- 133
2
votes
1
answer
354
views
Is it a good design to have separate Hibernate entities for general user info and user password digest?
I'm developing an app with a user management system. There is a database table named user with the following columns:
| Column Name | Column Type |
|-----------------|-------------|
| userId ...
- 121