Questions tagged [credential-reuse]
Credential reuse is the practice of users to reuse the same credentials (e.g. password) for multiple systems.
11 questions
0
votes
2
answers
212
views
How does it "allow a malicious website to obtain valid credentials." - WebAuthn
I'm not entirely convinced of the importance of verifying the authenticator attestation, and I've asked a question about it, I'm open to it, and if you want, you can post an answer at that question, ...
- 374
0
votes
3
answers
508
views
AES mode for reusing same keyset
I'm building a sharing protocol where users share data. To make it so only those authorised to read the data can do it, I'm using AES256 encryption. Every authorized person has a keyset (IV & key) ...
- 123
0
votes
2
answers
301
views
How to reuse PIN codes in the most secure way?
I've made a list of the services/devices that require a PIN code. Shockingly, it's over 10, which I find impossible to remember, so I need a strategy to reuse the codes.
What could be a strategy for ...
1
vote
1
answer
192
views
Does a password-derived public key authentication improve security over pure password-based authentication?
Despite best efforts it is pretty clear that most users reuse their credentials, especially for what they consider non-critical sites such as forums. While TFA does mitigate the potential damage of ...
- 7,988
0
votes
2
answers
172
views
Password reuse for similar accounts
Assume I have two Github accounts, one for regular use and one for testing purposes. Or two PGP keys, one for pass and the other for encrypted email communication, and my backup scheme is exactly the ...
- 153
42
votes
4
answers
13k
views
What are the differences between credential stuffing and password spraying?
Wikipedia describes credential stuffing as
a type of cyberattack where stolen account credentials typically
consisting of lists of usernames and/or email addresses and the
corresponding ...
- 1,513
28
votes
12
answers
17k
views
Reusing passwords that can possibly never be cracked
Reusing passwords pose as a terrible risk for users because in the event of a data breach, with the passwords not being stored securely enough, this means that, by default, all other services that ...
user173331
3
votes
1
answer
5k
views
Can I use HashiCorp Vault to restrict access to credentials based on CIDR ranges?
This seems like a pretty simple use case, but it would depend on some pretty recently added functionality which I might not understand yet:
A python script gets populated by configuration management ...
- 668
1
vote
0
answers
598
views
How to cache auth credentials to speed up authentication
I'm developing some REST API that requires a HTTP basic auth to access. The APIs are written in Django, and the auth is based on Django auth middleware that is: it checks against the DB, the username ...
- 723
1
vote
0
answers
1k
views
Storing password or access token in standalone Java app
I have a simple Java app that use Eclipse JGit to pull remote repositories into the app to analyze and provide the user with code metric details on their projects. This app is supposed to be able to ...
1
vote
2
answers
788
views
Should users be allowed to reuse/recyle the same login credentials across a network for different systems?
Should users be allowed to reuse/recycle the same login credentials across a network for different systems? Should this be disallowed/discouraged, or are the security implications minimal? If it's ...
- 635