Highest Voted 'credential-reuse' Questions - IT Security Stack Exchange

43

votes

4 answers

What are the differences between credential stuffing and password spraying?

Wikipedia describes credential stuffing as a type of cyberattack where stolen account credentials typically consisting of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach) are used to gain …

passwords credential-reuse

asked Apr 30 '19 at 08:23

Motivated

1,493
1
14
25

29

votes

12 answers

Reusing passwords that can possibly never be cracked

Reusing passwords pose as a terrible risk for users because in the event of a data breach, with the passwords not being stored securely enough, this means that, by default, all other services that they use this password for are also compromised.…

passwords password-cracking credential-reuse

asked May 20 '18 at 09:39

user173331

3

votes

1 answer

Can I use HashiCorp Vault to restrict access to credentials based on CIDR ranges?

This seems like a pretty simple use case, but it would depend on some pretty recently added functionality which I might not understand yet: A python script gets populated by configuration management on a few monitoring servers within a specific IP…

access-control secret-sharing hashicorp-vault credential-reuse secrets-management

asked May 03 '18 at 18:01

Nathan Basanese

640
1
9
20

1

vote

1 answer

Does a password-derived public key authentication improve security over pure password-based authentication?

Despite best efforts it is pretty clear that most users reuse their credentials, especially for what they consider non-critical sites such as forums. While TFA does mitigate the potential damage of this a bit (aside from its other benefits of…

authentication passwords public-key-infrastructure credential-reuse

asked Jul 03 '20 at 08:40

Tobias Kienzler

7,578
10
43
66

1

vote

0 answers

How to cache auth credentials to speed up authentication

I'm developing some REST API that requires a HTTP basic auth to access. The APIs are written in Django, and the auth is based on Django auth middleware that is: it checks against the DB, the username and password. The password is stored with the…

authentication hash credentials credential-reuse

asked Feb 21 '17 at 16:23

EsseTi

643
1
5
8

1

vote

0 answers

Storing password or access token in standalone Java app

I have a simple Java app that use Eclipse JGit to pull remote repositories into the app to analyze and provide the user with code metric details on their projects. This app is supposed to be able to pull a repository at any time, so I would like to…

java token api git credential-reuse

asked Oct 05 '16 at 20:21

Edward McNealy

11
1

1

vote

2 answers

Should users be allowed to reuse/recyle the same login credentials across a network for different systems?

Should users be allowed to reuse/recycle the same login credentials across a network for different systems? Should this be disallowed/discouraged, or are the security implications minimal? If it's frowned upon, should the usernames and passwords be…

authentication user-education user-management credential-reuse

asked Apr 08 '16 at 14:53

user389823

625
6
11

0

votes

0 answers

Shared credentials logins between separate websites and trust issues

Brand A has multiple, separate websites - these websites reference each other as part of the brand family, but do not have a shared single sign on system. Instead, each website has their own login and account creation page - on which, there is the…

websites single-sign-on credential-reuse

asked May 05 '22 at 09:49

Moo

542
3
6

0

votes

2 answers

Password reuse for similar accounts

Assume I have two Github accounts, one for regular use and one for testing purposes. Or two PGP keys, one for pass and the other for encrypted email communication, and my backup scheme is exactly the same for both keys. Now assume I use a single…

threat-modeling credential-reuse

asked Jun 21 '19 at 14:28

e18r

153
7

Questions tagged [credential-reuse]