IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [recovery]

64 questions
24
votes
3 answers

Where to find Google Authenticator backup codes?

I'm slightly confused about obtaining Google Authenticator backup codes. I can find my Google Account backup codes at: https://myaccount.google.com/signinoptions/two-step-verification But have no idea if those are the ones I should use to restore…
a.s.t.r.o
  • 343
  • 1
  • 2
  • 6
21
votes
4 answers

How secure are password managers with account recovery?

The major commercial password manager companies claim to have a "zero knowledge" system. This means the master password of the user is the only way to decrypt the data and it's is not stored anywhere. So even the company doesn't know the master…
David
  • 431
  • 4
  • 9
19
votes
6 answers

Is it possible to recover a lost passphrase for a private key file?

We have a set of public and private keys and certificates on the server. The problem is that while public encryption works fine, the passphrase for the .key file got lost. So, when trying to execute the following command: openssl rsa -in the.key It…
Kevin Kopf
  • 311
  • 1
  • 2
  • 8
16
votes
2 answers

is LastPass SMS Recovery a security risk?

According to the LastPass FAQ, employees of LastPass cannot see nor decrypt the stored passwords. LastPass encrypts your Vault before it goes to the server using 256-bit AES encryption. Since the Vault is already encrypted before it leaves your…
eKKiM
  • 285
  • 2
  • 9
12
votes
9 answers

How to choose a password that I have to remember for a long time but do not use a lot

I have a scenario where I have to remember a password / keyphrase, which I will not be able to recover if I forget it, for a long time (probably more than 10 years). The problem is because this password is part of a disaster recovery strategy I will…
Martin
  • 535
  • 3
  • 11
8
votes
3 answers

Recovery email for email services

The famous Mat Honan hack got me thinking about e-mail password recovery, and how any link in the chain can break all the links preceding it. In Mat's example, that link happened to be the last link, and the entire chain broke down. Specifically,…
t0x1n
  • 181
  • 1
  • 4
8
votes
2 answers

GPG/GnuPG secret key passphrase recovery and/or .gnupg/private-keys-v1.d/ file format

Bad news: I forgot a GnuPG secret key passphrase. Good news: I do know the words it is constructed of. So, I can easily use john or similar to recover (too many combinations to do it manually, though). Problem: The secret key is not in the…
Ned64
  • 245
  • 1
  • 2
  • 13
8
votes
1 answer

Cases where DBAN has won

Are there any real life cases where software such as DBAN (to securely erase disks) has beaten government/law enforcement agencies? I found this online which lists each time encryption has beaten investigators, but nothing for secure…
k1308517
  • 1,272
  • 14
  • 27
7
votes
4 answers

Decentralised password recovery

Are there good/established techniques for password/key recovery in situations without a centralised service? (Anything goes, but I'd prefer solutions that distribute the recovery information across multiple places) For example: I can imagine a…
cloudfeet
  • 2,528
  • 17
  • 22
7
votes
2 answers

How should backups be tested in large offices?

I always hear people say "test your backups", but I have no idea how that is done in practice when you have to deal with complex infrastructures. For personal backups it's easy to rely on something like checksums, because all you have to recover is…
reed
  • 15,398
  • 6
  • 43
  • 64
7
votes
2 answers

What type of data can be recovered from the swap file / page file and thumbs file

This question follows on from a previously posted question on recovery of data from a wiped disk. I have been informed that no files have been found on the computer on the hard disk or in the deleted files (unallocated space / slack). Therefore if…
James009
  • 111
  • 1
  • 7
7
votes
1 answer

Do viruses infect recovery partitions?

In the "Good ol' Days", Windows came on a CD, and when one got a virus, one had original, write only medium to clean up one's computer completely. Nowadays, most computers have a "recovery partition", where the OEM has a disk image of a Windows…
rec
  • 71
  • 1
  • 2
5
votes
2 answers

Does Google account's "recovery phone" have any benefit if I never forget my password?

Google lets you add a recovery phone number to your account because: Your recovery phone is used to reach you in case we detect unusual activity in your account or you accidentally get locked out. Thing is, I'm not sure what scenarios they have in…
user541686
  • 2,502
  • 2
  • 21
  • 28
4
votes
5 answers

Incident response and recovery from a security breach with unknown attack vector

Security breaches, hacks, “cyber” attacks or server compromises happen quite frequently, unfortunately, such as Quora in December 2018, Facebook in September 2018, Equifax in September 2017, Exactis in June 2018, MyFitnessPal in March 2018, and…
caw
  • 199
  • 1
  • 11
3
votes
2 answers

Signing the Recovery Partition

Do any computer manufacturers sign (DSA, or just publishing a hash) their recovery partitions so that I can be sure that these bits are authentic? I'd like to buy a second-hand computer and reduce the chance of it having any spyware.
bobuhito
  • 230
  • 1
  • 8
1
2 3 4 5