Questions tagged [password-management]
The functions performed by the person or processes responsible for security of passwords on a given system.
1,349 questions
0 votes
0 answers
57 views
Portable way to ask for a secret the platform's password store?
On Linux, password managers like .netrc, pass, GNOME/Keyring, and KeePass/KeePassXC, are queryable by other processes. I'm not as familiar with the 1st party options for Windows, but somehow KeePassXC ...
- 111
0 votes
1 answer
161 views
Is an offline password database with a key a reasonable way to hand over credentials?
Suppose I got tasked with setting an infrastructure for an organization that shared one password for everything from Wi-Fi, to that file share on a computer with missing side panel where everything is,...
- 101
1 vote
0 answers
72 views
Are secrets from automatically unlocked keychain in Ubuntu 24.04 Seahorse accessible for any application?
I am familiarizing with Ubuntu 24.04 and Seahorse. I recently connected to a password-protected network drive, and the password is now stored in my "login" keyring, which is encrypted with ...
- 11
14 votes
3 answers
4k views
Security implications to removing delay on empty passwords?
Login prompts on many systems (like Ubuntu) have a delay if an incorrect password is used. I understand this is to inhibit brute force attacks. Would there be any security implications to having no ...
- 241
0 votes
1 answer
202 views
Reasonable model for Storing credentials for use in scripts
I was reading question 180243 which states that using a password vault is the best option for credential storage. However this is rather cumbersome to setup. For a lower security use case (so no PII ...
2 votes
1 answer
561 views
What's the best method of securing keys/passwords used by a PowerShell script that runs when no user is logged in, using only one server, for free?
I have a server set up to run a PowerShell script every 15 minutes. This script needs to make API requests with keys and passwords. The script runs even when no user is logged in, so encryption based ...
user258111
0 votes
1 answer
198 views
Why is "not storing data protection keys" not a popular choice?
In the NIST SP 800-132, they specified two ways to use the data protection key (DPK) that is derived from a password. One of them is to use the DPK to encrypt data, and then, if I am not mistaken, ...
- 13
19 votes
7 answers
6k views
Is it secure to block passwords that are too similar to other employees' old passwords?
At my work, they don’t like different employees having ‘partially matching passwords.’ I had never thought anything of it before, but just now I realised what this means (or might mean.) When I ...
- 4,795