Questions tagged [account-security]
Security controls and features related to an end user's account with a web/mobile based application or an operating system.
778 questions
4
votes
1
answer
3k
views
After recovering my hacked WhatsApp account, how can I be sure that I am no longer compromised?
This question is following on from my previous question, where my WhatsApp account was compromised after I visited a suspicious link and entered my account verification code.
I have set up two-step ...
0
votes
1
answer
163
views
Most hacker-proof login page
I'm trying to think of a way to create the most hacker-proof login system that I can only get into.
Currently my login page only consists of a password box and a button to submit data. Its run on an ...
- 11
0
votes
0
answers
46
views
Cybersecurity Strategy for a VSCode extension
I am working on an internal project which involves the creation of a VSCode extension like Github Copilot for internal projects.
I have to do the security strategy for this project. I thought of ...
1
vote
1
answer
91
views
How to store and manage user generated javascript code on website
I am currently working on a website where people can upload their pictures, put them in frames, add certian already coded effects. But, i know that there are some more invested users that would be ...
- 111
1
vote
0
answers
80
views
How can I keep a subdomain secure when its parent domain is not secure?
Suppose I have a domain whose name is example.com. example.com is maintained by other developers. Now suppose my job is to create a website named subdomain.example.com. Both websites are publicly ...
- 11
3
votes
3
answers
905
views
How secure is the "Remember me" feature in Keycloak?
I am using Keycloak 25 to protect several web applications in our company (Open ID Connect). There is the "Remember me" option in Keycloak, which can be enabled for the entire realm.
...
- 151
2
votes
1
answer
256
views
Doesn't the recovery number suffer from the same problems as 2-factor authentication by SMS?
I was reading some articles, like this one, about the risks of SMS-based multi-factor authentication and I started to think: doesn't an account recovery number present the same problems? Should I ...
- 21
16
votes
4
answers
5k
views
What prevents a browser from saving and tracking passwords entered to a site?
Since we are accessing Gmail from the Edge browser, Microsoft could have access to the Gmail password. Theoretically, Microsoft can track this password along with sending it to Gmail servers. What ...
- 473
0
votes
1
answer
117
views
How can I keep git ssh keys from developers in server
I'm trying to meet a requirement where devs can log in to a server, launch, and test code without having the ability to pull (or access any ssh keys)code from the repository.
I don't want to grant ...
- 846
4
votes
4
answers
3k
views
What's wrong with my app authentication scheme?
I'm writing my own networking layer for my video games startup and am using TCP for connection/authentication. I wanted to know how safe my authentication scheme was and what I could do to improve it.
...
1
vote
1
answer
196
views
Is receiving login codes you didn't ask for a security concern? [closed]
In the last few days, i received emails from Microsoft with login codes.
AFAIK Microsoft login works without password but with sending those codes to an alternate email.
In this email, Microsoft ...
- 119
1
vote
0
answers
173
views
Where to store Refresh Token in custom Authentication
I am currently trying to build an authentication flow where the front end lives on one domain, say X.com and the backend lives on Y.com. I have implemented a refresh/access token system where when a ...
1
vote
0
answers
102
views
how to apply authentication/authorization on CLI tools
I am doing a security audit on a command line tool. The tool is java based and it runs on the server side, it collects some info and generate a report at the end of the run.
This tool can run ...
- 465
1
vote
0
answers
50
views
In WHM/cPanel > Exim Config, how to prevent SendGrid API key from being breached?
Running a WHM/cPanel system on CentOS v7.9.2009 (STANDARD kvm) and cPanel Version 110.0.34.
We use WHM Exim Config with SendGrid for email forwarding.
In the last 3 months, our SendGrid account has ...
- 111
1
vote
1
answer
146
views
How effective is re-entering your password to enable high-risk functions on your account when autofill is always available?
Websites ask for passwords to ensure you are the account owner before you make changes to high-risk settings, but autofill works all the time, even when the browser is in Incognito mode.
If someone ...
- 121