• What’s the best way to generate a cryptographically secure token?

    In order to generate a 32 character token for access to our API, we've been using this: $token = md5(uniqid(mt_rand(), true)); But someone told us that this isn't the best way to secure it and that we should use this instead: openssl_random_pseudo_bytes What's the best way here? Thanks for the help.

    ITKE376,290 pointsBadges:
  • What is the correct way to log out of an HTTP authentication-protected folder?

    Does anyone know of the right way to log out of HTTP authentication protected folder? I understand there are workarounds but they can be dangerous too. Does anyone have a good solution?

    ITKE376,290 pointsBadges:
  • How do I create a SAML authentication request using Windows Identity Foundation?

    I'm trying to use an API to create SAML authentication requests and receive/interpret the SAML responses but I'm not sure of the best way to do this. I've figured out how to receive and interpret the responses. Can someone point me in the right direction on using APIs to create SAML requests. Thank...

    ITKE376,290 pointsBadges:
  • Are there any alternatives to multifactor authentication that protect user information as well?

    Does anyone happen to know if there are any alternatives out there to multifactor authentication that will protect user information as well?

    ITKE376,290 pointsBadges:
  • What does RESTful Authentication mean and how does it work? 

    Does anyone know what RESTful authentication means and how it works? I've been searching but can't find much on it. The only understanding that I have is that you pass the session key in the URL. Am I on the right track here? Thanks so much.

    ITKE376,290 pointsBadges:
  • What are the advantages and disadvantages of using key files for web authentication?

    We have a corporate web mail site (that uses PHP and MySQL) for specific users of our company who are working remotely with the web portal. Each user has a password and login. Now, I'm thinking about replacing using text passwords with a key file. Would this type of authentication be more secure...

    ITKE376,290 pointsBadges:
  • Digital signature and entity authentication

    What is used to create a digital signature?

    michaelasmoah10 pointsBadges:
  • Should I use FIDO U2F even if it is not yet the standard?

    I'm working on a security project for my organization and I'm wondering if I should use Fido U2F even if it's not the standard anymore. I would appreciate any advice.

    ITKE376,290 pointsBadges:
  • Tacacs and authentication on Cisco routers

    We have ACS 3.X server for tacacs + and radius authentication in our LAN switches. Right now I'm able to login through tacacs+ only. I want to enable tacacs+ as well as local telnet login. This will help me to login in switches if the tacacs will fail.

    Ekansh400 pointsBadges:
  • Does multifactor authentication work differently in a cloud-based platform like Windows Azure?

    I'm pretty new to the security field and I was wondering if multi-factor authentication works any differently in a cloud-based platform like Windows Azure? Thanks!

    ITKE376,290 pointsBadges:
  • How does Windows Azure multifactor authentication work?

    Would anyone be able to explain how Windows Azure multifactor authentication work? Thanks in advance.

    ITKE376,290 pointsBadges:
  • Multi-Site, single-domain setup question about? Which DC authenticates login’s?

    I have a single domain/forest setup. I recently created a second site in active directory and added a domain controller to it. Both DC's are server 2003.  At the new site with the new DC, I run the command "echo %logonserver%" on a workstation, and it replies back with the old domain controller...

    Ingram871,285 pointsBadges:
  • Are passwordless SSH logins more secure?

    My friend and I recently had a 'thoughtful' discussion on whether SSH authentication is more secure than authentication using passwords. He always connects to servers with passwords but I prefer to log into our system without having to enter a password every single time. I know he's scared about...

    ITKE376,290 pointsBadges:
  • How do I find which app is causing sign-on issues?

    I've been using Google two-factor authentication on my Galaxy tablet and I keep receiving this notification of a 'sign-in error' for my Google account. My Gmail and other apps are working fine but when I went into my settings on a different computer, and it revoked the application-specific password...

    ITKE376,290 pointsBadges:
  • How do I securely store a life-long access token?

    Does anyone know what security measures I should put in place to ensure that if my database was compromised, that my long-life access tokens wouldn't be stolen. Ideally, I would like to encrypt them but I'm not sure how I should do this (particularly when it comes to an open source project).

    ITKE376,290 pointsBadges:
  • How do I generate a secure token for a mobile app to protect its data?

    I recently developed a back end REST API for my mobile application and now I'm looking to implement token-based authentication so I avoid having the user to login every run on the application. My first thought was using basic authentication over SSL. So once the user sends the credentials through...

    ITKE376,290 pointsBadges:
  • What is the difference between RSA and DSA keys?

    I've been generating SSH authentication keys on our Linux/Unix system using ssh-keygen I've been given the choice of creating a RSA of DSA key pair (using -t type). Does anyone know the difference between RSA and DSA keys? Why should I choose one over the other?

    ITKE376,290 pointsBadges:
  • Setting up file authentication in Oracle 9i

    How can we set up a file authentication in Oracle 9i?

    989986944515 pointsBadges:
  • How to customize Plone login for two-factor authentication

    I'm pretty new to Plone and Python but I need to customize an existing plone installation login to include two-factor authentication from Duo-Security. Does anyone know the best way to do this? Would there be a Python API for this?

    ITKE376,290 pointsBadges:
  • How do I create a Windows 8 profile for shared key authentication?

    I've noticed that my Windows 8 won't let me connect to a wireless network that uses WEP with shared-key authentication. I ran Windows 8's network diagnostics wizard and it shows that one exists. The wireless network that you are trying to connect to requires shared-key authentication, a low...

    ITKE376,290 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.