password-manager-resources
securitytxt.org
Our great sponsors
password-manager-resources | securitytxt.org | |
---|---|---|
19 | 42 | |
4,020 | 60 | |
1.4% | - | |
7.8 | 4.2 | |
15 days ago | 28 days ago | |
JavaScript | HTML | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
password-manager-resources
-
Don't Fuck with Paste
Even Apple was so annoyed at this themselves that they actually went for a full open-source open-for-contributions GitHub repository at https://github.com/apple/password-manager-resources to get around these issues.
> Many password managers generate strong, unique passwords for people so that they aren't tempted to create their passwords by hand, which leads to easily guessed and reused passwords. Every time a password manager generates a password that isn't compatible with a website, a person not only has a bad experience but a reason to be tempted to create their password. Compiling password rule quirks helps fewer people run into issues like these while also documenting that a service's password policy is too restrictive for people using password managers, which may incentivize the services to change.
-
Ask HN: Where's the website that shows password requirements for other sites?
Check out https://github.com/apple/password-manager-resources
-
Suggestion: Collect every website possible info about how long could be a password on that site and suggest the longest possible password for it
Apple has already created the database for this and made it open source: https://github.com/apple/password-manager-resources
- I’m really sick of keychain password suggestion NOT WORKING on more than half the internet. WHY!!
-
I hate password rules!
Something like this?
-
what is the most practical password length?
Password rules are really all over the place. Based on the sampling available on Apple's password rules database, seems that the majority of sites would accept a 12-character password (although ironically, most websites that restrict the password to be shorter than 12 characters seem to be banks...).
-
Easily move all your passwords from Bitwarden to iCloud Keychain
There are still some things in Keychain that feel stupid. For example, Keychain won't merge https://www.google.co.uk and https://www.google.com accounts into one and you can't do it by yourself, and it will even warn about duplicated passwords for these two websites — that's very stupid especially because Apple maintains open database for password managers which solves the problem of alias domains. But that's the most annoying thing for me.
-
YouTubePluginReplacement.cpp: YouTube-specific code in WebKit
https://github.com/apple/password-manager-resources/blob/mai...
For being "quite obscure", I've at least heard of most of these sites before. Banks with "maxlength: 8", you love to see it.
-
Why does Apple’s “Strong Password” not meet most websites’ criteria
FWIW, Apple asks users to tell them the password requirements to websites they notice the "Strong Password" feature doesn't work correctly.
-
How to use iCloud Keychain, Apple's built-in and free password manager
The password complexity rule set is open source, you can contribute requirements for specific sites: https://github.com/apple/password-manager-resources
securitytxt.org
-
How to respond to unsolicited vulnerability report from users of public sites?
You might consider setting up security.txt notifications, per RFC 9116, to funnel people into the right notification paths. Otherwise, they might try spamming random emails they find or can guess at. I've had external researchers contact our CTO and CEO directly, creating a new problem for me.
-
How to make a bounty bug request
Check if they have a security.txt, if they do not, check their /security. If both come up empty, use any contact form that they have available.
- A qui dénoncer une brèche?
-
Anywhere I can advertise a bounty for my site?
In addition to the Bug bounty programs already posted in the comments, I'd suggest you create a security.txt with a dedicated security contact.
-
need advice please
Does the website have a responsible disclosure page or a security.txt?
-
Whats the policy on posting open government or international government directories?
there's technically https://securitytxt.org as well; but sadly it's not in super duper wide deployment (some big places have it, though!)
-
Implementation of RFC 9116 (security.txt) as well as possibility for encrypted contact
Especially in the area you guys are operating in, I think it would be great if you could implement RFC 9116 (https://securitytxt.org/). If someone finds a vulnerability on your website, the client or even the SPN, this would make communication or a responsible disclosure process much easier. Furthermore, it would be great if the possibility for secure communication with your staff (e.g. using GPG) would be possible.
- I found a security issue on a website, came on a different sub to ask how to monetise this, gave the owners one week to give me a job, then when they didn't, made a tiktok about it to say how knowledgeable in IT I am. Why are they threatening me?
-
Infosys leaked FullAdminAccess AWS keys on PyPI for over a year
When do companies finally start adopting the `security.txt` proposal (see https://securitytxt.org).
Would have made a big difference!
- security.txt
What are some alternatives?
security.txt
foundationdb - FoundationDB - the open source, distributed, transactional key-value store
countwords - Playing with counting word frequencies (and performance) in various languages.
winget-pkgs - The Microsoft community Windows Package Manager manifest repository
hipaa-compliance-developers-guide - A developers guide to HIPAA compliance and application development.
hummingbird - Hummingbird compiles trained ML models into tensor computation for faster inference.
wyhash - The FASTEST QUALITY hash function, random number generators (PRNG) and hash map.
coremltools - Core ML tools contain supporting tools for Core ML model conversion, editing, and validation.
irssi - The client of the future
atlas-design - Atlas Design System serves the Microsoft Learn design & engineering teams. We are a CSS-first design system that aspires to beautiful, accessible, themeable, reading-direction-agnostic components.
leocad - A CAD application for creating virtual LEGO models