password-recovery
Chrome warning “[DOM] Password forms should have (optionally hidden) username fields for accessibility” in console even with hidden username field
I had the same problem. After some digging, I found that it needs to be an input element with the type text. By “optionally hidden” they mean that you may hide it with CSS. If you just add an input with the name email or username chrome gives you another warning saying that input elements … Read more
Implement password recovery best practice
When I was in the Air Force the security rule we had was: When setting or resetting passwords, do not send the user id and the password in the same email. That way, if someone is intercepting emails snooping for passwords, he has to successfully intercept BOTH emails, and be able to connect them, to … Read more
What is the default root pasword for MySQL 5.7
There’s so many answers out there saying to reinstall mysql or use some combo of mysqld_safe –skip-grant-tables and / or UPDATE mysql.user SET Password=PASSWORD(‘password’) and / or something else … … None of it was working for me Here’s what worked for me, on Ubuntu 18.04, from the top With special credit to this answer … Read more
Recover SVN password from local cache
On Windows, Subversion stores the auth data in %APPDATA%\Subversion\auth. The passwords however are stored encrypted, not in plaintext. You can decrypt those, but only if you log in to Windows as the same user for which the auth data was saved. Someone even wrote a tool to decrypt those. Never tried the tool myself so … Read more
RESTful password reset
Unauthenticated users We do a PUT request on a api/v1/account/password endpoint and require a parameter with the corresponding account email to identify the account for which the user wants to reset (update) the password: PUT : /api/v1/account/password?email={email@example.com} Note: As @DougDomeny mentioned in his comment passing the email as a query string in the url is … Read more