User Sjoerd - Information Security Stack Exchange

322 votes

Accepted

Is single quote filtering nonsense?

answered Feb 4, 2019 at 13:38

173 votes

Accepted

What is 'tabnabbing'?

answered Sep 8, 2016 at 11:24

120 votes

Accepted

What to do when using your private key from another computer?

answered Dec 22, 2016 at 15:57

117 votes

Accepted

Is it unsafe to show message that username/account does not exist at login?

answered Apr 25, 2017 at 13:20

112 votes

What does it mean to "burn a zero-day"?

answered Jun 17, 2018 at 17:20

107 votes

Accepted

Are EU cookie consent forms safe?

answered Sep 3, 2018 at 10:13

106 votes

Accepted

Is layered encryption more secure than long passwords?

answered Feb 19, 2019 at 13:32

96 votes

Accepted

Discouraging users from copying images off a website?

answered May 11, 2016 at 7:27

85 votes

Accepted

Should I use HTTPS on a domain that will only be used for redirection?

answered Mar 6, 2019 at 11:29

83 votes

Accepted

Is it a good idea to use the entire Unicode range to generate a random password rather than limited ranges?

answered Jan 16, 2018 at 12:51

69 votes

Accepted

Is it acceptable practice to only increment a number when changing a password?

answered May 12, 2016 at 9:45

68 votes

Accepted

Can someone without the WiFi login and no physical access to a router still access it with the admin login?

answered Sep 19, 2018 at 7:14

65 votes

Is it really Security Misconfiguration to show a version number?

answered Aug 13, 2019 at 9:26

51 votes

Secure USB cable for charging in untrusted environments

answered May 25, 2016 at 7:23

47 votes

How can an attacker use robots.txt?

answered Sep 19, 2019 at 12:50

44 votes

What are the cons of stateless password generators?

answered Jul 30, 2019 at 8:04

44 votes

Accepted

Could a Google Chrome extension read my password?

answered Jun 20 at 12:24

44 votes

How can an administrator secure against a 0day before patches are available?

answered Dec 13, 2018 at 8:43

40 votes

Accepted

Checksum vs. Hash: Differences and Similarities?

answered Sep 27, 2018 at 14:08

39 votes

Accepted

Password 'spatial' pattern?

answered May 28, 2017 at 8:20

39 votes

Accepted

How do "Confidence images" on my bank's login page improve security?

answered Jul 29, 2016 at 9:44

34 votes

Why was DES with 112 bit keys (IBM) reduced to 56?

answered May 9, 2016 at 12:35

34 votes

Determining Entropy in PHP

answered Sep 16 at 9:45

33 votes

What is the point of entering numbers in the two-factor authentication app?

answered Feb 2 at 10:10

33 votes

How can I securely develop a local webapp at a coffee shop?

answered May 17, 2017 at 14:17

32 votes

Accepted

How to avoid using System.String with Rfc2898DeriveBytes in C#

answered Aug 19, 2019 at 10:02

30 votes

Could governments and banks become CAs?

answered Jan 19, 2017 at 14:33

28 votes

Accepted

Is redirecting in htaccess providing enough security for sensitive pages?

answered Mar 5, 2017 at 19:44

26 votes

How can I check password strength client-side?

answered Nov 14, 2019 at 14:39

26 votes

Accepted

Ongoing effort to detect MitM attack on TLS?

answered Apr 26, 2021 at 10:32

Stack Exchange Network

473 Answers

Is single quote filtering nonsense?

What is 'tabnabbing'?

What to do when using your private key from another computer?

Is it unsafe to show message that username/account does not exist at login?

What does it mean to "burn a zero-day"?

Are EU cookie consent forms safe?

Is layered encryption more secure than long passwords?

Discouraging users from copying images off a website?

Should I use HTTPS on a domain that will only be used for redirection?

Is it a good idea to use the entire Unicode range to generate a random password rather than limited ranges?

Is it acceptable practice to only increment a number when changing a password?

Can someone without the WiFi login and no physical access to a router still access it with the admin login?

Is it really Security Misconfiguration to show a version number?

Secure USB cable for charging in untrusted environments

How can an attacker use robots.txt?

What are the cons of stateless password generators?

Could a Google Chrome extension read my password?

How can an administrator secure against a 0day before patches are available?

Checksum vs. Hash: Differences and Similarities?

Password 'spatial' pattern?

How do "Confidence images" on my bank's login page improve security?

Why was DES with 112 bit keys (IBM) reduced to 56?

Determining Entropy in PHP

What is the point of entering numbers in the two-factor authentication app?

How can I securely develop a local webapp at a coffee shop?

How to avoid using System.String with Rfc2898DeriveBytes in C#

Could governments and banks become CAs?

Is redirecting in htaccess providing enough security for sensitive pages?

How can I check password strength client-side?

Ongoing effort to detect MitM attack on TLS?