SecurePass Archives - Giuseppe Paternò

The “Worse Passwords Chart” of 2015

Posted by gpaternoon 20 January 2016in Computer

Here are the worse passwords of 2015, with the positions as in a real music chart. Looks like I’m a DJ …. 🙂

1. 123456 (Unchanged)
2. password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 1)
5. 12345 (Down 2)
6. 123456789 (Unchanged)
7. football (Up 3)
8. 1234 (Down 1)
9. 1234567 (Up 2)
10. baseball (Down 2)
11. welcome (New)
12. 1234567890 (New)
13. abc123 (Up 1)
14. 111111 (Up 1)
15. 1qaz2wsx (New)
16. dragon (Down 7)
17. master (Up 2)
18. monkey (Down 6)
19. letmein (Down 6)
20. login (New)
21. princess (New)
22. qwertyuiop (New)
23. solo (New)
24. passw0rd (New)
25. starwars (New)

Please note the introduction of starwars, Seems that the movie did its job 🙂

If you’re a sysadmin and sick of being a potential target due to your users, please consider my free project login.farm or the commercial project SecurePass.

login.farm authentication API from shell

Posted by gpaternoon 5 November 2015in ComputerLeave a comment

I’ve been asked to provide an example of authenticating to login.farm via API call. What can be simpler than a shell script with curl? The example below is reading username and OTP+Password from standard input and perform a request. You will receive a JSON response with rc set to 0 and errorMsg set to authenticated if working correctly.

read -p "Username: " USERNAME
read -p "Password: " PASSWORD

APP_ID="my_app_id@login.farm"
APP_SECRET="my_app_secret"

curl -X POST                                  
     -d "USERNAME=$USERNAME&SECRET=$PASSWORD" 
     -H "X-SecurePass-App-ID: $APP_ID"          
     -H "X-SecurePass-App-Secret: $APP_SECRET"  
     https://beta.secure-pass.net/api/v1/users/auth

If you don’t have a login.farm account yet, follow the special link http://bit.ly/loginfarm

Interviewed by Extraordy

Posted by gpaternoon 20 May 2015in Computer

I was interviewed by Gaetano La Rosa, RedHat certified instructor and Solution Architect at Extraordy, on the current status and about the future of OpenStack. This interview is in italian.

Extended attributes best practices

Posted by gpaternoon 23 March 2015in Computer

After the release of the NSS plugin for SecurePass and my article on Alessio Treglia’s blog, I received a lot of queries on what are the attributes that are considered as “reserved”.

Well, there are not reserved attributes written on a stone in SecurePass Beta, but the following attributes names have been used in the NSS plugin:

posixuid → UID of the user
posixgid → GID of the user
posixhomedir → Home directory
posixshell → Desired shell
posixgecos → Gecos (defaults to username)

Also the keywords below have been used in some customers:

sshkey → SSH public key
bitcoin → Bitcoin address

The current development release of SecurePass tools contain a script to extract user’s ssh key and inject automatically into the ~/.ssh/authorized_keys

[fruitful_btn size=”mini” link=”https://beta.secure-pass.net/enroll/”%5DJoin SecurePass Beta[/fruitful_btn]