password

Can’t Find Google’s App Passwords Option? Here’s How to Access It Directly

 in Google  tagged application / google / password by

Introduction

Setting up app passwords is essential when you use applications or devices that don’t support 2-Step Verification codes. However, many users have reported difficulty finding the option to create an app password in their Google accounts, even after enabling 2-Step Verification. If you’re facing this issue, don’t worry—you can access the App Passwords page directly through a specific URL.

Why Is the App Passwords Option Missing?

Google frequently updates its interface and security settings, sometimes making features like App Passwords harder to locate. Reasons you might not see the option include:

  • Interface Changes: Google may have relocated the feature in recent updates.
  • Account Restrictions: Some account types, like business or education accounts, may have administrator restrictions.
  • Incomplete Verification Setup: If 2-Step Verification isn’t fully set up, the App Passwords option might not appear.

Direct Access to App Passwords

If the App Passwords option is elusive, you can bypass the navigation hassle by visiting the page directly:

🔗 Access App Passwords Directly

Step-by-Step Guide to Generate an App Password

  1. Visit the Direct Link: Click on the link above or enter it into your browser’s address bar.
  2. Sign In: Log in to your Google account if you’re not already signed in.
  3. Verify with 2-Step Verification: You may be prompted to complete a verification step to confirm your identity.
  4. Navigate to App Passwords: You should now be on the App Passwords page.
  5. Select the App and Device:
  • Select App: From the dropdown menu, select the app for which you’re generating the password. Select Other (Custom name) and enter a name if it’s not listed.
  • Select Device: Choose the device you’re using.
  1. Generate Password: Click Generate to create a unique app password.
  2. Use the Password: You’ll receive a 16-character password. When prompted for your Google account password, enter this into the app or device.

Tips and Considerations

  • Security: Keep your app passwords secure. Treat them like your regular passwords.
  • One-Time Use: Typically, you only need to enter the app password once per app or device.
  • Revocation: If you lose a device or no longer use an app, revoke its app password from the same App Passwords page.

Conclusion

Finding the App Passwords option can be frustrating, but accessing it directly through https://myaccount.google.com/apppasswords is a simple solution. Always ensure that your 2-Step Verification is fully set up and that you follow Google’s security recommendations to keep your account safe.

A digital vector logo for a team of Cypriot ethical hackers, featuring a stylized knight's helmet to represent the chivalry of ethical hacking. The helmet is merged with digital elements like pixels and circuit lines. The colors of the Cyprus flag are subtly integrated into the design, with a lock icon as the knight's crest to symbolize protection and cybersecurity.

Some important notes to keep in mind next time you create a password

 in Cyprus Cyber Security Challenge  tagged attack / hacker / password by

It is imperative that you understand why it’s important to avoid using patterns in your passwords, even if you try to make them more complex by including system information or a small random password.

Hackers can use various methods to guess passwords, including brute-force attacks, dictionary attacks, and social engineering techniques. One standard technique hackers use is to try to guess passwords based on patterns or common information, such as system names or random passwords.

Even if you combine a static base with system information and a small random password, this can still be guessed by a determined hacker. This is because hackers can use tools to scan your system for information and use that information to build targeted attacks against your account.

Additionally, hackers can also use social engineering techniques to try and guess your password. This could involve sending you a phishing email or creating a fake login page to trick you into entering your password.

To keep your accounts secure, it’s crucial to use strong, unique passwords that are not based on patterns or easily guessable information. A good password should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and special characters.

By creating a strong, unique password, you can help protect your online accounts from potential security breaches and keep your personal information safe. Remember to update your password regularly and never share it with anyone else.

How to reset root password in XAMPP MySQL 1

 in Applications  tagged mysql / password / reset / root / skip-grant-tables / xampp by

Recently a client got locked out of a MySQL deployment managed by a XAMPP. They requested us to reset the password for the root account. To do so, we followed the following procedure:

Using a text editor, we opened the following file, which is the MySQL configuration file:

C:\xampp\mysql\bin\my.ini

We found the section for the MySQL daemon, which starts after the line that contains the following tag:

[mysqld]

Right below the tag, we added a new line and added the following directive:

skip-grant-tables

Example of a configuration file:

[mysqld]
skip-grant-tables
port= 3306
socket = "C:/xampp/mysql/mysql.sock"
basedir = "C:/xampp/mysql" 
tmpdir = "C:/xampp/tmp"
...

The skip-grant-tables directive causes the server not to read the grant tables in the MySQL system schema and, thus, start without using the privilege system. This option gives anyone unrestricted server access to all databases.

After saving the file, we restarted the MySQL server from the XAMPP interface. This action forced the new settings to be loaded and take effect.

Next, using the command line, we connected to the MySQL server using the CLI client for MySQL:

C:\xampp\mysql\bin\mysql.exe --user=root

In the above command, we issued the mysql.exe application with only one parameter, the --user=root, which instructs the client to ignore the default login username and use root instead.

Once we activated the MySQL command line, we switched the usage to the mysql database using the following command:

USE mysql;

Using the following command, you can set the password for the root:

UPDATE user SET password = 'newPassword' WHERE user = 'root';

Note: In case you want to leave the root password blank, then you can use the following:

UPDATE user SET password = '' WHERE user = 'root';

Please note that there might be more than one entry for root in the system, as it could contain different IPs etc. To see all available options, execute the following:

SELECT * FROM user \G;

After we finished messing with the MySQL internals, we executed the following command to exit the MySQL terminal:

exit;

Then, we edited the MySQL configuration file again:

C:\xampp\mysql\bin\my.ini

We found the section for the MySQL daemon again, which starts after the line that contains the following tag:

[mysqld]

We removed our skip-grant-tables directive and saved the file.

We restarted the MySQL server via the XAMPP interface after saving the file. The restart forced the updated settings to load and take effect due to this action.

Success!! The root user had the password we set for it and we could access the database as expected.

The same guide can be used for other installations of MySQL so long you know where the MySQL configuration file is.

How to Reset Password on an Ubuntu with LVM

 in GNU/Linux  tagged bash / chroot / GNU/Linux / howtos / Logical Volume Manager / lvm / lvscan / mount / passwd / password / pvscan / ubuntu / Ubuntu server 20.04LTS / ubuntu-vg / vgchange / vgscan by

A few days ago, a client tasked us to recover the password of an Ubuntu server 20.04LTS. The machine owner only knew the username but had no idea about the complexity of the password. We’ve asked the client if it was OK for us to reset the password instead of recovering it (meaning that we would not even try to crack the mystery of what the previous password was and just set a new one), and thankfully, the client accepted our request.

The client set up the server using Ubuntu server edition 20.04LTS, and the disk partitions were using LVM (Logical Volume Manager). To our good luck, they were not using encrypted partitions. The procedure we followed to reset the password of that server was like so:

First of all, we shut down the server and booted it with a Live USB of an Ubuntu desktop 20.04LTS. Then we started a terminal and executed the following to get root access on the live system:

sudo su;

Then, we executed pvscan to list all physical volumes and gain some intelligence on which disk we needed to work on:

pvscan;

root@ubuntu:/home/ubuntu# pvscan
  /dev/sdc: open failed: No medium found
  PV /dev/sda3   VG ubuntu-vg       lvm2 [<3.64 TiB / 3.44 TiB free]
  Total: 1 [<3.64 TiB] / in use: 1 [<3.64 TiB] / in no VG: 0 [0   ]

Following that, we used vgscan to search for all volume groups:

vgscan;

root@ubuntu:/home/ubuntu# vgscan
  /dev/sdc: open failed: No medium found
  Found volume group "ubuntu-vg" using metadata type lvm2

From these two commands, it was clear that the disk /dev/sda3 contained an LVM partition with the logical volume group name ubuntu-vg. That logical volume group held the server’s filesystem, and it was the place we needed to access to change the user’s password.

So, we used vgchange to change the attributes of the volume group and activate it like so:

vgchange -a y;

root@ubuntu:/home/ubuntu# vgchange -a y
  /dev/sdc: open failed: No medium found
  /dev/sdc: open failed: No medium found
  1 logical volume(s) in volume group "ubuntu-vg" now active

Using lvscan, we were able to list all logical volumes in all volume groups and verify that we activated the volume group of interest successfully.

lvscan;

root@ubuntu:/home/ubuntu# lvscan
  /dev/sdc: open failed: No medium found
  ACTIVE            '/dev/ubuntu-vg/ubuntu-lv' [200.00 GiB] inherit

After these steps, we were ready to reset the password of the user finally. We continued to mount the logical volume group like any other disk on the /mnt folder:

mount /dev/ubuntu-vg/ubuntu-lv /mnt/;

Then, we used chroot to change the apparent root directory for the currently running process (and its children). This command allowed our terminal to work inside the logical volume as if we had booted the server OS itself.

chroot /mnt/;

Finally, using the passwd command, we changed the user password as so:

passwd -S bob;

To clean up, we exited the chroot environment:

exit;

Then, we unmounted the logical volume group:

umount /mnt;

And finally, we set the active flag of the volume group to no.

vgchange -a n;

After the above steps, we had safely applied all changes, so we rebooted the machine using its hard drive.