An encryption manager may encrypt mobile data associated with a mobile application executing on a mobile device, where the mobile application is configured to interact with a remote application executing on a remote server, and the mobile data is encrypted using a mobile password. A mobile password recovery manager may encrypt the mobile password, using a remote password used to access the remote application executing on the remote server, and may recover the mobile data, in case of loss of the mobile password, including decrypting the encrypted mobile password using the remote password.

The present disclosure provides systems and methods for authenticating a user to reset account login credentials associated with a non-network-connected generator computing device. The generator computing device is programmed to receive a first user input requesting to initiate a reset of account login credentials, generate a challenge code, set a timer, display the generated challenge code, and receive a second user input. The second user input is a response code generated at a services computing device associated with a services provider. The generator computing device is also programmed to verify that an amount of time elapsed between generation of the challenge code and receipt of the second user input is within a predefined time limit. The generator computing device is programmed to generate an expected response code, authenticate the user by comparing the received response code to the expected response code, and reset the account login credentials.

Disclosed are various examples for managing firmware passwords, such as BIOS passwords. A password reset command can be generated and transmitted to a client device. A management agent can execute the command and provide confirmation to a management service that the password has been updated.

A hosted secrets management transport system and method for managing secrets at one or more offsite locations that facilitates secret flow, secret retrieval, and secret replication. The method includes defining boundaries for two or more sovereignties, each sovereignty having an independent master record and each sovereignty including two or more regions; defining a primary region within the two or more regions; accessing, within the primary region, a master record hardware security module that is a primary source of secrets; defining a second region; accessing, within the second region, a backup record hardware security module that is where data backups of the secrets from the master record hardware security module are created; and executing live replication from the master record hardware security module to the backup record hardware security module in which the live replication that supports multi-tenancy secret management of multiple distinct companies at the same time.

An information handling system may include a persistent memory configured to be secured via a passphrase; a basic input/output system (BIOS); and a management controller configured to provide out-of-band management of the information handling system. The BIOS may be configured to set the passphrase of the persistent memory, encrypt the passphrase via a first key of a first asymmetric key pair, and transmit the encrypted passphrase to the management controller. The management controller may be configured to decrypt the encrypted passphrase via a second key of the first asymmetric key pair, re-encrypt the passphrase via a first key of a second asymmetric key pair, and transmit the re-encrypted passphrase to an external management console via an out-of-band management interface.

Examples of cloud-based removable drive encryption policy enforcement and recovery key management are described. In some examples, a removable drive encryption policy is received from a cloud-based management service. A removable drive is recognized by an operating system of a client device. An encryption command causes the operating system to request user password creation and encrypt the removable drive. A recovery key is identified from a write-output of the operating system. The recovery key is transmitted to the cloud-based management service for storage in a cloud-based removable drive recovery key escrow.

A communication device may receive from a server authentication information, and may register the authentication information in a memory. The communication device may send first location information in the communication device to the server. The communication device may register a first password in the memory in a case where the authentication information is received from the server and a registration request is received from the terminal device. The communication device may send the authentication information and second location information in the communication device to the server in a case where a first change instruction is obtained after the authentication information and the first password have been registered in the memory. The communication device may change the first password in the memory to a second password in a case where a change request is received from the terminal device.

Techniques and apparatus for providing peer-based management of user accounts are described. In one embodiment, for example, an apparatus may include at least one memory and logic coupled to the at least one memory. The logic may be configured to receive a request from at least one first user account to unlock a second user account locked responsive to a fraud event, determine a safe authentication value for the fraud event, and unlock the second user account responsive to the at least one first user account being a safe authentication account and the safe authentication value being over a safe authentication threshold value. Other embodiments are described.

A combination lock system includes a mobile communication device (10, 10′), a cloud server (20) and a combination lock (30, 30′). When the cloud server (20) determines that the mobile communication device (10, 10′) matches authentication information, the cloud server (20) outputs password information (22) corresponding to the authentication information to the mobile communication device (10, 10′), and the combination lock (30, 30′) obtains an electric energy and the password information (22) from the mobile communication device (10, 10′). When the combination lock (30, 30′) determines that one of the characters of the password setting module (31, 31′) matches one of the characters of the password information (22) corresponding to a corresponding arrangement order, the mobile communication device (10, 10′) displays display information.

A client device for use with a gateway device (or a Wi-Fi APD) with a key stored therein and an external server where an original singe sign on (SSO) password is stored. The client device transmits a one time password (OTP) request to the external server, obtains the OTP from the external server, transmits the OTP to the external server to authenticate the client device, transmits an encrypted SSO password request to the external server, onboards the gateway device using a temporary password, receives the encrypted SSO password from the external server, obtains the key from the gateway device, decrypts the encrypted SSO password using the key to obtain the SSO password, and changes the temporary password of the gateway device to the original SSO password.