How do very big companies manage passwords?

Third-party password managers such as 1password, etc. are very useful for people, businesses, etc. to store passwords, but obviously I bet Facebook, Google, Twitter and other super big tech companies don’t use such third-party services and have their own password managers for their most critical passwords.

How can a very big company manage some of the world’s most sensitive passwords? (example: Gmail team root access password!)

Even with the most advanced password manager, you still have the problem of the master password.

Should this be shared among a few trusted people? Or kept by only 1 or 2 people (then what happens in the case of an accident?)

Are big companies known to use implementations of Shamir’s Secret Sharing?

More generally, what are well known methods that very big companies use to manage their most sensitive passwords? (i.e. passwords that, if lost, could generate tens of billions of $ of loss)

Book of Lists Marketing for Pressure Washing Companies

The American Business Journals delivers a Book JAPAN FAX BROADCAST LIST of Lists every year in their numerous business sectors, it is savvy for compel washing organizations to utilize this book of records to discover new demographic. The book of records, records the top organizations in size in all industry areas. Since pressure washing organizations clean nearly anything, it profits them to utilize the book to specifically focus on the top organizations to work with. 

A mix of telephone and fax selling works best to make sure about close to home arrangements. The following is an unpleasant thought of how our organization utilizes the book of records for new deals. On the off chance that you own a weight washing organization you ought to as well. You may wish to duplicate this article and three-gap punch it for your promoting cover. Consider it and Wash On ! 

– – 

BOOK OF LIST INSTRUCTIONS 

Individual Car Washing – 

Avoid those organizations with under 25 workers 

Business Parks, Commercial Buildings, Property Management Companies – 

Fax to them each quarter 

Make individual visit like clockwork 

Temporary workers – 

Fax armada flyers each 4 to a half year 

Establishment Headquarters – 

Avoid establishment home office that are in our industry or are in an assistance business 

Day Care Centers, Senior Care/Retirement Living Facilities – 

Fax at regular intervals 

Pontoon/Marine Industry – 

Fax 1 time every year and visit 1 time for each year

How Do Online Identiy Verification Companies Ensures Their APIs to Be Not Abused?

I am trying to implement a photo ID verification along with a live-selfie verification on my Android/iOS apps.

I figured that I might be able to implement these features using Python machine learning libraries. However, I have no idea how to prevent hackers from directly sending verification data to my app’s server.

So, these days, many online identity verification companies utilize the “liveness” detection that can prevent users from taking photos of other people’s photos or photos of ID cards. They confirm if the images were not modified. They even make short videos to confirm the liveness.

However, what if the abuser is not a normal user, but a programmer? What can we do if the programmer directly calls our APIs and send photos or videos to the server? Then the liveness detection will become useless because we will not be able to differentiate the selfie directly sent by the programmer from a lively taken new selfie.

Any solutions? I can only guess that the only way to prevent this type of attacks would be making users take random actions generated by the server. Such as saying something on the screen or making users writing down random digits on the paper and take a picture with it.

Do large companies keep a detailed “company log” book/database? [closed]

In my life, I have spent a lot of time thinking and wondering about many things related to larger businesses, even though I have no direct connection to that world. By “larger”, I mean “not just a single carpenter or him and his brother”. Primarily, I’m talking about the kind of company which has a “board” of people, or at least a CEO in an office and a secretary and whatnot.

I often fantasize about how all the numerous things that a company is involved with, or own, or need to deal with internally, is kept track of. If I were starting a company today, the first thing I would do would be to create a database table called “company_log”, and then create a small web interface for me to be able to easily add new records to this log, or display/search existing ones, with clear timestamps recorded.

I would then, whenever I did anything in regards to the company, write this down as a “post”. Naturally, this database would be backed up in multiple copies regularly, encrypted and put in a fireproof safe. Some examples of what I imagine the posts would look like:

[timestamp] Bought new master computer from ACME, Inc. for $  55,998. [timestamp] Set up new master computer. Took 8 hours. Used Alice, Bob and Sue as my witnesses for security precautions. [timestamp] Meeting about the design of the new robot arms. [timestamp] Telephoned Something, Inc. about their prices for robot arm parts. [timestamp] Decided to order the parts from Other, Inc. [timestamp] Meeting about the launch campaign for the finished Robot Buddy. [timestamp] Decided to postpone the launch due to unforeseen issues with the market. [timestamp] Meeting about how to deal with the newly discovered competitor Evil, Inc. [timestamp] Read in the news that Evil, Inc.'s warehouses had been mysteriously bombed during the night. ... 

Basically, I would record every action that I consider in any way related to the company in a long log, so that I can later check back and know exactly what I did, when and why, and so that if I die unexpectedly, the entire company can theoretically (and practically) keep going as long as somebody goes through all the notes and thereby gets “up to date” with everything that has been done and could continue on where I stopped, even though they don’t have my exact brain/mentality, but you get the point.

(Of course, this could “almost” as easily/conveniently have been done with physical papers in folders, which would have to be copied by the secretary or something for backups. This is what I expect they did before computers became feasible/reliable for this kind of thing. The point is still the same.)

I also would have a kind of “overview panel” with dynamic numbers showing the current “stats” of the company, such as “current employees” and all kinds of numbers related to the current finances and other important things like that.

Is this how they do it? Or do they consider it a risk to keep such a log, because it could be leaked or stolen or seized, giving hard proof of all the evil acts they do to make all that money?

Also, I guess the CEO/founder of the company would also have an incentive to “keep it all in his brain” instead of written down, even if in an encrypted, private database, because it makes him more valuable/indispensable?

It makes a lot of sense that a massive corporation like Disney or The Coca-Cola Corporation or something like that is going to have a whole physical vault, if not more, of very redundantly secured backups of their full “company log”, both in digital and physical form. After all, the original founders are long dead and the companies are extremely large and make a huge amount of money every single day. You don’t task stupid risks in that situation. I’m sure they must have all this written down carefully, probably in leather-bound folders in a secure, locked, guarded office in their main headquarters or something along those lines?

How Does the companies authenticate internal users in internal systems?

assuming that a company has an AD/LDAP server with all employees and has many internal systems that must authenticate those users. How would be a good solutions in terms of security best practices to allow these systems to access LDAP server?

I think it’s bad allowing many different systems accessing the company users base. What would be a good solution? Do you know any references/guidelines to this type of problem?

Can the world’s tech companies handle the responsibility we give them?

Wow, where to start…

For over the past 20 years, we have been handing over more and more of our personal data to large private companies, not infrequently American, and in this documentary Cold Fusion looks a little closer at that in a mini documentary of about a quarter.

Among other things, how competition works in the tech industry, what responsibility the tech companies take for the information we share with them and how it all glows with freedom of expression. There is also some talk…

Can the world's tech companies handle the responsibility we give them?

Acquiring Failing Hosting Companies with Clients

I am once again looking to acquire startup hosting companies that can not cut the work if you have started a hosting company and can not keep up to the costs or can not successfully manage it then let me know.

For the past 10 years, we have acquired more than 60 "Fly By Night" hosting companies that had clients who have prepaid for service and did not know they were about to lose out. We successfully transferred all of those clients to our network and still host their sites today. We know…

Acquiring Failing Hosting Companies with Clients