|
Nephzinho posted:My parents just found a few thousand points of space marines in their attic that has been sitting there since I moved for college. I don't even know how to go about selling it and am slightly scared of seeing how much I spent over the years (especially considering I already got rid of my Orks. And Tyranids. And Dark Eldar.). $1000 Warhams Actually, you should keep a handful of dudes and build a Killteam squad 
|
#
?
May 22, 2019 20:26
|
|
|
|
| # ? Jun 2, 2024 02:13 |
|
|
lmao @ crypto but the concern about SIM swaps and the problems with SMS-based 2FA are legit whether it's attacks against your shitcoins or your actual bank account.
|
|
#
?
May 22, 2019 20:50
|
|
|
canyoneer posted:$1000 Warhams ... I already have a kill team of space marines on my bookshelf that has moved with me over the years separate from this newly discovered horde. I was super cool in high school.
|
|
#
?
May 22, 2019 21:17
|
|
|
Hoodwinker posted:lmao @ crypto but the concern about SIM swaps and the problems with SMS-based 2FA are legit whether it's attacks against your shitcoins or your actual bank account. With an actual bank account at least you have recourse. No excuse for using SMS 2FA, though, complain to your bank if they can't do better.
|
|
#
?
May 22, 2019 21:21
|
|
|
Nephzinho posted:... I already have a kill team of space marines on my bookshelf that has moved with me over the years separate from this newly discovered horde. I reserve judgement on this statement until you reveal which chapter 
|
|
#
?
May 22, 2019 21:22
|
|
|
Ralith posted:With an actual bank account at least you have recourse. No excuse for using SMS 2FA, though, complain to your bank if they can't do better. I'm safe, my bank doesn't have any kind of 2FA 
|
|
#
?
May 22, 2019 21:28
|
|
|
Ralith posted:With an actual bank account at least you have recourse. No excuse for using SMS 2FA, though, complain to your bank if they can't do better. Thankfully, when you look at the list of investment companies, many of those support hardware and software tokens.
|
|
#
?
May 22, 2019 21:31
|
|
|
Hoodwinker posted:Thankfully, when you look at the list of investment companies, many of those support hardware and software tokens. 
|
|
#
?
May 22, 2019 21:40
|
|
|
Ralith posted:Vanguard supports U2F tokens but refuses to let you use them with any browser but Chrome and requires a SMS fallback
|
|
#
?
May 22, 2019 21:44
|
|
|
I bought Forgeworld resin models a month before plastic ones for the same thing were released. That was a great feeling.
|
|
#
?
May 22, 2019 21:50
|
|
|
Nephzinho posted:... I already have a kill team of space marines on my bookshelf that has moved with me over the years separate from this newly discovered horde. Phil?
|
|
#
?
May 22, 2019 21:53
|
|
|
Risky Bisquick posted:I reserve judgement on this statement until you reveal which chapter Fists. Mostly because I found an easy way to prime yellow and sepia wash.
|
|
#
?
May 22, 2019 22:07
|
|
|
Hoodwinker posted:You can set the SMS to a google voice number. If you're at all concerned about cyber security, I highly, highly, highly recommend setting up a google voice number and using it as your recovery number for everything you can. This completely eliminates the possibility of a direct SIM swap attack to that account. Why not a code generator app, or a hardware token? Honest question. Related: been debating with myself if bank info should be in password manager. Is that yay or nay?
|
|
#
?
May 22, 2019 22:21
|
|
|
Furia posted:Why not a code generator app, or a hardware token? Honest question. Everybody should be using a password manager. Is your bank info the same login name or password as anywhere else? That's bad. I use KeePass because it's offline and then have it backed up (the database itself is strongly encrypted) to a secondary location periodically.
|
|
#
?
May 22, 2019 22:27
|
|
|
Furia posted:Why not a code generator app, or a hardware token? Honest question. I put mine in one. If you've got your email password in one, not much reason not to.
|
|
#
?
May 22, 2019 22:33
|
|
|
Furia posted:Why not a code generator app, or a hardware token? Honest question. He's saying for when they only offer SMS.
|
|
#
?
May 22, 2019 22:39
|
|
|
Google Voice doesn’t work with some banks for SMS auth. I think Ally might have this issue? Most times they’ll have an alternative to send you a code via email.
|
|
#
?
May 22, 2019 23:16
|
|
|
Alright all that checks out. Just checking because I’m using lastpass (which I’ve been thinking about changing. Keepass might be a shout if it has cross-device sync) and had my bank passwords in there and I was wondering if that was a step too far (I also use code based 2FA for everything that will take it). Thanks all
|
|
#
?
May 23, 2019 08:02
|
|
|
Hoodwinker posted:Everybody should be using a password manager. Is your bank info the same login name or password as anywhere else? That's bad. I use KeePass because it's offline and then have it backed up (the database itself is strongly encrypted) to a secondary location periodically. Does a small notepad I keep locked in a cabinet in my goon lair count? If someone has access to that, a number of safeguards have already been defeated and people having access to my accounts would be the least of my concerns. 
|
|
#
?
May 23, 2019 11:14
|
|
|
BloodBag posted:Does a small notepad I keep locked in a cabinet in my goon lair count? If someone has access to that, a number of safeguards have already been defeated and people having access to my accounts would be the least of my concerns. no one will ever find the emperor's secrets once grover tomb collapses
|
|
#
?
May 23, 2019 11:32
|
|
|
Furia posted:Alright all that checks out. Just checking because I’m using lastpass (which I’ve been thinking about changing. Keepass might be a shout if it has cross-device sync) [...] It doesn't, but you can put the password database and/or a portable version of keepass in dropbox and that works fine. The database should work on everything that dropbox and keepass will also work on. You can even put the database in dropbox but then manually put a keyfile (used to unlock along with the password) on each device or computer you want to use it on, for added security, so your passwords get synced but nobody who gets into your dropbox can get into them without that file and a password.
|
|
#
?
May 23, 2019 12:19
|
|
|
Technology is terrible is stupid
|
|
#
?
May 23, 2019 12:47
|
|
|
Nettle Soup posted:It doesn't, but you can put the password database and/or a portable version of keepass in dropbox and that works fine. The database should work on everything that dropbox and keepass will also work on. You can even put the database in dropbox but then manually put a keyfile (used to unlock along with the password) on each device or computer you want to use it on, for added security, so your passwords get synced but nobody who gets into your dropbox can get into them without that file and a password. Would that work for onedrive and an ios device?
|
|
#
?
May 23, 2019 12:48
|
|
|
BloodBag posted:Does a small notepad I keep locked in a cabinet in my goon lair count? If someone has access to that, a number of safeguards have already been defeated and people having access to my accounts would be the least of my concerns. Furia posted:Would that work for onedrive and an ios device? brugroffil posted:Technology is terrible is stupid Hoodwinker fucked around with this message at 13:33 on May 23, 2019 |
|
#
?
May 23, 2019 13:25
|
|
|
Alan Smithee posted:no one will ever find the emperor's secrets once grover tomb collapses Here lies Grover, he died as he lived, with warm feet upon his stairs.
|
|
#
?
May 23, 2019 13:55
|
|
|
I thought the latest thoughts on best practices for passwords were longer phrases rather than random gibberish?
|
|
#
?
May 23, 2019 14:16
|
|
|
brugroffil posted:I thought the latest thoughts on best practices for passwords were longer phrases rather than random gibberish? Better yet is to use well designed semi-random gibberish, unique to each site, and keep them recorded in a file locked with a longer phrase you can actually remember.
|
|
#
?
May 23, 2019 14:21
|
|
|
brugroffil posted:I thought the latest thoughts on best practices for passwords were longer phrases rather than random gibberish? Most sites won’t allow you to create long phrases without numbers and punctuation. And the advantage of that kind of password is that they’re longer while still being memorable; if you use a password manager you can make infinite long complex passwords without needing to remember any.
|
|
#
?
May 23, 2019 14:22
|
|
|
Hoodwinker, you are a saint. Thanks for all your help.brugroffil posted:I thought the latest thoughts on best practices for passwords were longer phrases rather than random gibberish? The idea of long (somewhat random) phrases is that: 1-It makes the passwords longer than you would otherwise make them, thereby making them difficult to crack or guess 2-Are easier to remember than dumb (typically standard) substitutions (0 for O, 3 for E etc) 3-It removes the need for the (typically standard) use of punctuation (adding ! at the end of the password you were going to use anyways, for instance) None of which matters if you have a password manager which can store passwords up to 264 digits of length with more character possibilities and which is protected by a single, extremely strong password (something you know) and 2FA of some variety (something you are or have)
|
|
#
?
May 23, 2019 14:27
|
|
|
I’m really sorry I posted that bitcoin tweet.
|
|
#
?
May 23, 2019 14:28
|
|
|
zelah posted:I’m really sorry I posted that bitcoin tweet.
|
|
#
?
May 23, 2019 14:30
|
|
|
brugroffil posted:I thought the latest thoughts on best practices for passwords were longer phrases rather than random gibberish? Depends on what you're after. If you want to remember something, then yes use a long phrase of 30+ letters and you'll be fine, especially if you randomly substitute letters for characters/numbers/whatever. If you have a password manager and don't NEED to remember anything but the master password, than an equally long set of random gibberish is technically better. Your e-mail should be your strongest password since nearly every password you have can be reset via your e-mail. On top of this, best practice is to have a different password for every single login. Honestly that last part is the most critical. Nobody "cracks" individual passwords anymore, at least not on sites that have complex requirements (replacing the "o" with a zero in "password" and adding an exclamation point at the end isn't secure). People steal unsecured password databases (or they take secured databases and they crack the encryption offline) and then use those credentials to log in to other sites. No amount of complex passwords will help you there, but using different passwords everywhere will limit their access to your stuff. So if for example your KickStarter password was stolen a few years ago in their breach, the hackers will take those credentials and plug them in to other sites to see where they can get in.
|
|
#
?
May 23, 2019 15:07
|
|
|
I just noticed the  troll flair!
|
|
#
?
May 23, 2019 15:56
|
|
|
Yes, a troll
|
|
#
?
May 23, 2019 16:02
|
|
|
DaveSauce posted:People steal unsecured password databases (or they take secured databases and they crack the encryption offline) and then use those credentials to log in to other sites. No amount of complex passwords will help you there
|
|
#
?
May 23, 2019 16:55
|
|
|
If I had to guess even if you steal a secured database if you have some way of working out how the secured passwords are being stored all you need to check is standard stuff like qwerty or L37M31n and you’d be in business for at least a couple accounts
|
|
#
?
May 23, 2019 17:28
|
|
|
Furia posted:If I had to guess even if you steal a secured database if you have some way of working out how the secured passwords are being stored all you need to check is standard stuff like qwerty or L37M31n and you’d be in business for at least a couple accounts
|
|
#
?
May 23, 2019 17:39
|
|
|
Sounds delicious
|
|
#
?
May 23, 2019 17:43
|
|
|
Simpsons Reference posted:Sounds delicious
|
|
#
?
May 23, 2019 17:43
|
|
|
|
| # ? Jun 2, 2024 02:13 |
|
|
Hoodwinker posted:Each password should be individually salted, so cracking one does not crack the others. Should be, but in my experience the entirety of the internet is held together by rust and bird poo poo, so whether or not your info is stored securely is 100% a crapshoot. Nobody has seen meaningful legal punishment for leaking data, so there’s not much incentive for security. BWM: trusting businesses on the internet
|
|
#
?
May 23, 2019 17:46
|
|
