|
baram. posted:don't use lastpass endlessmonotony posted:For laughing at. Little else. Might as well use a post-it note. [citation needed]
|
#
?
Nov 2, 2016 18:54
|
|
|
|
| # ? May 23, 2024 19:12 |
|
|
lastpass has been breached before and they don't exactly seem to be taking any strides to fix it.
|
|
#
?
Nov 2, 2016 21:13
|
|
|
Last Pass is bad if your goal is to actually keep secret things secret.
|
|
#
?
Nov 2, 2016 21:26
|
|
|
baram. posted:lastpass has been breached before and they don't exactly seem to be taking any strides to fix it. flosofl posted:Last Pass is bad if your goal is to actually keep secret things secret. Grassy Knowles posted:Hey, I know we've talked about password managers to death, well, Lastpass exploit. It's already been patched, but anyone using autofill on desktop should be changing their passwords now (and turning autofill off are you g-d kidding me?). Probably not the day to send me an ad e-mail Subject: Don't lock your loved ones out Body: Secure your digital will blah blah blah. https://www.wired.com/2015/06/hack-brief-password-manager-lastpass-got-breached-hard/ https://www.cnet.com/news/lastpass-ceo-reveals-details-on-security-breach/ Plus, it's owned by LogMeIn so you can easily assume that they're always acting in bad faith.
|
|
#
?
Nov 2, 2016 21:57
|
|
|
Am I the only one who just lets safari handle all my passwords on both iOS and OS X?
|
|
#
?
Nov 2, 2016 22:31
|
|
|
EL BROMANCE posted:Am I the only one who just lets safari handle all my passwords on both iOS and OS X? It's fine if you're only using Apple stuff. I'm multiplatform so I need the device support which I get from 1Password.
|
|
#
?
Nov 2, 2016 22:35
|
|
|
EL BROMANCE posted:Am I the only one who just lets safari handle all my passwords on both iOS and OS X? The Apple Keychain works great. For Safari. Good luck if you need to keep track of information outside of web interfaces. I use Apple Keychain for Safari, but I also use 1Password and store them there as well. It also keeps all the passwords for stuff in my home lab, my work lab, accessing customer devices, storing my TACACS credentials, etc. I use it store all my CC's and banking routing information, secure notes like tax PINs, my conference bridge credentials and so on. It's way more flexible than what I can currently use the Apple Keychain for.
|
|
#
?
Nov 2, 2016 22:37
|
|
|
Grassy Knowles posted:https://www.wired.com/2015/06/hack-brief-password-manager-lastpass-got-breached-hard/ Yeah if you're not using 2FA to protect your vault and other important logins then those things are concerning.
|
|
#
?
Nov 2, 2016 22:50
|
|
|
tuyop posted:Yeah if you're not using 2FA to protect your vault and other important logins then those things are concerning. http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/ speaks volumes to their inability to QA for information leakage. LastPass is bad, do not use. I feel like this is seat belts for computers. "I've never had anything happen and I've never worn a seatbelt!" Not using LasPass is something that reduces the risk of future harm.
|
|
#
?
Nov 2, 2016 23:03
|
|
|
tuyop posted:Yeah if you're not using 2FA to protect your vault and other important logins then those things are concerning. These are signs that their system and philosophy around matters of security are flawed, even if those specific breaches didn't end up harming you (and you wouldn't necessarily know if those breaches have harmed/will harm you, they haven't been dumped yet). I don't care to keep my most secure information with people who don't value it as secure. That's all. flosofl posted:http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/ Yeah, I quoted myself on that hole in the one that Tuyop quoted me on, but the double-quote didn't survive. Also condoms are good, people, and don't do kegstands in the back of a moving pickup truck.
|
|
#
?
Nov 2, 2016 23:16
|
|
|
Just keep in mind that none of the other password vaults are going to be any better. They just haven't been caught yet.
|
|
#
?
Nov 2, 2016 23:26
|
|
|
All the information stored inside LastPass is encrypted though. My understanding is that it would take, like, a nation-state to access my accounts without 2FA and for even them the important accounts are just impossible to access without my phone. Is that incorrect? It seems secure even if it's just stored in public because math doesn't care about a company's philosophy.
|
|
#
?
Nov 2, 2016 23:30
|
|
|
xzzy posted:Just keep in mind that none of the other password vaults are going to be any better. They just haven't been caught yet. My big stop is storing poo poo using ANY company's "cloud-based" vaults. I mean, I love 1Password but the minute they make me migrate to vaults stored and managed by them (i.e. the Families or Teams variant) is when I move back to Kepass. No thanks, I'll keep my separately encrypted vault on storage space I know you can't get to. Even if those storage providers could access them, all they'd have is an encrypted blob being stored there. Proteus Jones fucked around with this message at 23:37 on Nov 2, 2016 |
|
#
?
Nov 2, 2016 23:34
|
|
|
tuyop posted:All the information stored inside LastPass is encrypted though. My understanding is that it would take, like, a nation-state to access my accounts without 2FA and for even them the important accounts are just impossible to access without my phone. Is that incorrect? It seems secure even if it's just stored in public because math doesn't care about a company's philosophy. doesn't matter if the program itself gets tricked into thinking requestor is legit. https://bugs.chromium.org/p/project-zero/issues/detail?id=884
|
|
#
?
Nov 2, 2016 23:36
|
|
|
Just do what I do and write down your usernames and passwords on a piece of paper then fold that paper up and put it in a plastic baggie then put the plastic baggie up your rear end. No shady software developers or cloud service providers will ever get my passwords!
|
|
#
?
Nov 2, 2016 23:44
|
|
|
withak posted:Just do what I do and write down your usernames and passwords on a piece of paper then fold that paper up and put it in a plastic baggie then put the plastic baggie up your rear end. No shady software developers or cloud service providers will ever get my passwords! far better plan than lastpass, unless of course you also validate sketchy requests to your rear end
|
|
#
?
Nov 3, 2016 00:17
|
|
|
xzzy posted:Just keep in mind that none of the other password vaults are going to be any better. They just haven't been caught yet. That's crazy talk. My Dropbox holds my 1Pass vault. That 1Pass vault has a 30+ character pass phrase. The Dropbox account it's hosted in has a 40+ character password along with a second factor. Feel iffy about that? Then inconvenience yourself with Wifi synching your 1Pass vault and it will never touch the internet. LastPass stores all your stuff on their servers. If someone breaches Dropbox they still have to crack my 1Pass vault. Someone breaches LastPass, and you're done.
|
|
#
?
Nov 3, 2016 00:21
|
|
|
bobfather posted:If someone breaches Dropbox which would all be fine, but to speak to their philosophy, https://sethvargo.com/dropbox-hasnt-learned-their-lession/.
|
|
#
?
Nov 3, 2016 00:26
|
|
|
1password has their own sync service now
|
|
#
?
Nov 3, 2016 00:28
|
|
|
Mad Wack posted:1password has their own sync service now Isn't that the exact reason people poo poo on LastPass? The basic problem is that as soon as something exists on someone else's hard drive, even if it's transient, you've given up control of your data and should assume it's only a matter of time before someone compromises it. "Safe enough for now" doesn't cut it.
|
|
#
?
Nov 3, 2016 00:32
|
|
|
Grassy Knowles posted:Your process is spot on, but that phrasing implies that someone hasn't breached dropbox and yeah, about that... https://www.washingtonpost.com/news/the-switch/wp/2016/09/07/hacked-dropbox-data-of-68-million-users-is-now-or-sale-on-the-dark-web/ https://blogs.dropbox.com/dropbox/2014/10/dropbox-wasnt-hacked/ (the last one for the lol factor) Doesn't really matter, since there aren't any known holes with 256-bit AES, the encryption AgileBits uses on their 1Pass vaults. I wouldn't feel unsafe if anyone had access to my .opvault, unless they were using computers from a couple hundred years in the future. Also, Dropbox is arbitrary. You can also use iCloud to sync, WiFi sync, or even BT Sync (BT Sync doesn't work on iOS devices). With LastPass, you're depending on a single entity to 1) ensure the security of their web servers and 2) ensure the security of the data accessed through those servers. I could sit at a Starbucks and MITM LastPass all day and get login information that would get me direct access to people's passwords. I could do the same for Dropbox, but all I'd get is access to a 1Pass vault with a big fuckoff password. bobfather fucked around with this message at 00:38 on Nov 3, 2016 |
|
#
?
Nov 3, 2016 00:35
|
|
|
bobfather posted:That's crazy talk. My Dropbox holds my 1Pass vault. That 1Pass vault has a 30+ character pass phrase. The Dropbox account it's hosted in has a 40+ character password along with a second factor. Feel iffy about that? Then inconvenience yourself with Wifi synching your 1Pass vault and it will never touch the internet. They store it encrypted much like you do on your Dropbox. This makes it more susceptible to MITM attacks but that's about it
|
|
#
?
Nov 3, 2016 00:36
|
|
|
Endless Mike posted:They store it encrypted much like you do on your Dropbox. This makes it more susceptible to MITM attacks but that's about it Susceptible to MITM, at the least. LastPass is a black box with a security process that can't be audited. They could be storing passwords in plaintext on post it notes, for all anyone knows.
|
|
#
?
Nov 3, 2016 00:41
|
|
|
xzzy posted:Isn't that the exact reason people poo poo on LastPass? Yes, but you don't have to use their sync service to use 1password. There's no alternative storage method for lastpass. bobfather posted:Doesn't really matter, since there aren't any known holes with 256-bit AES, the encryption AgileBits uses on their 1Pass vaults. I wouldn't feel unsafe if anyone had access to my .opvault, unless they were using computers from a couple hundred years in the future. Right on. I wasn't trying to criticise the security of your process, just making sure that while we're on the topic that no one missed the forest for the trees and took it as a recommendation to specifically use dropbox, when they're just as deserving of shame as lastpass.
|
|
#
?
Nov 3, 2016 00:52
|
|
|
xzzy posted:Isn't that the exact reason people poo poo on LastPass? Yep. And I poo poo on 1Password for doing the same, personally. Still use them, just not their "hey store your vault with us" part. And If your super paranoid, as someone said earlier just turn on WiFi synching, and sync directly with your devices/computers. And then turn it off when done.
|
|
#
?
Nov 3, 2016 01:17
|
|
|
Has anyone run into an issue with Podcasts.app not showing newly-synced podcasts? As far as I can tell, the podcasts are successfully synced to the device. I can plug the phone in and see them (and even play them) using iTunes. But they won't show up in Podcasts.app and all I can see is older podcasts.
|
|
#
?
Nov 3, 2016 03:33
|
|
|
I have 1Password and I paid for the mac app too. Am I doing something wrong should I be able to like have my logins and passwords that I keep on my mac vault available to me on iPhone /safari iOS?
|
|
#
?
Nov 4, 2016 04:15
|
|
|
Assuming you use one of the 1Password sync methods, they should be available through the iOS 1Password app. Think you have to manually activate the 1Password option in Safari's share/more list to be able to access the stuff in Safari.
|
|
#
?
Nov 4, 2016 04:49
|
|
|
WithoutTheFezOn posted:Assuming you use one of the 1Password sync methods, they should be available through the iOS 1Password app. Think you have to manually activate the 1Password option in Safari's share/more list to be able to access the stuff in Safari. Yeah, 1Password makes you validate browser extensions agains the main program before it will let the extension/plugin access the vault now.
|
|
#
?
Nov 4, 2016 04:57
|
|
|
I've been using Downcast for years, but since 10.1.1 came out, it seem like it is absolutely killing my battery. It's been listed between 50-53% (in the background) over the last 2-3 days (according to the battery settings thing). I can force quit Downcast, or reboot to 'fix' the issue. (I notice an issue when my phone starts to feel hot and I pull it out of my pocket and I've gone from 90% down 24%.) I think I'm going to have to either stop using Downcast, or do a restore - neither of which are appealing. Anyone else having an issue like this?
|
|
#
?
Nov 4, 2016 15:49
|
|
|
withak posted:Just do what I do and write down your usernames and passwords on a piece of paper then fold that paper up and put it in a plastic baggie then put the plastic baggie up your rear end. AssPass?
|
|
#
?
Nov 4, 2016 16:20
|
|
|
Dick Trauma posted:AssPass? KeepAss.
|
|
#
?
Nov 4, 2016 16:33
|
|
|
DashAss
|
|
#
?
Nov 4, 2016 17:18
|
|
|
Asslane
|
|
#
?
Nov 4, 2016 17:23
|
|
|
I like Dark Sky.
|
|
#
?
Nov 4, 2016 17:23
|
|
|
rear end Catchcum posted:I like Dark Sky. You're just looking at things in the App Store and saying you like them, aren't you?
|
|
#
?
Nov 4, 2016 17:27
|
|
|
uBlock
|
|
#
?
Nov 4, 2016 17:33
|
|
|
i need an app to track haircuts
|
|
#
?
Nov 4, 2016 19:56
|
|
|
maduin posted:i need an app to track haircuts
|
|
#
?
Nov 4, 2016 20:01
|
|
|
|
| # ? May 23, 2024 19:12 |
|
|
maduin posted:i need an app to track haircuts All my podcasts have advertorials for GreatClips, maybe try that?
|
|
#
?
Nov 5, 2016 04:20
|
|