|
So for a normal user, what is the average amount of time that passes between clean Windows installs? I average about once a year per PC. The desktop I use for my media editing has been progressively getting slower over the past couple of months - it's amazing how a clean install brings it back to normal.
|
#
?
Feb 26, 2017 22:48
|
|
|
|
| # ? May 10, 2024 00:57 |
|
|
Goober Peas posted:So for a normal user, what is the average amount of time that passes between clean Windows installs? I average about once a year per PC. The desktop I use for my media editing has been progressively getting slower over the past couple of months - it's amazing how a clean install brings it back to normal. Barring hardware failure or malware, the average user should not have to reinstall Windows. If your PC benefits from annual reinstalls, something's going very wrong.
|
|
#
?
Feb 26, 2017 23:10
|
|
|
Windows 10 users get a forced reinstall every year anyway if they don't disable upgrades.
|
|
#
?
Feb 26, 2017 23:45
|
|
|
bobfather posted:I'm the IT guy from earlier in this thread who would ask for you to be terminated on the spot for doing this. haha ok, I downloaded AHK from a company approved list of software. My manager installed AHK on the other computers in our secure lab after seeing all the scripts I use, so I think I'm safe.
|
|
#
?
Feb 27, 2017 00:17
|
|
|
Goober Peas posted:So for a normal user, what is the average amount of time that passes between clean Windows installs? I average about once a year per PC. The desktop I use for my media editing has been progressively getting slower over the past couple of months - it's amazing how a clean install brings it back to normal. You shouldn't be doing this. You also probably aren't getting any sort of speedup in a workload like that, unless you've been accidentally yet consistently installing some program that's always running and always hogging a lot of RAM and CPU load no matter what else you're doing on the machine. Next time you think you have a slowdown, try and investigate what stuff you've installed and left running.
|
|
#
?
Feb 27, 2017 01:16
|
|
|
Yeah, I literally only did a semi-clean reinstall after my laptop kept hanging up on boot after installing the Anniversary Update, and even that was mostly an excuse to get rid of the cruft left over from the 7 >10 upgrade. Any other time I've had to reinstall Windows on my personal machines was as part of replacing a dying hard drive.
|
|
#
?
Feb 27, 2017 02:00
|
|
|
Double Punctuation posted:Looks like wcifs is the filesystem driver for Hyper-V, if that helps. That would make sense, since recent windows 10 updates have included hyper-v on systems that have no business using hyper-v...
|
|
#
?
Feb 27, 2017 05:28
|
|
|
If you're still reinstalling windows in 2017 it's acting as no more than a glorified defrag. Buy an SSD instead.
|
|
#
?
Feb 28, 2017 18:12
|
|
|
Sorry if this isn't the right thread. Point me the right way if this ain't the thread. So, I've finally decided to get a password manager. I have way too many for lots of sites and I'm starting to reuse password. What's the best one to get? I want one for my iPhone, Macbook and Computer. Not too expensive but I don't mind paying.
|
|
#
?
Feb 28, 2017 22:49
|
|
|
LastPass is the best password manager. Clients for everything you mentioned. Highly recommend!
|
|
#
?
Feb 28, 2017 23:04
|
|
|
Keepass is better because you aren't paying to keep your passwords on a high value target.
|
|
#
?
Feb 28, 2017 23:20
|
|
|
Ghostlight posted:Keepass is better because you aren't paying to keep your passwords on a high value target. Is LastPass under attack or what do you mean?
|
|
#
?
Mar 1, 2017 00:25
|
|
|
Simple Simon posted:Is LastPass under attack or what do you mean? I assume he means that every hacker in the world dreams of compromising LastPass, and LastPass has lots of potential points of failure without any real way to audit their security.
|
|
#
?
Mar 1, 2017 00:33
|
|
|
Ghostlight posted:Keepass is better because you aren't paying to keep your passwords on a high value target. You don't pay Lastpass to keep anything. They used to charge for use of the mobile clients but they made that free a while back.
|
|
#
?
Mar 1, 2017 00:43
|
|
|
Thermopyle posted:I assume he means that every hacker in the world dreams of compromising LastPass, and LastPass has lots of potential points of failure without any real way to audit their security.
|
|
#
?
Mar 1, 2017 01:19
|
|
|
Wait, so I shouldn't get a password manager? Is it better to just get a pen and paper and just write it down?
|
|
#
?
Mar 1, 2017 07:47
|
|
|
Simple Simon posted:Wait, so I shouldn't get a password manager? Is it better to just get a pen and paper and just write it down? Absolutely everyone can use a password manager should use one, it's just not the end all be all of account security. For example, I use Keepass, so I accept I either have to: A) Keep the archive in the cloud and make sure each device I need to use passwords on has a copy of the key file and understand that cloud service may be susceptible to downtime for one reason or another, or B) Accept the additional responsibility to copy and update each copy of the archive file I keep on each device I wish to login from, as well as my designated backup sources. Additionally, I understand that the password manager programs themselves are far from infallible. Adding 2FA as well is the best most users can reasonably do, particularly something like Google Authenticator or Authy that eliminates SMS as a point of social engineering attacks.
|
|
#
?
Mar 1, 2017 08:20
|
|
|
Keepass is definitely more secure, but a lot less convenient Not to say lastpass isn't secure, it's what I use, as the convenience far far outweighs any downsides The android client is really really good, especially now it's free, and recent updates to the Chrome client make it really nice
|
|
#
?
Mar 1, 2017 09:26
|
|
|
I think lastpass is very insecure and the security problems far outweigh the the convenience. Talking as someone who has migrated from LastPass to KeePass, I have barely lost any convenience but definitely and measurably gained security.
|
|
#
?
Mar 1, 2017 09:53
|
|
|
Lastpass fucks up often enough (with new/updated passwords) that I don't feel comfortable recommending it to non-technical people, security issues aside. The convenience is great until you have to janitor it Keepass on Android means you have to trust some random third-party app, which doesn't feel secure at all. But a lot of security-conscious people seem ok with it 
|
|
#
?
Mar 1, 2017 09:57
|
|
|
baka kaba posted:Lastpass fucks up often enough (with new/updated passwords) that I don't feel comfortable recommending it to non-technical people, security issues aside. The convenience is great until you have to janitor it Better than a webapp that can man in the middle you at any moment.
|
|
#
?
Mar 1, 2017 10:10
|
|
|
Skarsnik posted:Keepass is definitely more secure, but a lot less convenient Please try to quantify this non sequitur. Then, Google "recovering from identity fraud" then weigh a couple of horror stories against the "inconvenience" of having to click a mouse 2 more times or something. It's also not any less convenient unless you're not taking any steps to make it easier (dropbox / other cloud sync). Both it and most cloud options are platform agnostic at this point. "But it works fine for me" isn't a valid argument for Lastpass. 2200 people would have said the same before The Titanic's gaping design flaws were revealed too.
|
|
#
?
Mar 1, 2017 12:03
|
|
|
By more convenient I mean not having to deal with moving and keeping an archive around and updated, and deal with a pretty janky app that doesn't do autofill very well (though that may have improved since i tried it a few years back) I'm also happy with the way lastpass dealt with the last security breach, and confident nothing of mine was actually compromised in any way If it wasn't as convenient, I'd probably slip into old and lazy habits again. So I've weighed it up, and stuck with lastpass
|
|
#
?
Mar 1, 2017 12:52
|
|
|
Another point in favor of LastPass: if you can't install Dropbox or whatever on every machine you use, it's hard to keep a local archive in sync with every other archive. You could argue that's even more secure (compartmentalization!). I'll admit I don't really understand why some people dislike LastPass because it's in the cloud, and then happily recommend storing a KeePass archive in Dropbox or Onedrive or iCloud or Boxi. If someone compromises those platforms and is after sensitive data, it's not a stretch to say they would look for KeePass archives. "But that archive is encrypted!" I hear you say. Well, so are LastPass', and they don't keep the private key. "So LastPass says..." I hear you say. Well, so say the developers of KeePass, too. Unless you're personally audited every bit of code used in something like this, you're trusting someone to not gently caress up your security. Saying, "I recommend KeePass over Lastpass because I trust that developer more," is fine, but saying its architecturally more secure just because you put it on ~other cloud service~ is not. Again, you could argue that, "I trust Dropbox not to expose my data more than I trust Lastpass to not expose my data,", but I really don't understand the "it's architecturally more secure" argument. Hopefully I didn't just make a straw man. In any case, I think it's difficult to argue that using a password manager is more secure for most people than using "AppleP13" as a password for everything.
|
|
#
?
Mar 1, 2017 14:10
|
|
|
Dashlane's been working well enough for me. Similar to Lastpass, but I liked its functionality better. With that in mind, I still have 2FA on my gmail accounts, which are what everything is tied to. So even if someone does compromise my Dashlane account, they will have another really tough time getting into my Gmail accounts, which are what would screw me. I'm 100% more confident that my online accounts are more secure now that everything has a unique password, rather than my old system where one compromise would have hosed me. So I'd say using anything still beats nothing, and just be aware/use 2FA when available, and 100% protect your most important accounts (aka your main gmail account, or whatever you use for most sites to signup)
|
|
#
?
Mar 1, 2017 14:29
|
|
|
I feel like the same people who dump on lastpass because of the whole "store your passwords in their ~cloud~" thing then go on to talk about setting up keepass to sync with their dropbox or google drive and it's just like uhhhhhhh I do get the idea of liking keepass better because it's open source though.
|
|
#
?
Mar 1, 2017 14:50
|
|
|
chocolateTHUNDER posted:I feel like the same people who dump on lastpass because of the whole "store your passwords in their ~cloud~" thing then go on to talk about setting up keepass to sync with their dropbox or google drive and it's just like uhhhhhhh I agree the open source nature of KeePass is a huge plus. What is the Goon recommended 2FA app? Does Microsoft's work on everything?
|
|
#
?
Mar 1, 2017 15:44
|
|
|
I use Authy for my 2FA needs. It's installed on my phone as well as in a chrome extension or plugin or whatever they are called these days. It also does easy backup and restores which is nice. I think winauth may be an alternative if you just need to do 2FA from Windows though.
|
|
#
?
Mar 1, 2017 16:42
|
|
|
I use Google Authenticator for almost everything these days.
|
|
#
?
Mar 1, 2017 17:03
|
|
|
Am I the only person that switched from LastPass to 1Password and think it's far superior?
|
|
#
?
Mar 1, 2017 18:15
|
|
|
Ynglaur posted:I agree the open source nature of KeePass is a huge plus. Lastpass has a 2FA app that I use that's pretty nice. Wish it backed up codes like Authy, but I'm sure they'll add that eventually.
|
|
#
?
Mar 1, 2017 18:43
|
|
|
I'm holding out for proper iOS support of yubikeys, which should be pretty great if it ever happens.
|
|
#
?
Mar 1, 2017 18:49
|
|
|
chocolateTHUNDER posted:I feel like the same people who dump on lastpass because of the whole "store your passwords in their ~cloud~" thing then go on to talk about setting up keepass to sync with their dropbox or google drive and it's just like uhhhhhhh Theoretically, you could give your keepass file to SuperHacker and you're fine. So, it doesn't matter what Dropbox does with it. We don't actually know what LastPass does with your data, particularly because it would be trivial for LastPass or someone with access to their network to obtain your password. (Note that while there are complex and subtle arguments for KeePass over LastPass, I'm not making those here, I'm just addressing the argument that KeePass+Dropbox is equivalent to Lastpass because they're both ~cloud~.)
|
|
#
?
Mar 1, 2017 19:36
|
|
|
Interesting article on El Reg today, which highlights certain vulnerabilities of popular password managers. An independent firm went through a bunch of them and found vulns. Supposedly all of the vulnerabilities they found have been fixed for each application tested. Although hardcoding the master key for your entire vault seems hardly a small mishap by LastPass..
|
|
#
?
Mar 1, 2017 20:07
|
|
|
Ynglaur posted:I'll admit I don't really understand why some people dislike LastPass because it's in the cloud, and then happily recommend storing a KeePass archive in Dropbox or Onedrive or iCloud or Boxi. If someone compromises those platforms and is after sensitive data, it's not a stretch to say they would look for KeePass archives. "But that archive is encrypted!" I hear you say. Well, so are LastPass', and they don't keep the private key. "So LastPass says..." I hear you say. Well, so say the developers of KeePass, too. Unless you're personally audited every bit of code used in something like this, you're trusting someone to not gently caress up your security. LastPass archives may be encrypted, but thieves don't have to compromise the archive. They only need to compromise the service - such as last year when a guy figured out how any website could fish for plaintext copies of any password in your vault. Keepass is at least open source so if you wanted to you could personally audit the code, and the fragmentation of how it is implemented by users makes any breach much smaller in scope.
|
|
#
?
Mar 1, 2017 21:42
|
|
|
Ghostlight posted:The difference is that someone trying to compromise generic cloud services is doing so to steal celebrity photos or poo poo like that and may not even know what to do with Keepass archives - if any - that they obtain as part of the compromise. Someone trying to compromise a cloud service that does nothing but store passwords is trying to steal your passwords. This makes sense. Personally, Lastpass offers the right amount of protection and convenience for me so it's a risk I'm willing to take.
|
|
#
?
Mar 1, 2017 21:48
|
|
|
baka kaba posted:Keepass on Android means you have to trust some random third-party app, which doesn't feel secure at all. But a lot of security-conscious people seem ok with it Three of the four Android apps are open source, so they're about as trustworthy as KeePass itself.
|
|
#
?
Mar 1, 2017 22:28
|
|
|
Yeah but it's another completely separate point of trust in the chain, that most people will have updating automatically. It just makes me think of browser extensions where people go hey what's with all this malware, oh no the author sold the extension to nefarious types! I mean it's probably fine but people seem reaaaal casual about it considering
|
|
#
?
Mar 2, 2017 01:12
|
|
|
Ynglaur posted:Another point in favor of LastPass: if you can't install Dropbox or whatever on every machine you use, it's hard to keep a local archive in sync with every other archive. You could argue that's even more secure (compartmentalization!). You absolutely do not understand the problem. Neither a LP or KP data blob can be decrypted. It's just not possible given our understanding of encryption. However, when you decrypt a KP archive you are doing so locally, and you can verify the program doing it is genuine. Keepass has also been extensively audited already and is opensource so anyone can do the same. With lastpass, you are not decrypting a local file but asking LP's servers (via it's poorly designed plugin) to serve the plugin data, and then entering your master password into this. The fundamental problems are: - you cannot verify you are speaking to LPs servers - you cannot verify LPs servers are not compromised - you cannot easily verify your browser is showing you something that is not LPs app - you cannot easily verify (or won't as a matter of course) that the plugin has not been swapped out Keepass has a minute attack surface on a personal level and almost none on an infrastructure one. Lastpass has a giant attack surface (closed source plugin talking to a server inscrutably by the user) and one of the largest bulls-eyes on it's back possible. Lastpass have also suffered multiple breaches barely above the level of 'bored script kiddie' and if anyone competent had have tried do to similar they would have had horror-show levels of access. Any and all 'protections' lastpass claim are security theatre because if someone owns their server and starts MITM-ing users, they would just loving end-run around it. Someone can hack dropbox and dump every keepass database onto the web somewhere and you as the end user should not be affected. Someone gaining access to LPs servers (again) could be catastrophic. Imagining lastpass being breached again should not seem far fetched when you consider the sheer number and complexity of breaches in previous years. Many of those companies were doing a lot better of a job than lastpass have been. Skarsnik posted:By more convenient I mean not having to deal with moving and keeping an archive around and updated, and deal with a pretty janky app that doesn't do autofill very well (though that may have improved since i tried it a few years back) If that's still impossible use the mobile app and write the password in manually. If that's still impossible use passphrases and refer to the app for prompts. If that's still aids to you, use 1password. There's not a usecase for "eh ... but I would need to click a link?? Best trust my entire identity to this service that has had multiple breaches I guess"
|
|
#
?
Mar 2, 2017 01:53
|
|
|
|
| # ? May 10, 2024 00:57 |
|
|
Not trying to play "source your quotes" , but do you mind pointing me to the breaches you mention?
|
|
#
?
Mar 2, 2017 02:54
|
|