|
If your passwords aren’t worth $3/mo, just use the same one everywhere
|
#
?
Sep 6, 2018 20:12
|
|
|
|
| # ? May 25, 2024 10:38 |
|
|
Subjunctive posted:If your passwords aren’t worth $3/mo, just use the same one everywhere Which is what i do (and have them all set to 1234. nobody would guess that). For those passwords that are worth $3/month I use keepass (1,2,X, whatever) which incidentally asks me for 0$/month. Win/win if you ask me. Now, if you come and ask: "but how do you ... " with keepass, the answer is "you don't". That is what is not worth 3$/month.
|
|
#
?
Sep 6, 2018 20:48
|
|
|
Subjunctive posted:If your passwords aren’t worth $3/mo, just use the same one everywhere What the hell is this logic? You pay more = better than? poo poo guys, better wrap up all your distros and switch to Windows and Macs.
|
|
#
?
Sep 6, 2018 20:55
|
|
|
EVIL Gibson posted:What the hell is this logic? You pay more = better than? It is a known fallacy which is being taken advantage by corporations. The name is appeal to wealth or argumentum ad crumenam: https://rationalwiki.org/wiki/Appeal_to_money
|
|
#
?
Sep 6, 2018 21:00
|
|
|
EVIL Gibson posted:What the hell is this logic? You pay more = better than?
|
|
#
?
Sep 6, 2018 21:00
|
|
|
Volguus posted:It is a known fallacy which is being taken advantage by corporations. The name is appeal to wealth or argumentum ad crumenam: https://rationalwiki.org/wiki/Appeal_to_money Yup. That is def it. Thanks.
|
|
#
?
Sep 6, 2018 21:10
|
|
|
Thanks Ants posted:The Tweet has gone 
anthonypants fucked around with this message at 22:17 on Sep 6, 2018 |
|
#
?
Sep 6, 2018 22:00
|
|
|
The Tweet has gone
|
|
#
?
Sep 6, 2018 22:06
|
|
|
Horse Clocks posted:What’s the Linux client for 1password like? It's pretty good I think. It's not really an app like macOS/Windows but a plugin for Chrome and Firefox. It autoupdates versions just fine and the hotkey is a bit different (can't set win+\ or alt+\ for some reason) but it's not an issue. I never use the actual app on my MBP anyway so I don't know if I'm missing anything without the native app. I just do all my password janitoring on the 1password.com website. But 1Password on Linux works as expected. Multi page logins like Google works. Hitting the hotkey on 2FA forms pastes the 6 digit code. They've also got a CLI version if you're into that.
|
|
#
?
Sep 7, 2018 10:07
|
|
|
anthonypants posted:If Linux support is a big concern, I'd just stick with KeepAss. Plus, that way you don't have to pay for a 1Password.com subscription. It’s important, but more important is getting my wife to take infosec a bit more serious. And sharing account details for poo poo like utilities would be nice.
|
|
#
?
Sep 7, 2018 10:24
|
|
|
EVIL Gibson posted:What the hell is this logic? You pay more = better than No, my joking point is that when it comes to your password manager “save $3/mo” should basically not matter in your decision making calculus unless you are in pretty dire straits. It is neither good nor bad that it costs that much.
|
|
#
?
Sep 7, 2018 15:38
|
|
|
Subjunctive posted:No, my joking point is that when it comes to your password manager “save $3/mo” should basically not matter in your decision making calculus unless you are in pretty dire straits. It is neither good nor bad that it costs that much. Okay. It just seemed you were using the "No True Scotsman" fallcy to prove a point.
|
|
#
?
Sep 7, 2018 15:58
|
|
|
EVIL Gibson posted:Okay. It just seemed you were using the "No True Scotsman" fallcy to prove a point. No real SA poster would ever do that.
|
|
#
?
Sep 7, 2018 16:02
|
|
|
Boris Galerkin posted:It's pretty good I think. It's not really an app like macOS/Windows but a plugin for Chrome and Firefox. It autoupdates versions just fine and the hotkey is a bit different (can't set win+\ or alt+\ for some reason) but it's not an issue. I never use the actual app on my MBP anyway so I don't know if I'm missing anything without the native app. I just do all my password janitoring on the 1password.com website. Will also add that the 1pass client for linux only exists if you're using the loving 1passX poo poo with a 1pass sub. This may have been mentioned already but I am Quite Upset about it  ((. If you have a self hosted vault through whatever, dropbox, you can't open it on linux.
|
|
#
?
Sep 7, 2018 16:06
|
|
|
I love Keepass but sometimes it can just be such a pain when integrating it with syncing. With one configuration, Google Drive sometimes keeps the database file locked, so you cannot save it anymore without restarting Drive. With other settings, I get conflicts in Google Drive because it can't understand that Keepass is just replacing the file with a newer version. With yet other settings, Drive just loving deletes the database file when there is a full moon. I have even given up trying to do any sort of database writes on my Android phone, using them in read only mode. This cloud service approach is really starting to sound like a positive alternative if it can get rid of this annoyance and uncertainty when saving my database.
|
|
#
?
Sep 7, 2018 16:07
|
|
|
Subjunctive posted:No real SA poster would ever do that. 
|
|
#
?
Sep 7, 2018 17:00
|
|
|
Why is LastPass worse than sticky notes but 1pass is ok?
|
|
#
?
Sep 7, 2018 20:16
|
|
|
Horrible track record.
|
|
#
?
Sep 7, 2018 20:25
|
|
|
so sticky notes is perhaps not a great idea, but keeping your passwords written down physically in a secure journal and stored nowhere else is probably one of the best things you can do for your password security. Ain't no remote code execution exploits available there.
|
|
#
?
Sep 7, 2018 20:27
|
|
Cat Army 
|
skooma512 posted:Why is LastPass worse than sticky notes but 1pass is ok?
|
|
#
?
Sep 7, 2018 20:27
|
|
|
it isn't over a single vulnerability. they've had issues spanning years with no visible sign of improvement other than patching around the issue when someone calls it out. there's been multiple breaches on their side where they downplay the issue and claim access to passwords wasn't possible when it was if you just look at the flawed security architecture they were pushing at the time (and researchers had explained in the same timeline as the breaches were happening...) basically they've not shown any sign of giving a poo poo, and will actively downplay and mislead you into sticking with them despite all the fires nearby
|
|
#
?
Sep 7, 2018 20:37
|
|
|
We aren't far off with the web Bluetooth API
|
|
#
?
Sep 7, 2018 20:37
|
|
|
anthonypants posted:Because LastPass has been designed such that a user with the LastPass browser extension can visit a hostile website and upload all of their passwords without user intervention. 1Password has not been shown to contain this vulnerability, and JavaScript does not yet have a framework which allows you to enumerate the contents of notes stuck to your monitor, though I'm sure they're working very hard at it. Gotcha. I'll look at migrating. Been meaning to look at Keepass but  . I'd probably have already done it if I didn't need to have it on multiple computers.
|
|
#
?
Sep 7, 2018 20:47
|
|
|
I just keep all my poo poo in Keychain. hosed if I ever use anything but a Mac, I guess.
|
|
#
?
Sep 7, 2018 21:05
|
|
|
anthonypants posted:JavaScript does not yet have a framework which allows you to enumerate the contents of notes stuck to your monitor, though I'm sure they're working very hard at it. 
|
|
#
?
Sep 7, 2018 21:23
|
|
|
Subjunctive posted:No real SA poster would ever do that.  Thanks Ants posted:We aren't far off with the web Bluetooth API Wait until 2fa goes WebUSB. 
EVIL Gibson fucked around with this message at 22:25 on Sep 7, 2018 |
|
#
?
Sep 7, 2018 22:22
|
|
|
EssOEss posted:I love Keepass but sometimes it can just be such a pain when integrating it with syncing. With one configuration, Google Drive sometimes keeps the database file locked, so you cannot save it anymore without restarting Drive. With other settings, I get conflicts in Google Drive because it can't understand that Keepass is just replacing the file with a newer version. With yet other settings, Drive just loving deletes the database file when there is a full moon. I have even given up trying to do any sort of database writes on my Android phone, using them in read only mode. I've sorta got around this problem by using Syncthing, which is cross platform so it suits my needs. The worst thing that happens between my various Linux and Windows machines is that if I get a clash of files I get an extra copy saved with a timestamp appended to it. So I can then make an educated guess as to which keepass database is the newest, or even open it up and check manually. It's not ideal, but it doesn't happen too often and at least I never lose a file: just gain a collision file every now and then. It helps if one of your clients is on 24/7, which acts as a central hub. I've got two that are pretty much on all the time, so when extra devices are joining and leaving my little syncthing group they've always got a solid reference as to which files are most up-to-date. I don't run Syncthing on my Android phone, although there is a client. I just manually copy the keepass file over a samba share once a week or whatever while I'm at home. My phone is more of an entertainment device than something I depend on for banking etc. so I don't need it to be constantly up to sync.
|
|
#
?
Sep 7, 2018 22:44
|
|
|
apropos man posted:I don't run Syncthing on my Android phone, although there is a client. I just manually copy the keepass file over a samba share once a week or whatever while I'm at home. My phone is more of an entertainment device than something I depend on for banking etc. so I don't need it to be constantly up to sync. As a heavy Syncthing user who likes everything else about it, the Android app is barely functional. Admittedly, most of it is recent Android basically being designed to want all background activity to go through Google Cloud stuff, which isn't open and I don't think it's compatible with Syncthing's license, but you end up with a permanent notification it's on unless you mute it, among other things.
|
|
#
?
Sep 7, 2018 22:47
|
|
|
Yeah. I tried the client and the permanent notification really got on my nerves. I thought about just force-disabling the notification in the apps menu and then thought: "do I really need my phone constantly syncing and sipping battery? NO". That's when I decided to do it manually on phone. Syncthing is really good between Windows and Linux boxes though. Two of my Linux boxes are headless (the two that are on 24/7), I have two Windows 10 laptops, a Windows 10 desktop, a Linux laptop and a Linux VM running inside one of the Windows 10 laptops. The whole lot are part of the same Syncthing cluster.
|
|
#
?
Sep 7, 2018 22:55
|
|
|
apropos man posted:Yeah. I tried the client and the permanent notification really got on my nerves. I thought about just force-disabling the notification in the apps menu and then thought: "do I really need my phone constantly syncing and sipping battery? NO". That's when I decided to do it manually on phone. It's honestly pretty decent on battery, it's just well... boy does Android make things hard on straight open-source developers at times. Syncthing's currently replacing a Dropbox as a collaboration hub between eleven different devices (mine and a _bunch_ of other people) and it genuinely impressed me with the fact that it's working across a bunch of people's different terrible home routers pretty reliably. Explaining initial setup's a PITA, though.
|
|
#
?
Sep 7, 2018 23:31
|
|
|
Drop. Box. The (an) answer to your KeePass sync woes. Several people have been in the thread with Google Drive related issues.
|
|
#
?
Sep 8, 2018 03:21
|
|
|
Tapedump posted:Drop.
|
|
#
?
Sep 8, 2018 03:53
|
|
|
Tapedump posted:Drop. I've always used Google drive for Keepass and never had an issue.
|
|
#
?
Sep 8, 2018 05:34
|
|
|
Harik posted:As long as you're not using modern OsX or linux, since neither are supported as of november. Oh, lord, I had no idea that change was coming. Good point, and thank you for making me aware.
|
|
#
?
Sep 8, 2018 05:40
|
|
|
CLAM DOWN posted:I've always used Google drive for Keepass and never had an issue. Do you ever have the database open on 2 machines at once? I think that may be one cause of the problem. For example if I have the database open on my laptop and desktop and edit it on the desktop, the file on the laptop doesn't get updated since it's open. Then later I modify the database from the laptop and save, leading to 2 different versions of the database with different contents. I dealt with it by just not leaving keypass running unless I'm getting a password out. I never leave it unlocked, so I have to enter the password either way.
|
|
#
?
Sep 8, 2018 05:55
|
|
|
pairofdimes posted:Do you ever have the database open on 2 machines at once? I think that may be one cause of the problem. For example if I have the database open on my laptop and desktop and edit it on the desktop, the file on the laptop doesn't get updated since it's open. Then later I modify the database from the laptop and save, leading to 2 different versions of the database with different contents. I dealt with it by just not leaving keypass running unless I'm getting a password out. I never leave it unlocked, so I have to enter the password either way. I usually have it open on my desktop all the time, then open it only when needed on my phone for read only. Interesting, I'll have to test.
|
|
#
?
Sep 8, 2018 06:06
|
|
|
I used local files that synced with another file in Google Drive. That sorted out my issues.
|
|
#
?
Sep 8, 2018 09:08
|
|
|
It sounds like Google Drive isn't syncing changed files immediately. Normally, if you save the database on the desktop, it should update the database file on the laptop. Then, when you save it on the laptop, it would recognize that the database file was altered and it would ask you to overwrite or synchronize your changes. However, if Google Drive isn't updating the file on the laptop immediately, you would get into a situation where you have conflicting changes. Dropbox seems to update immediately so I never have this problem. To resolve this, you could try using a plugin that lets you load the database directly from Google Drive. The cloud provider plugin would have KeePass directly sync with the cloud provider instead of relying on the Google Drive desktop app. Try one of these: https://sourceforge.net/projects/kp-googlesync/ https://github.com/Kyrodan/KeeAnywhere
|
|
#
?
Sep 8, 2018 09:27
|
|
|
Tapedump posted:Oh, lord, I had no idea that change was coming. Good point, and thank you for making me aware. It's trivial to bypass (LD_PRELOAD overload stat(2) to report the "correct" filesystem type) on both, because what they really want is xattr support which of course APFS supports but Dropbox rejects. Same with nearly every filesystem in linux aside from encrypted overlays, and anyone stupid enough to point dropbox at the DECRYPTED overlay instead of the ENCRYPTED backing is too stupid to exist. You can imagine my disappointment reading the dropbox forum thread from all the people who work with PII on encrypted folders and just hand the plaintext version to a random company. Scuttlebutt is they're a dead company walking and this is just management shakeups and the new people being seen to "do something" as they go down. They had a 5-year low this week so yeah, not doing great.
|
|
#
?
Sep 8, 2018 14:24
|
|
|
|
| # ? May 25, 2024 10:38 |
|
|
Harik posted:It's trivial to bypass (LD_PRELOAD overload stat(2) to report the "correct" filesystem type) on both, because what they really want is xattr support which of course APFS supports but Dropbox rejects. Same with nearly every filesystem in linux aside from encrypted overlays, and anyone stupid enough to point dropbox at the DECRYPTED overlay instead of the ENCRYPTED backing is too stupid to exist. You can imagine my disappointment reading the dropbox forum thread from all the people who work with PII on encrypted folders and just hand the plaintext version to a random company.
|
|
#
?
Sep 8, 2018 16:58
|
|