|
That seems like it would be really difficult to code around. I'm talking about the pages that pop up if you use an adblocker -- turn your blocker off to proceed, we can't run the site without ads, blah blah. If YouTube can't load a video ad, for instance, it just won't run it, no? I doubt any programmer would design it to do anything else. Whereas it seems to be fairly easy to detect if you have an adblocker and serve you alternate content if that's the case.
|
#
?
Mar 6, 2019 21:21
|
|
|
|
| # ? May 17, 2024 02:43 |
|
|
There are definitely anti-adblocker systems that will pop alternate content for pihole/hosts-file style network-level blocking. Curse (owned by Twitch) was testing one for a while as long as 18 months ago. I don’t know which part of “did too few of my ad scripts/images load? show alternate content” you are thinking is hard to do, though, so maybe there’s a particular component that’s non-trivial.
|
|
#
?
Mar 6, 2019 21:26
|
|
|
So... blackhole the alternate content too, then? What I'm saying is that you cannot create a website that doesn't work properly if its ads don't load and not adversely affect random users who have nothing to do with the demographic you're trying to target. You can absolutely do that with adblockers because you can positively identify them as having one. You can only negatively identify a user as having loaded your ads.
|
|
#
?
Mar 6, 2019 21:49
|
|
|
Cup Runneth Over posted:So... blackhole the alternate content too, then? What I'm saying is that you cannot create a website that doesn't work properly if its ads don't load and not adversely affect random users who have nothing to do with the demographic you're trying to target. You can absolutely do that with adblockers because you can positively identify them as having one. You can only negatively identify a user as having loaded your ads. Identifying the alternate content...now that’s a challenging problem, since it can be just a big article-obscuring div and text, or served from the same server as the primary content (which is the usual case, because it’s just part of the site infrastructure). You might have noticed in your analysis that this is indeed how most of the adblocker interventions are structured already. The point of detecting an ad blocker is that you don’t want people reading your content without seeing the ads. Whether that’s intentional or due to some very specific and weird network failure, the effect on the business is the same. If a very unusual network failure is keeping just ad content from loading, consistently across page loads, you can live without that one-in-a-million reader until they get to a better network. It’s fine to affect random users, as long it’s not many of them, and you are talking about a pretty bizarre case indeed.
|
|
#
?
Mar 6, 2019 22:45
|
|
|
I think that that degree of dedication to serving ads is pretty rare. After all, a normal adblocker will completely nix ads from YouTube and Google does nothing to try and punish you for it, let alone most web admins out there aside from newspapers. Twitch is pretty aggressive with them, but I think most sites, even large ones with the technical know-how to implement such a fallback, would rather avoid inconveniencing legitimate users than lash out at people circumventing their ads.
|
|
#
?
Mar 7, 2019 00:30
|
|
|
OSU_Matthew posted:The point isn’t to hide from state level actors but just a reasonable modicum of blocking trackers, especially ones that associate and log activity correlated with your usual IP addresses. Yes you still need to configure your browser to block third party cookies and trackers and install unlock origin and everything, and DNS over HTTPS is also a great thing, but we’re not Jamal Khashoggi trying to hide from our government dismembering us , just trying to block some overabundant third party tracking and tunnel traffic over public WiFi to avoid the shitshow of people being easily able to sniff out what’s going over the wire (including credentials and unencrypted http://winhelp2002.mvps.org/hosts.htm I had something to contribute, but it took me a bit to remember where it was and dig it up. I looks to be ... basically every ad provider on the internet, circa feb 2019 in an 'ignore it' hosts file. Bing, google, adsense, everything. Possibly useful to include in home configurations?
|
|
#
?
Mar 8, 2019 03:48
|
|
|
What's the most affordable wireless camera for home security that isn't likely to be compromised by some hardcoded backdoor and have its contents accessed/be added to a DDoS botnet?
|
|
#
?
Mar 10, 2019 21:15
|
|
|
Nettle Soup posted:It's a sketchy image-host. Somebody in the funny pictures thread or somewhere was using it a while back and got mocked for it. Ok...the warning made me paranoid as hell lol B-Nasty posted:Lol. Lain Iwakura posted:Uninstall it and use what Windows 10 gave you. Don't waste your time with other AV solutions. Ok, I'll get rid of malwarebytes. Is it doing nothing that windows defender doesn't do, or making things worse even? And am i crazy, or was it considered an ok program in the past? I could have sworn i saw it recommended here on SA too, though this would have been 5+ years ago. And i just continued using it along with windows security without thinking about it (the free version, at least i wasn't paying lol).
|
|
#
?
Mar 11, 2019 00:33
|
|
|
Rah! posted:Ok, I'll get rid of malwarebytes. Is it doing nothing that windows defender doesn't do, or making things worse even? And am i crazy, or was it considered an ok program in the past? I could have sworn i saw it recommended here on SA too, though this would have been 5+ years ago. And i just continued using it along with windows security without thinking about it (the free version, at least i wasn't paying lol). The people who wrote and maintained these threads in the past didn't fully understand their approach to endpoint security and thus used AV as a panacea to all of the woes presented. It's just duplicating efforts and you're not getting any better or worse malware protection for the cost of just using your own operating system. It helps that endpoint security is cooked into Windows 10 which did change things quite a bit. Lain Iwakura fucked around with this message at 14:48 on Mar 11, 2019 |
|
#
?
Mar 11, 2019 14:43
|
|
|
Lain Iwakura posted:The people who wrote and maintained these threads in the past didn't fully understand their approach to endpoint security and thus used AV as a panacea to all of the woes presented. It's just duplicating efforts and you're not getting any better or worse malware protection for the cost of just using your own operating system. It helps that endpoint security is cooked into Windows 10 which did change things quite a bit. This, windows defender is adequate endpoint protection. Rather than OS level malware, threat actors are increasingly turning to other activities like fishing and scams, and malware like cryptocurrency mining. Honestly, best things you can do from my perspective: 1. Patch your poo poo — eternal blue (Wannacry) ransomware was so devastating internationally because institutions didn’t update their servers with a months old patch from Microsoft. Would’ve been much worse if someone didn’t find and disable the C2 server so quickly into the outbreak 2. Use a password manager with unique randomized passwords for everything— all your poo poo is hacked and available online, check haveibeenpwned.com if you don’t believe me. 2.5 — use MFA (Multi-Factor Authentication) for everything! Say yes to getting a text with a code for logins, or even better, an Authenticator app 3. Don’t click on links in your email or texts — phishing is getting crazy sophisticated these days, Nigerian princes are dead 4. Pay attention to urls, especially the domain name, eg google.com instead of gooogle.com. Don’t click ads either, just don’t. Singles in your area do not want to mingle. 4. Encrypt your hard drive, especially if you have a laptop. Turn on bios password (efi firmware password on Mac) so it can’t be easily wiped or login bypassed if it’s stolen 5. Pi hole is easy and effective to set up, and using Quad-9 as your DNS can help protect you from malicious resolutions. I posted a few pages ago about this, and it was just brought up again. Not a panacea, but it helps 6. Don’t install random poo poo from stuff you don’t trust, and be careful what you agree to. This is less prevalent than it was ten years ago, but it’s still a thing 7. Update your network equipment, don’t use default credentials. Old routers have hardwired default credentials and half the world is using automated scripts to crawl the web for vulnerabilities, including your IP if your router’s firewall is open on certain ports or protocols (mmm UPnP). Also make sure your WiFi uses WPA-2 with a passcode over 8 characters, more the better. Hacking WiFi is fun and super duper easy to do. 8. Paid, well reviewed VPN services are imho worth it for stuff like being on public WiFi or untrusted networks. Anyone listening in over the wire will just see an encrypted pcap instead of plain text poo poo. More sites are using HTTP over TLS, so, it’s better than it used to be, but still an issue. Also everything from your IP address is logged, and you’re being tracked by scripts on the websites you visit, third party cookies, window size, single pixel watermarks, all sorts of fun creative ways really. VPN alone is not a panacea, which I assume was the concern a few pages back, but that brings us to: 9. Configure your browser for privacy. This is a new link, but pretty cool: https://nakedsecurity.sophos.com/2019/03/08/firefox-browser-picks-up-advertiser-dodging-tech-from-tor/ Disable third party cookies, that kind of stuff. The EFF has recommendations based on how far you want to go down the rabbit hole: https://www.eff.org/ 10. All of your information is already for sale, including your credit card, SSN, everything. You getting defrauded is honestly luck of the draw these days. One thing you can do is lock your credit from the three bureaus. 11. Don’t answer phone calls from numbers you don’t know or aren’t expecting. Talking over the phone is dead, phone numbers (and even email addresses) are easily spoofed with VoIP. I don’t know if people are using scripts to confirm personal numbers or what so sets of data are more valuable to resell to scammers, but it’s a problem . e: This turned out to be more than the top two or three I wanted to quickly mention, and is far from all encompassing, just a few things off the top of my head. But hopefully someone may find this useful. If something else easy and useful occurs to me I’ll post it up. Catatron Prime fucked around with this message at 08:01 on Mar 12, 2019 |
|
#
?
Mar 12, 2019 07:56
|
|
|
Cup Runneth Over posted:What's the most affordable wireless camera for home security that isn't likely to be compromised by some hardcoded backdoor and have its contents accessed/be added to a DDoS botnet? The answer is don’t put cameras over anything you don’t want being seen by someone else. Realistically though, I like the NVR systems from Lorex (Flir owned). That requires hosting your own poo poo and having some technical knowledge/gumption to run PoE (which is far superior to wireless because you still need a wire for power, and PoE provides all that with a simple single low voltage Ethernet cable you can drop anywhere). Also most WiFi cameras are 2.4Ghz (802.11g) which is overcrowded and performs like crap. 802.11AC or bust  People probably have better recommendations or know more about this than I do, but I actually really like the amazon cameras if you’re looking for a one and done easy wireless camera. They work well and the storage is free for a week if you have prime. E: if you host your own networked video recorder, it can be accessed anywhere for free by setting up your own VPN. This is a bit advanced though. Catatron Prime fucked around with this message at 08:12 on Mar 12, 2019 |
|
#
?
Mar 12, 2019 08:10
|
|
|
OSU_Matthew posted:This, windows defender is adequate endpoint protection. Rather than OS level malware, threat actors are increasingly turning to other activities like fishing and scams, and malware like cryptocurrency mining. A Good Post.
|
|
#
?
Mar 12, 2019 08:11
|
|
|
OSU_Matthew posted:5. Pi hole is easy and effective to set up, and using Quad-9 as your DNS can help protect you from malicious resolutions. I posted a few pages ago about this, and it was just brought up again. Not a panacea, but it helps Quad-9 had issues with geolocation for services like Office 365, not sure if they've since rectified them.
|
|
#
?
Mar 13, 2019 09:00
|
|
|
quote:Say yes to getting a text with a code for logins SMS-based 2FA is better than no 2FA, but people should be aware it's not really any extra security at all if the attacker has an ounce of motivation. The only thing that keeps your phone number secure is a front-line service rep at your telco; "SIM swapping" (where an attacker bribes/tricks/asks his CSR friend into reassigning your number to his own SIM card) is a simple and common attack. basically don't use SMS 2FA on your paypal and be cautious of sites that don't provide token-based 2FA if your account is valuable on it.
|
|
#
?
Mar 13, 2019 18:00
|
|
|
fisting by many posted:SMS-based 2FA is better than no 2FA, but people should be aware it's not really any extra security at all if the attacker has an ounce of motivation. The only thing that keeps your phone number secure is a front-line service rep at your telco; "SIM swapping" (where an attacker bribes/tricks/asks his CSR friend into reassigning your number to his own SIM card) is a simple and common attack. Yes, ideally a better form of MFA is using Authenticator apps or tokens (as previously stated). However, if SMS based MFA is the only option available, you should absolutely sign up for it. Sim swapping is not a common attack vector at this point in time, and even if you were concerned about it, there’s basically nothing you can do to prevent it. You can (and should) add a PIN to your account if your carrier supports it, but otherwise the expectation isn’t that your phone number will arbitrarily be reassigned without a very specific, very motivated attacker. For the average user, whether they are the victim of fraud is still very much luck of the draw. There are millions of compromised accounts out there and whether yours gets plucked at random is basically a crapshoot. To use the example of paypal, I suspect the majority of accounts do not currently have MFA enabled, which is why I highly encourage everyone to use it everywhere they can, regardless of whether the only option is SMS or not. For most of your casual compromised account or credential fraud, SMS MFA is still very effective against your run of the mill leaked credential dump account hijacking. Catatron Prime fucked around with this message at 04:54 on Apr 7, 2019 |
|
#
?
Mar 19, 2019 09:46
|
|
|
https://old.reddit.com/r/buildapc/comments/b5ebgr/hackers_hijacked_asus_software_updates_to_install/ welp. Check your machines if you run anything ASUS!
|
|
#
?
Mar 26, 2019 01:03
|
|
|
fisting by many posted:token-based 2FA if your account is valuable on it. Adjacent question here, how should one manage recovery codes? I've got about 15 accounts recovery codes and the best solution I have found that's truely cross platform and offline is ultimately storing them as a simple text file on a usb flash drive (2 of them actually). I considered and tried veracrypt but it's inconvenient to update and not available for everything I use and kind of an arse to update and to be secure I'd have to have a password I could remember outside of my password manager. Same answer applies to an encrypted 7z archive. I'm considering an IronKey but that isn't cheap. I could also be overthinking it...?
|
|
#
?
Apr 6, 2019 17:00
|
|
|
Heners_UK posted:Adjacent question here, how should one manage recovery codes? I've got about 15 accounts recovery codes and the best solution I have found that's truely cross platform and offline is ultimately storing them as a simple text file on a usb flash drive (2 of them actually). Store them on paper and put them somewhere safe. You can also store them on a USB drive and do the same.
|
|
#
?
Apr 6, 2019 17:28
|
|
|
Lain Iwakura posted:Store them on paper and put them somewhere safe. You can also store them on a USB drive and do the same. I think physical security is as good as it's going to get short of an IronKey, at least as far as my knowledge goes. WRT paper, I'm avoiding due to needing to update or cycle these from time to time. I also considered a couple of yubikeys but there's not enough driverless support yet. I'd like that to be different but until it is... Edit: should have mentioned, it's not just MFA recovery keys. I've got my GPG Private Key and similar on there. Rooted Vegetable fucked around with this message at 21:23 on Apr 6, 2019 |
|
#
?
Apr 6, 2019 21:17
|
|
|
Heners_UK posted:I think physical security is as good as it's going to get short of an IronKey, at least as far as my knowledge goes. WRT paper, I'm avoiding due to needing to update or cycle these from time to time. Is it hard to print new ones and replace the piece of paper in the safe?
|
|
#
?
Apr 7, 2019 02:13
|
|
|
Cup Runneth Over posted:What's the most affordable wireless camera for home security that isn't likely to be compromised by some hardcoded backdoor and have its contents accessed/be added to a DDoS botnet? I'm also interested in this. Any suggestions?
|
|
#
?
Apr 7, 2019 02:34
|
|
|
Subjunctive posted:Is it hard to print new ones and replace the piece of paper in the safe? Each service has a different process to get new recovery codes. I think I cycled some of them about 3 years ago, and then it was such an arse I vowed to just hang on to the text file this time. We're I to need to do recovery, copy & pasting is going to be easier and less mistake prone. Keep in mind that when I cycle them I have to trust the computer I'm using is trustworthy, and if I wished, I could use an airgappped machine to read them... But even then I'm still trusting the machine I use to recover the account isn't compromised. Edit: anyone got any safe recommendations? Assume it has to go in an Ikea malm dresser drawer with other things. Rooted Vegetable fucked around with this message at 03:34 on Apr 7, 2019 |
|
#
?
Apr 7, 2019 03:29
|
|
|
Cup Runneth Over posted:What's the most affordable wireless camera for home security that isn't likely to be compromised by some hardcoded backdoor and have its contents accessed/be added to a DDoS botnet? There’s a great speaker from Defcon that went over this, but basically every model of networked video camera from basically every vendor has laughable security flaws such as hard coded admin credentials that can be found through reverse engineering the firmware on public (or even poorly protected private) repositories. I would just assume no internet facing cameras are safe. Even the expensive enterprise grade equipment is vulnerable through some simple hacks. Imho, the best thing you can do is not put a camera anywhere that you don’t want being filmed by strangers, eg sensitive places inside the home. Second, there is really no such thing as a wireless camera. You still need power, and a low voltage PoE drop is far simpler to run than household mains, and there are no permits required (though plenum rated cables for in between walls is a good idea). Wireless cameras also consume stupid amounts of bandwidth, which is troublesome for most home routers, unless you’re running dedicated wireless access points and whatnot. PoE cameras are 100% the way to go in my opinion. Power and data over a cheap easy to run cat 5e (or 6) cable. As far as your actual question (camera privacy) is concerned... 1.) Purchase a decent NVR system. Several years ago I bought a 300$ Lorex NVR bundle from Flir, and it’s been awesome. It came with a complete NVR and 4 cameras, 2 of which are PTZ mini domes that are unobtrusive and easy to hide. I’m not current on what all is out there, but I would recommend checking Lorex out as a starting point in your search. 2.) Set up a dedicated VLAN for your NVR & cameras with no outbound internet connectivity. This isolates the cameras to a secure network segment that can be accessed through your local network, or remotely with the next step. 3.) Set up a home VPN to access your cameras when you’re not home. A properly set up VPN will allow you secure remote access to your home network, and you can configure it to be able to connect to the NVR with the cameras on it. This is probably way more technical diy than most people wish to do, but it’s my answer to securing my cheap cameras with known hard coded admin credentials, as well as being able to access them remotely. There are a number of guides available for setting up home VPNs and VLANs, but they will require a little bit of basic networking skills, and a dedicated home server and/or good network equipment. Unifi is worth looking into for affordable prosumer managed network equipment that would let you do everything fairly simply through a gui and online step by step guides. You could also just buy an amazon or nest camera system and you’d probably be fine too 
|
|
#
?
Apr 7, 2019 05:27
|
|
|
OSU_Matthew posted:You could also just buy an amazon or nest camera system and you’d probably be fine too I said I didn't want its contents accessed. That includes by the manufacturer! 
|
|
#
?
Apr 7, 2019 14:53
|
|
|
Cup Runneth Over posted:I said I didn't want its contents accessed. That includes by the manufacturer! Pretty much any camera will do that if you block it from the internet at your router. I got a Wyze cam for $20 (on sale, they're usually $25), used the Dafang hacks modified firmware on it to get it booting from a sd card and then blocked its IP from accessing the internet at my router. While the dafang hacks firmware isn't supposed to be phoning home, I don't trust it any more than the base firmware. However it does allow me to view the camera's stream with normal recording software. I use ispy64 or BlueIris to record the stream if there's movement or whatever. The worst part of it was formatting the sd card as a 512MB which seems to be all the camera can use to read firmware from and was kind of a pain in the rear end. You're not going to get any kind of alerts or cloud storage this way, but that's why most of these cameras get hacked. Allowing them to be accessed from the internet may be convenient but it's also putting them online. Managing your own recording is a much better idea and you can still access your stuff if you have some way to access your recording PC with a VPN or other secure login to it. There's other cheap IP cameras that would function the same way if they're blocked from internet access, you just need one that will use RTSP so you can view the stream on your network or one that's ONVIF compliant and uses standard IP camera stuff. They generally cost a little more if they have those because a lot of these companies with inexpensive cameras (like Wyze) want to sell you a camera that you can only access with their app through their cloud service and they hope you will pay for storage of your video.
|
|
#
?
Apr 7, 2019 22:07
|
|
|
Been reading back through the thread and in 2015-17ish, most were recommending moving from LastPass (which I'm using) to 1Password. However, since then, Bitwarden has emerged as a competitor. I'm growing a little tired with LP due to a sluggish Chrome UI and rising costs to a large organisation. However, although Bitwarden is getting good press and praise, I wanted to get some informed opinions from you all. EDIT: Trying it and from a usability perspective, I like it a lot. It was security audited and broadly passed with any issues corrected. No breaches yet but to be fair it's a newer product whereas LastPass has had more time for attacks. Cheaper too if you're paying (don't have to), $10/yr for Premium vs. $36 for LP. Also, there's a sort of half-premium Family Plan (main missing features is Yubikey support and some sanitation reports, but shared storage is included). I'm going to migrate. Rooted Vegetable fucked around with this message at 18:42 on Apr 9, 2019 |
|
#
?
Apr 8, 2019 17:59
|
|
|
Heners_UK posted:Been reading back through the thread and in 2015-17ish, most were recommending moving from LastPass (which I'm using) to 1Password. However, since then, Bitwarden has emerged as a competitor. I'm growing a little tired with LP due to a sluggish Chrome UI and rising costs to a large organisation. However, although Bitwarden is getting good press and praise, I wanted to get some informed opinions from you all. Thanks! This looks great, plus you can even host it on a docker container... nice!
|
|
#
?
Apr 10, 2019 09:50
|
|
|
Heners_UK posted:Been reading back through the thread and in 2015-17ish, most were recommending moving from LastPass (which I'm using) to 1Password. However, since then, Bitwarden has emerged as a competitor. I'm growing a little tired with LP due to a sluggish Chrome UI and rising costs to a large organisation. However, although Bitwarden is getting good press and praise, I wanted to get some informed opinions from you all. I'll give it a review in a little while. It looks like it follows a model that I have been toying with in my head so if it does then it is probably not bad overall. I've been seeing Dashlane push themselves on YouTube a lot too but they appear to have the same problem LastPass does. For the record, I am pretty much using Keychain exclusively except on my PC.
|
|
#
?
Apr 10, 2019 16:55
|
|
|
Lain Iwakura posted:I'll give it a review in a little while. It looks like it follows a model that I have been toying with in my head so if it does then it is probably not bad overall. Looking forward to it. Most conversation about Bitwarden I've seen is treating it as an open-source* self-hostable* darling, and given I was looking on Reddit, some vociferousness in defending their choices. Unless someone said there was a very good reason not to I'll probably move my other half over tonight and rest of the family over the coming weeks. * Not that there's anything wrong with being either/both open-source or self-hostable at all. I like both of those and use both extensively. However, discussion of these was clouding other matters.
|
|
#
?
Apr 10, 2019 19:44
|
|
|
Hoping this is the correct place to put this as there are no other megathreads and its somewhat security related: I have a "public" Laptop that i have used while working in a volunteer organization which i am handing back as i no longer work there. As i have no personal laptop i have occasionally used this laptop for my own things and i want to make sure that none of my files are ever accessible. I have "permanently deleted" them but they are probably easily recoverable by recovery software. Formatting the PC is not an option. Can i simply fill the harddrive with random files to overwrite the sectors that contains my files or is it not that easy?
|
|
#
?
Apr 25, 2019 14:35
|
|
|
Ineptitude posted:As i have no personal laptop i have occasionally used this [work] laptop for my own things Don't do this. It's pretty unlikely that they're going to spend the time or effort to recover your deleted pornography files. If they wanted to snoop on your activities, they could have already been logging what sites/files you were accessing, so the damage is done.
|
|
#
?
Apr 25, 2019 14:48
|
|
|
Ineptitude posted:Hoping this is the correct place to put this as there are no other megathreads and its somewhat security related: Just use one of the many programs that can 'wipe free space' and you're set.
|
|
#
?
Apr 25, 2019 14:53
|
|
|
I think you're overworring. If it was a public laptop, just say it wasn't you. If you're worried about them discovering passwords etc, change them now (password managers help here). If you're concerned they'll find out you edited your CV on a work laptop, you're leaving anyway and I doubt they'd have cared in any case. Edit: but filling the drive with loads of random innocent files might help defeat something like photorec or testdisk, which I usually use for recovery.
|
|
#
?
Apr 25, 2019 15:53
|
|
|
spiny posted:Just use one of the many programs that can 'wipe free space' and you're set. This is what you're looking for. Also maybe go through your programs, such as Word or whatever you used, and check that they didn't store backups of your files in whatever hidden-away folder they store automatic backups.
|
|
#
?
Apr 25, 2019 21:09
|
|
|
Thanks for the input I feel oddly compelled to defend myself:it is not porn. Calling it a public PC is probably the wrong terminology, english is not my primary language. I was the "chairman" of a volunteer organization, the tasks primarily involved paying invoices and sending emails to suppliers. I use the organization's laptop to do this. Last year i was abroad for 2 months and had to bring this laptop. I also had to do personal things so i could either do them on this laptop or bring another laptop and i chose to do the personal stuff on this laptop. By "public" i simply mean that the next chairman will use the laptop to do these same tasks. Its not public in the sense that a lot of different people can drop by and use it without a login or similar.
|
|
#
?
Apr 26, 2019 08:52
|
|
|
Folks just checking - what's more secure, LastPass or Bitwarden? Or is it all the same?
|
|
#
?
Apr 29, 2019 16:43
|
|
|
My recommendation is always going to be "Not Lastpass". They have enough of a bad track record at both their coding practices and their response to reported vulns I wouldn't recommend it to people at all. I've *heard* bitwarden is good, but I let someone else recommend it here that's actually used it. If you are an entirely macOS/iOS person, Apple Keychain is really good. 1Password or KeyPass for multi-platform or if you want more than *just* password management.
|
|
#
?
Apr 29, 2019 17:49
|
|
|
I'm the person above who took the jump into Bitwarden. I can't say I've personally security audited it or am an expert in the field. However, from a usability standpoint I do like it. Much lighter than lastpass. Mostly quicker, although the only exception is Android autofill takes a short but noticable time to search. As good a service as lastpass, great price at $10/yr and you can selfhost if you wish. Has support for various MFA methods, e.g. TOPT (Google Authenticator, Authy etc), YubiKeys, Duo etc (latter two premium). I do like it and it's ticked a all the boxes I can think of (password generator, MFA support, has been audited for example) but I'd encourage this thread to put it through scrutiny I can't provide. Rooted Vegetable fucked around with this message at 20:49 on Apr 29, 2019 |
|
#
?
Apr 29, 2019 20:09
|
|
|
I'm liking it so far. Should I keep the autofill function disabled or would I be ok to use it?
|
|
#
?
Apr 29, 2019 23:16
|
|
|
|
| # ? May 17, 2024 02:43 |
|
|
I’m keen to set it up for my girlfriend but that would mean I have to move to it as well so I can support her. Is it easier to use for someone non-technical than Keepass?
|
|
#
?
Apr 30, 2019 03:31
|
|
