|
Powered Descent posted:Yes. Sorry grandma, you should have realised that bank0famerica.com wasn't actually your bank and not copy pasted your password into it. Yes, if I'd told you to use a better password manager it would have caught it and stopped you from doing it, but forums poster "Powered Descent" thinks that the burned hand teaches best and you should just learn to not get phished.
|
#
?
Jul 26, 2019 02:37
|
|
|
|
| # ? May 25, 2024 07:59 |
|
|
Powered Descent posted:Yes. I mean "Use a condom" and "Don't gently caress people with visually suppurating genitals" aren't mutually exclusive? 
|
|
#
?
Jul 26, 2019 02:43
|
|
|
Jabor posted:Sorry grandma, you should have realised that bank0famerica.com wasn't actually your bank and not copy pasted your password into it. Yes, if I'd told you to use a better password manager it would have caught it and stopped you from doing it, but forums poster "Powered Descent" thinks that the burned hand teaches best and you should just learn to not get phished. If you really loved your grandma you would get her a yubikey
|
|
#
?
Jul 26, 2019 02:46
|
|
|
Jabor posted:Sorry grandma, you should have realised that bank0famerica.com wasn't actually your bank and not copy pasted your password into it. Yes, if I'd told you to use a better password manager it would have caught it and stopped you from doing it, but forums poster "Powered Descent" thinks that the burned hand teaches best and you should just learn to not get phished.  A password manager is a safe place to keep passwords, especially ones that are too complex to memorize. That's all. I have nothing against ones that have fancy browser integrations and extra security features, but their existence doesn't make the simpler ones stupid or dangerous.
|
|
#
?
Jul 26, 2019 03:14
|
|
|
Jabor posted:Sorry grandma, you should have realised that bank0famerica.com wasn't actually your bank and not copy pasted your password into it. Yes, if I'd told you to use a better password manager it would have caught it and stopped you from doing it, but forums poster "Powered Descent" thinks that the burned hand teaches best and you should just learn to not get phished.
|
|
#
?
Jul 26, 2019 03:23
|
|
|
Cugel the Clever posted:Serious question as the extent of my knowledge about such things is superficial at best: in what way does removing the copy/paste functionality from the password manager solve this issue? What exactly is the alternative that you're imagining for protecting grandma from being at a fake site? The password manager (or the associated browser extension) knows what site you're on, and only gives out the corresponding password.
|
|
#
?
Jul 26, 2019 03:45
|
|
|
“common-sense awareness” is industrial-strength victim blaming. don’t lay the terrible security ergonomics of this poo poo at the feet of laypeople.
|
|
#
?
Jul 26, 2019 03:47
|
|
|
I use 1password, it's good and cool
|
|
#
?
Jul 26, 2019 05:22
|
|
|
I feel like theirs a vast difference of opinion going on here about what a password manager is/should do
|
|
#
?
Jul 26, 2019 06:44
|
|
|
Darchangel posted:While we're asking for impossible Windows features, why is it, in the Year Of Our Lord 2019, in the age of at-least-1080p displays, Microsoft cannot make loving properties sheets larger than a postage stamp, or resizable at all? Subjunctive posted:“common-sense awareness” is industrial-strength victim blaming. don’t lay the terrible security ergonomics of this poo poo at the feet of laypeople.
|
|
#
?
Jul 26, 2019 09:16
|
|
|
Speaking of pwmgrs, KeepAss is amazing for my use case of "can sync over ssh", but it has basically zero team features. I need a preferably opensauce option for that, is hashicorp vault good? Anyone have any experiences with that?
|
|
#
?
Jul 26, 2019 11:30
|
|
|
Hashi Vault is designed to be an API driven application keystore that can handle thousands of password generations on the fly. Yes it can store your passwords for a team. They have an encrypted kvstore that can do that, and you can granularly control access to it. But it's strength is when it's paired with an SDK and a custom application calls it to generate a password with a short ttl for a database, or cloud platform, or whatever else. If you need something robust to do password storing for a team, try Thycotic (if you have deep pocketbooks), AWS KMS if you're an AWS customer, or whatever Azure calls their vault product if you're an Azure customer. All of these have a web front end you can log in and store passwords. They're much easier to use than Hashi's Vault if you're only planning on using it as a password management system. There's also BlackBox and Couldflare's Red October that I haven't tried. Not sure I could get over not saying "Ryan, scome shings in here don't react too well to bulletsh" upon login to Red October.
|
|
#
?
Jul 26, 2019 13:19
|
|
|
Subjunctive posted:“common-sense awareness” is industrial-strength victim blaming. don’t lay the terrible security ergonomics of this poo poo at the feet of laypeople. Security isn't common sense, but it is a basic truth that everybody who wants to have their information be secure has to have an understanding of information security, just like a person with a car has to know how to drive. We can improve the ergonomics, but all that does is shift the attack surface around, and it could make it even more difficult for people to understand their own threat model.
|
|
#
?
Jul 26, 2019 13:36
|
|
|
xtal posted:Security isn't common sense, but it is a basic truth that everybody who wants to have their information be secure has to have an understanding of information security, just like a person with a car has to know how to drive. We can improve the ergonomics, but all that does is shift the attack surface around, and it could make it even more difficult for people to understand their own threat model. Ah, yes, private information, that thing people can choose to just not have if they don't feel they're qualified to, just like a car! 
|
|
#
?
Jul 26, 2019 13:45
|
|
|
Absurd Alhazred posted:Ah, yes, private information, that thing people can choose to just not have if they don't feel they're qualified to, just like a car! It's not like I'm saying that's a good thing, it's just a fact of life. There isn't a solution, period, in the information-theoretical sense, that makes security both easy and useful. You're going to need to understand security to be secure.
|
|
#
?
Jul 26, 2019 13:52
|
|
|
xtal posted:Security isn't common sense, but it is a basic truth that everybody who wants to have their information be secure has to have an understanding of information security, just like a person with a car has to know how to drive. We can improve the ergonomics, but all that does is shift the attack surface around, and it could make it even more difficult for people to understand their own threat model. The irony here is the sheer number of lovely drivers who think the problem is everyone else.
|
|
#
?
Jul 26, 2019 13:56
|
|
|
Mustache Ride posted:If you need something robust to do password storing for a team, try Thycotic (if you have deep pocketbooks), AWS KMS if you're an AWS customer, or whatever Azure calls their vault product if you're an Azure customer. All of these have a web front end you can log in and store passwords. They're much easier to use than Hashi's Vault if you're only planning on using it as a password management system. Unfortunately, I don't have pockets deep enough for any of those lmao. OTOH, on thycotic's website: "The free version of DevOps Secrets Vault manages up to 250 secrets and never expires." This *might* actually be enough to use, i work at a fairly small shop. Thanks!
|
|
#
?
Jul 26, 2019 14:43
|
|
|
Yeah the limit there is the 10 users, but if that works then good, go for it.
|
|
#
?
Jul 26, 2019 14:51
|
|
|
xtal posted:Security isn't common sense, but it is a basic truth that everybody who wants to have their information be secure has to have an understanding of information security, just like a person with a car has to know how to drive. We can improve the ergonomics, but all that does is shift the attack surface around, and it could make it even more difficult for people to understand their own threat model. I am guessing that this is a bad post, but I collapsed on the floor in seizures of laughter when I got to the part where you described security as a "truth", so I'll never know.
|
|
#
?
Jul 26, 2019 15:00
|
|
|
Maybe if you'd have kept reading that post and your reply would have made sense
|
|
#
?
Jul 26, 2019 15:05
|
|
|
does anyone else want to keep digging
|
|
#
?
Jul 26, 2019 15:08
|
|
|
I would strongly advise consulting with a neurologist (or at least your primary care physician) if viewing text on a screen gives you seizures!
|
|
#
?
Jul 26, 2019 15:09
|
|
|
Some of you have never herded cats I take it.
|
|
#
?
Jul 26, 2019 15:22
|
|
|
xtal posted:Maybe if you'd have kept reading that post and your reply would have made sense I got some welder's glass and a pinhole camera, and it only got worse. You tricked me!
|
|
#
?
Jul 26, 2019 15:29
|
|
|
Subjunctive posted:I got some welder's glass and a pinhole camera, and it only got worse. You tricked me! dominic you rat you gave me the ole spicy eyeball!
|
|
#
?
Jul 26, 2019 15:32
|
|
|
Lain Iwakura posted:Some of you have never herded cats I take it. sister, please
|
|
#
?
Jul 26, 2019 15:57
|
|
|
Hey everyone, look at this guy over here who says it's perfectly fine to have an ordinary screwdriver in your toolbox, and that it's "up to the user" to decide which screws to loosen or tighten! How dare he ask anyone but screw-related professionals to know that? I bet he's just projecting and he's undone the wrong screw lots of times and let in burglars through his unscrewed door hinges.Beccara posted:I feel like theirs a vast difference of opinion going on here about what a password manager is/should do You know what, this is probably the most insightful thing that's been said so far.
|
|
#
?
Jul 26, 2019 16:36
|
|
|
Powered Descent posted:Hey everyone, look at this guy over here who says it's perfectly fine to have an ordinary screwdriver in your toolbox, and that it's "up to the user" to decide which screws to loosen or tighten! How dare he ask anyone but screw-related professionals to know that? I bet he's just projecting and he's undone the wrong screw lots of times and let in burglars through his unscrewed door hinges. I'm a user so I demand a universal screwdriver that works for everything I could ever want to do without any instruction as my natural right! xtal fucked around with this message at 16:41 on Jul 26, 2019 |
|
#
?
Jul 26, 2019 16:37
|
|
|
xtal posted:I'm a user so I demand a universal screwdriver that works for everything I could ever want to do without any instruction as my natural right! This but it's the CTO.
|
|
#
?
Jul 26, 2019 16:53
|
|
|
If y'all had to recommend not one but at least 2 paid password managers to consumers, what would you recommend in addition to 1password?
|
|
#
?
Jul 26, 2019 18:04
|
|
|
Ranter posted:If y'all had to recommend not one but at least 2 paid antivirus products to consumers, what would you recommend in addition to norton?
|
|
#
?
Jul 26, 2019 18:07
|
|
|
|
|
#
?
Jul 26, 2019 18:23
|
|
|
Marcus Hutchins aka @MalwareTech has been released on time-served with a years probation that can be served in the UK. https://techcrunch.com/2019/07/26/m...iaC26ItolTaYuMQ
|
|
#
?
Jul 26, 2019 21:29
|
|
|
I am putting together babby's first vuln disclosure re: the Equifax settlement site  just unbelievable
|
|
#
?
Jul 27, 2019 03:51
|
|
|
Potato Salad posted:I am putting together babby's first vuln disclosure re: the Equifax settlement site I was just about to ask whether trying to get a payout was worth it.
|
|
#
?
Jul 27, 2019 04:40
|
|
|
1Password is very good. I use the outdated non-subscription version and I'm quite pleased with it generally.
|
|
#
?
Jul 27, 2019 05:45
|
|
|
I hate nearly everything about 1password. The user story is worse than lastpass in every way except for the part where lastpass fails to fix vulnerabilities or act responsibly in the face of new vulnerabilities But the actual UX on 1password is just the worst. And yet I pay for it.
|
|
#
?
Jul 27, 2019 17:46
|
|
|
I couldn't find an easy way to get it to ignore a site and not ask to remember the password, seems the experience differs quite a lot between native app and browser extension
|
|
#
?
Jul 27, 2019 17:49
|
|
|
Achmed Jones posted:But the actual UX on 1password is just the worst What's wrong with it??
|
|
#
?
Jul 27, 2019 18:28
|
|
|
|
| # ? May 25, 2024 07:59 |
|
|
Achmed Jones posted:I hate nearly everything about 1password. The user story is worse than lastpass in every way except for the part where lastpass fails to fix vulnerabilities or act responsibly in the face of new vulnerabilities CLAM DOWN posted:What's wrong with it?? I'm curious as to what piece of the UI is so bad as well.
|
|
#
?
Jul 27, 2019 18:52
|
|