|
CLAM DOWN posted:I've never heard of someone having this much trouble with 1password. Even my senior citizen mom could set it up. can't fix stupid
|
#
?
Dec 26, 2022 07:32
|
|
|
|
| # ? May 25, 2024 09:34 |
|
|
Thanks everyone! I have been using lastpass set up on 4 devices for 4 years now so I'm not new to this, I just can't figure out why my master password just stopped working. I was able to delete my 1password account, which let me start another family free trial and so far it's working basically the same as lastpass was, so it looks like it's a keeper
|
|
#
?
Dec 26, 2022 08:38
|
|
|
Ynglaur posted:If OP is struggling with 1Password setup this is not a more user friendly option. Maybe try Bitwarden to see if it's more intuitive. Most KeePass clients have native cloud provider integration so it's pretty much painless. I use KeePassium and it works as good if not better than any other solution i ever tested.
|
|
#
?
Dec 26, 2022 10:07
|
|
|
SwissArmyDruid posted:Please and thank you? I spent about half an hour digging through it and yeah it's just doing update checks. It seems to use the duckduckgo and google checks as a sort of redundancy to check against whether failure to get info from github is a github problem or an internet problem. Honestly the part that disgusts me the most about what I found out in that bit of reverse engineering is that all the various different potential hooks/injectors are crammed into one module instead of one per API so you've got OpenGL, Vulkan, DX8, DX9, DX10, DX11, and DX12 all in the same gigantic hooking DLL.
|
|
#
?
Dec 26, 2022 10:54
|
|
|
SlowBloke posted:Most KeePass clients have native cloud provider integration so it's pretty much painless. I use KeePassium and it works as good if not better than any other solution i ever tested.
|
|
#
?
Dec 26, 2022 11:01
|
|
|
BlankSystemDaemon posted:KeePass and SyncThing work extremely well together if you have at least one machine you can leave running all the time. I use KeePass with Dropbox, seems to work fine. Work has 1password, so I get a free personal account there, I should probably switch.
|
|
#
?
Dec 26, 2022 11:27
|
|
|
BlankSystemDaemon posted:KeePass and SyncThing work extremely well together if you have at least one machine you can leave running all the time. I just store the file on OneDrive and it works without third party sync engines.
|
|
#
?
Dec 26, 2022 11:33
|
|
|
Wibla posted:I use KeePass with Dropbox, seems to work fine. SlowBloke posted:I just store the file on OneDrive and it works without third party sync engines.
|
|
#
?
Dec 26, 2022 13:50
|
|
|
Ynglaur posted:If OP is struggling with 1Password setup this is not a more user friendly option. Maybe try Bitwarden to see if it's more intuitive. Bitwarden and Keepass have about the same level of technical understanding to setup.
|
|
#
?
Dec 26, 2022 13:56
|
|
|
Dylan16807 posted:If the problem is with making an account then KeePassXC could actually be an easier option if they already have dropbox or google drive or similar installed. Just put the file there, and I think auto save and auto reload are on by default. Original KeePass has a half dozen addons to automate cloud storage. You can also install addons to allow browser autofill like the other services. But it is definitely an advanced tool and not easily zero-maintenance.
|
|
#
?
Dec 26, 2022 17:28
|
|
|
Thanks everyone for the more updated info on Keepass' ease of use. Also let's not call OP "stupid", etc. Different people have different skills, and it is a Good Thing when someone asks for help rather than doing poo poo like rolling their own password manager using mypasswords.txt.
|
|
#
?
Dec 26, 2022 17:50
|
|
|
Hey, i encrypted it with this enigma machine i found
|
|
#
?
Dec 26, 2022 17:55
|
|
|
RFC2324 posted:Hey, i encrypted it with this enigma machine i found Oh poo poo Turing is gonna crack your password.
|
|
#
?
Dec 26, 2022 18:20
|
|
|
I think I'm just going to roll my own
|
|
#
?
Dec 26, 2022 18:47
|
|
|
PageMaster posted:Thanks everyone! I have been using lastpass set up on 4 devices for 4 years now so I'm not new to this, I just can't figure out why my master password just stopped working. I was able to delete my 1password account, which let me start another family free trial and so far it's working basically the same as lastpass was, so it looks like it's a keeper Your 1password master password didn't suddenly change or stop working, you screwed something up. Glad you were able to start again though.
|
|
#
?
Dec 26, 2022 19:08
|
|
|
CLAM DOWN posted:Your 1password master password didn't suddenly change or stop working, you screwed something up. Glad you were able to start again though. Yeah, you're probably right, I just can't think of what I possibly could have done there (and I probably never will know), but I was admittedly incredibly frustrated after spending 2 hours setting everything up on two phones and PCs and resetting every password I have before losing it all so I'm sure I wasn't thinking completely logically then. At the very least, though, I'm not permanently locked out of anything, I just need to redo the work, and even if I don't have them right now, all my passwords were at least changed.
|
|
#
?
Dec 26, 2022 19:53
|
|
|
At the very least, your passwords are all rotated and safe now!
|
|
#
?
Dec 26, 2022 22:55
|
|
|
Kazinsal posted:Honestly the part that disgusts me the most about what I found out in that bit of reverse engineering is that all the various different potential hooks/injectors are crammed into one module instead of one per API so you've got OpenGL, Vulkan, DX8, DX9, DX10, DX11, and DX12 all in the same gigantic hooking DLL. Does it at least load the relevant DLLs on demand only?
|
|
#
?
Dec 28, 2022 00:38
|
|
|
All this vault chat has finally got me to start looking into one for myself. Giving Bitwarden a spin and so far it seems fine. Apps and plugins for all of my devices and I can always log in to their web vault if I'm somewhere I can't install them. I figure as long as I don't put all my email accounts in there I can recover everything else if things go bad. If I'm just looking for basic password management is there any reason to keep shopping around? Do paid apps like KeyPass/1Password just offer more bells like file transfer and TOTP?
|
|
#
?
Dec 28, 2022 14:39
|
|
|
Takes No Damage posted:All this vault chat has finally got me to start looking into one for myself. Giving Bitwarden a spin and so far it seems fine. Apps and plugins for all of my devices and I can always log in to their web vault if I'm somewhere I can't install them. I figure as long as I don't put all my email accounts in there I can recover everything else if things go bad. If I'm just looking for basic password management is there any reason to keep shopping around? Do paid apps like KeyPass/1Password just offer more bells like file transfer and TOTP? KeePass supports TOTP with plugins on the stock binaries or via special apps like XC/keepassium. File transfer is usually up to the user but keepassium is slowly adding direct cloud file access.
|
|
#
?
Dec 28, 2022 17:47
|
|
|
One major selling point to me for bitwarden is ansible integration, if that matters to you. My playbooks pull down passwords from my vault so I don't need to mess with any other crap. It's pretty nice
|
|
#
?
Dec 28, 2022 18:23
|
|
|
I've only skimmed the last couple of pages, but seems like the goonsensus is to move away from LastPass?
|
|
#
?
Dec 28, 2022 19:42
|
|
|
i've been mentioning that a few times in this thread since 2015 ..note that this thread started in 2015
|
|
#
?
Dec 28, 2022 19:51
|
|
|
Yeah, goon consensus has been abandon LastPass for years at this point. And somehow every time there is a hack someone asks if its recommended
|
|
#
?
Dec 28, 2022 19:59
|
|
|
RFC2324 posted:Yeah, goon consensus has been abandon LastPass for years at this point. Yeah, I'm way out of the loop on this. Better make the jump.
|
|
#
?
Dec 28, 2022 20:03
|
|
|
Finally made the jump yesterday. Now to reset all my passwords.
|
|
#
?
Dec 28, 2022 20:18
|
|
|
I abused my power and updated the thread title.
|
|
#
?
Dec 28, 2022 20:19
|
|
|
RFC2324 posted:Yeah, goon consensus has been abandon LastPass for years at this point. So many IT and infosec «professionals» on Twitter just now discovering what we’ve known for years I smh and wonder about switching carreers
|
|
#
?
Dec 28, 2022 20:27
|
|
|
InfoSec is this the new nursing for "hot careers". I see literal billboards advertising Cyber security degrees. We're about to have a whole ton of people jump into the field straight out of crappy for profit colleges.
|
|
#
?
Dec 28, 2022 20:39
|
|
|
BaseballPCHiker posted:InfoSec is this the new nursing for "hot careers". I see literal billboards advertising Cyber security degrees. What do you mean about to? We have had plenty of people comeout of the military with a sec+ and a info related mos who cant do anything besides look at STIGs and nod sagely as if they understand anything.
|
|
#
?
Dec 28, 2022 20:43
|
|
|
Kragger99 posted:I've only skimmed the last couple of pages, but seems like the goonsensus is to move away from LastPass? https://infosec.exchange/@epixoip/109585049354200263
|
|
#
?
Dec 28, 2022 21:14
|
|
|
also time to get a yubikey if you ain't got one already imo
|
|
#
?
Dec 28, 2022 23:27
|
|
|
This is good, what's the issue later in his post about Bitwarden being written in a GC language as a negative? I understand that a GC cycle needs to happen on secrets hanging out in memory unless you're playing games with overwriting values. Is there something else I'm missing?
|
|
#
?
Dec 28, 2022 23:59
|
|
|
SwissArmyDruid posted:also time to get a yubikey if you ain't got one already imo they seem permanently out of stock, at least in Canada 
|
|
#
?
Dec 29, 2022 00:00
|
|
|
Hed posted:This is good, what's the issue later in his post about Bitwarden being written in a GC language as a negative? I understand that a GC cycle needs to happen on secrets hanging out in memory unless you're playing games with overwriting values. Is there something else I'm missing? I had the same reaction. Hope someone else knows better. Maybe it leads to sloppy GC? Still seems like it would be better than not having automated GC at all.
|
|
#
?
Dec 29, 2022 00:24
|
|
|
The thing about it being a GC’d language is nonsense. Eager freeing doesn’t clear secrets either, and you can overwrite the contents in GC or manual-memory-management languages equally well. This person knows a lot about password management, it seems, but not as much about programming languages and runtimes. IMO ignore that side comment.
|
|
#
?
Dec 29, 2022 01:13
|
|
|
Second-to-last pass
|
|
#
?
Dec 29, 2022 01:16
|
|
|
Subjunctive posted:The thing about it being a GC’d language is nonsense. Eager freeing doesn’t clear secrets either, and you can overwrite the contents in GC or manual-memory-management languages equally well. i'd take one over the other anyday, but i wouldn't hold it against a researcher not knowing the particulars beyond x is bad being taught to them
|
|
#
?
Dec 29, 2022 01:23
|
|
|
CLAM DOWN posted:At the very least, your passwords are all rotated and safe now! Someone at work keeps posting that stupid infographic stating it will take years before they guess our passwords so they won't rotate anything. Then they had me a report for a scan with a vuln as high as 5 and to go fix it ASAP!
|
|
#
?
Dec 29, 2022 01:57
|
|
|
|
| # ? May 25, 2024 09:34 |
|
|
I keep racking my brain to try to figure out what the author meant. I know in Java 8, for example, the string pool had different GC behavior than objects marked for collection. Bitwarden’s server is written in C# and I know the CLR has the string intern pool but idk what the memory semantics are. Clients are TypeScript so maybe there are similar considerations?
|
|
#
?
Dec 29, 2022 01:59
|
|
