|
Saukkis posted:We have a solution for this issue. We must learn from that recent password game and all services must implement obnoxious and random password requirements. When a service requires that your password is at least 13 characters long, must contain at least two numbers, three capitals and one small letter, the 4th character must be Y, 7th number 2, and 11th character must be # you are unlikely to be able no reuse it. One of the greatest benefits of a password manager (aside from security, obviously) is no longer caring how many accounts you need to create for how many services or apps or whatever. I used to hate having to sign up for something with an account because it was one more thing I had to remember and could I use my same password for everything else + website name or did I have to use something actually unique and if so where did I write that down and Now it's like Reddit Twitter Github Imgur gently caress yeah gimme all the accounts, I still only have to remember the one passphrase
|
# ? Jul 20, 2023 23:34 |
|
|
# ? May 25, 2024 15:37 |
|
Takes No Damage posted:Now it's like Reddit Twitter Github Imgur gently caress yeah gimme all the accounts, I still only have to remember the one passphrase Wait, you have something more complicated than 1234 for "Reddit Twitter Github Imgur gently caress yeah". Not to mention, different? 'Cause, gently caress that noise. I have a password manager, but I aint entering that junk in a password manager. And im telling the browser to remember it.
|
# ? Jul 20, 2023 23:37 |
|
Saukkis posted:We have a solution for this issue. We must learn from that recent password game and all services must implement obnoxious and random password requirements. When a service requires that your password is at least 13 characters long, must contain at least two numbers, three capitals and one small letter, the 4th character must be Y, 7th number 2, and 11th character must be # you are unlikely to be able no reuse it. Password Game Rule 36: Your password must sha512crypt hash to: $6$7RdvJBvMozALwd7P$A0aohBy8AaNypIg/0/ReYnLJwTfTTg4mYGZcjY0nYth1riBfVrHFKWNm9G37yBIMuqYcDaKl2h4VqFKO3Ni1H0
|
# ? Jul 20, 2023 23:39 |
|
Moving from LastPass to 1Password was a fun lesson in the impermanence of lovely web service middlemen and video services that got packed in with my Blurays.
|
# ? Jul 20, 2023 23:39 |
|
I'm invested in iCloud Keychain for my password hygiene. Other than the occasional hassle of having to dig out my phone if I need to enter a password on one of my very few non-Apple devices I think it's been pretty seamless for me. I'm sure if this is terrible someone will be sure to chime in, but short of a massive flaw in their security I think it'd take a lot to move me away now. For context, I didn't actively pick iCloud Keychain out of a product lineup, it was just built into everything I own and I just sort of adopted it by virtue of not looking for a different solution.
|
# ? Jul 21, 2023 00:08 |
|
Volguus posted:Wait, you have something more complicated than 1234 for "Reddit Twitter Github Imgur gently caress yeah". Not to mention, different? 'Cause, gently caress that noise. I have a password manager, but I aint entering that junk in a password manager. And im telling the browser to remember it. Ranking websites on what is and isn't worthy to be in my pw vault sounds like too much work, everything goes in. Besides, you don't want to have passwords sitting around that are actually that bad, otherwise it defeats the purpose of having an account in the first place. Once my first Reddit account crept up to over 1000 points or merits or whatever they have over there, it got hacked and started posting links on extreme hardcore porn subreddits. Real freaky Docking with Razorblades type of poo poo Never. Again.
|
# ? Jul 21, 2023 00:08 |
|
some kinda jackal posted:I'm invested in iCloud Keychain for my password hygiene. Other than the occasional hassle of having to dig out my phone if I need to enter a password on one of my very few non-Apple devices I think it's been pretty seamless for me. I'm sure if this is terrible someone will be sure to chime in, but short of a massive flaw in their security I think it'd take a lot to move me away now. Just this: https://9to5mac.com/2023/02/24/iphone-passcode-in-public-dangers/
|
# ? Jul 21, 2023 00:13 |
|
Yeah I always think about this when I look at the fingerprints on my screen. It would be good if Apple at least gave us the option of randomizing the keypad digits but ah well.
|
# ? Jul 21, 2023 00:18 |
|
some kinda jackal posted:I'm invested in iCloud Keychain for my password hygiene. Other than the occasional hassle of having to dig out my phone if I need to enter a password on one of my very few non-Apple devices I think it's been pretty seamless for me. I'm sure if this is terrible someone will be sure to chime in, but short of a massive flaw in their security I think it'd take a lot to move me away now. icloud keychain is a very good password manager for anyone who is in the apple ecosystem deep enough that the main drawback (apple only) isn't a big deal some kinda jackal posted:Yeah I always think about this when I look at the fingerprints on my screen. It would be good if Apple at least gave us the option of randomizing the keypad digits but ah well. internet says you can set keychain to use a different password than your normal login or icloud password, which I think would keep keychain locked even if someone stole your phone complete with PIN access. don't know exact details because I'm not an apple person, but if you want higher security at the cost of inconvenience & additional memory load you could look at that. (Or multiple keychains, that seems to be a thing?)
|
# ? Jul 21, 2023 00:50 |
|
Volguus posted:I have a password manager, but I aint entering that junk in a password manager. And im telling the browser to remember it. Nothing wrong with using the more convenient password manager for things you'd rather have convenient and then having a different one that's less convenient but hopefully more secure for your important but infrequently used credentials. Most of my day to day internet bullshit logins are in my Chrome password manager because it's convenient to have them "just work" on all my devices, including most Android apps if they set it properly for their domain. The logins with which someone could really gently caress my poo poo up, those are all in a separate KeePass database that gets synced independently to just a few key devices.
|
# ? Jul 21, 2023 05:35 |
|
Takes No Damage posted:Ranking websites on what is and isn't worthy to be in my pw vault sounds like too much work, everything goes in. Besides, you don't want to have passwords sitting around that are actually that bad, otherwise it defeats the purpose of having an account in the first place. Once my first Reddit account crept up to over 1000 points or merits or whatever they have over there, it got hacked and started posting links on extreme hardcore porn subreddits. Real freaky Docking with Razorblades type of poo poo See, you made one grave mistake here: you care about the account. If you do, then by all means, pw manager, long, unique, the works. "1234" as a password should be used for those accounts where, when it gets stolen, you just make another. No harm, no foul. It's the normal, run of the mill, twitter, reddit, imgur, whatever. Dime a dozen. wolrah posted:The browser's password store is a password manager. While i'm sure they try to make their store as secure as possible (all the browsers), I do not trust them. Whatever passwords they store, I assume by default, that the internet at large is, or will be, able to read them.
|
# ? Jul 21, 2023 06:55 |
|
Lol at going into the infosec thread and saying it's cool and fine to just make your password "password"
|
# ? Jul 21, 2023 06:58 |
|
Cup Runneth Over posted:Lol at going into the infosec thread and saying it's cool and fine to just make your password "password" Doing my best, OP. Just doing my best.
|
# ? Jul 21, 2023 14:09 |
|
It takes less time for me to generate a random password and save it to my vault with 1Password than it would take to type some garbage in
|
# ? Jul 21, 2023 14:33 |
|
1Password is great but the one thing I miss coming over from LastPass is the browser extension reliability. No matter how many times I set up the browser extension, it constantly logs me out and requires that I re-enter my master password. Like, once every 10 minutes despite setting the idle timer to an hour. I appreciate the security but typing a long-rear end master password over and over is annoying and probably a security risk in and of itself. Especially on a desktop, the chances of someone stealing my PC in my house while the browser extension is unlocked seem much lower than the chances of me getting keylogged while I'm typing the same phrase every few minutes.
|
# ? Jul 21, 2023 14:43 |
|
IIRC it locks when you close your last browser window, regardless of timeout. Could be that you're experiencing
|
# ? Jul 21, 2023 14:47 |
|
I, too, am tired of typing my master password, and I noticed that 1Password works great on my laptop with the fingerprint reader. Anyone have a cheap, accurate, and quick Win10 compatible tap fingerprint reader to recommend for a desktop? Any reason not to get one?
|
# ? Jul 21, 2023 14:52 |
|
The tedious part about dealing with bullshit website logins isn't the password, whether you use a manager or p4ssw0rd. It's going through the signup, solving the captcha, switching to the alternate "send your spam here, I never look at it" email for verification, etc. I miss BugMeNot and mailinator. Well Played Mauer posted:1Password is great but the one thing I miss coming over from LastPass is the browser extension reliability. No matter how many times I set up the browser extension, it constantly logs me out and requires that I re-enter my master password. Like, once every 10 minutes despite setting the idle timer to an hour. I appreciate the security but typing a long-rear end master password over and over is annoying and probably a security risk in and of itself. Are you using the browser extension independently, or tied to a local instance of the full software? The second option seems better for avoiding time-out. (Also do you have any other extensions that might be deleting cookies / browser storage?)
|
# ? Jul 21, 2023 14:58 |
Klyith posted:The tedious part about dealing with bullshit website logins isn't the password, whether you use a manager or p4ssw0rd. It's going through the signup, solving the captcha, switching to the alternate "send your spam here, I never look at it" email for verification, etc.
|
|
# ? Jul 21, 2023 15:01 |
|
Don't forget there is also plus addressing on Gmail (and Exchange Online now), and iCloud lets you create temporary addresses that you can throw away as soon as they've been used.
|
# ? Jul 21, 2023 15:05 |
|
BlankSystemDaemon posted:One advantage of running your own mailserver is that you can use a catch-all address, which in turn lets you use email addresses sorta like bugmenot. https://support.google.com/a/answer/12943537?hl=en
|
# ? Jul 21, 2023 15:06 |
Diva Cupcake posted:Don't need to roll your own mailserver (because gently caress that) for a catch-all. I use Google Workspace for my person mail domain and they support it.
|
|
# ? Jul 21, 2023 15:10 |
|
Klyith posted:I miss BugMeNot and mailinator. Did anything happen to mailinator? Looking at their website it looks like it's still working and doing what is supposed to.
|
# ? Jul 21, 2023 15:21 |
|
Volguus posted:Did anything happen to mailinator? Looking at their website it looks like it's still working and doing what is supposed to. It's still there but pretty much every site blocks mailinator from account sign-ups. There used to be a ton of alternate domains to avoid that, but last time I tried to use it half of them them were lapsed and some of the ones that still existed were also blocked. It was more trouble than it was worth. Thanks Ants posted:Don't forget there is also plus addressing on Gmail (and Exchange Online now), and iCloud lets you create temporary addresses that you can throw away as soon as they've been used. The gmail plus address is useless, I am pretty positive that I've had companies strip it for Owning your own domain or a google workspace is cool and all but that's *also* a lot of extra make-work.
|
# ? Jul 21, 2023 15:46 |
|
NameCheap lets me set up a catch-all forwarder right from the Domain management page with Basic (free) DNS. Forward everything to Gmail or Live, and do filtering there. Smart services will probably look for servicename@customdomain.com and extrapolate a catchall, but there's a lot more fruit hanging lower That's how I got around Google Workspace Free's 20 domain limit. I'll normally use a cyberpunk hacker handle generator for additional confusion.
|
# ? Jul 21, 2023 15:51 |
|
Cloudflare also has a mail proxy that will forward to another address. You have to use cloudflare but it's free.
|
# ? Jul 21, 2023 15:52 |
|
SimpleLogin is pretty solid for on-the-fly email generation, as well as catch-alls. If you have a paid Proton account, it's also free. I have proton email going through my own domain, so pretty much everything gets shopping-whatever, ops-whatever at my domain. This worked great when I was car shopping because now I can just delete the wildcards that exist and not have to deal with their bullshit unsubscribe forms.
|
# ? Jul 21, 2023 16:18 |
|
Yeah, I can count the number of services which accept + wildcards in email addresses on two hands. Most don't accept + as a valid character, RFC 822 be damned.
|
# ? Jul 21, 2023 16:25 |
|
fastmail does throw away email address generation and integrated with 1password. hit "create new masked email" and then it's done
|
# ? Jul 21, 2023 17:18 |
|
Apple has a feature for this now too, if you use iCloud.
|
# ? Jul 21, 2023 17:38 |
|
It's time to move off Azure, y'all https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr
|
# ? Jul 22, 2023 00:46 |
|
Klyith posted:I miss BugMeNot and mailinator. One of the GuerrillaMail domains still works for me most of the time. Wibla posted:It's time to move off Azure, y'all Happy Friday afternoon y'all
|
# ? Jul 22, 2023 01:06 |
|
Wibla posted:It's time to move off Azure, y'all :hailsatan:
|
# ? Jul 22, 2023 05:39 |
|
Glad I already moved off of azure to entra
|
# ? Jul 22, 2023 17:17 |
|
It’ll be funny to see how much this ends up loving USG opsec considering most major departments including DoD and DoJ have moved their unclass stuff to the Azure construct.
|
# ? Jul 22, 2023 17:59 |
|
post hole digger posted:Glad I already moved off of azure to entra same
|
# ? Jul 22, 2023 18:09 |
|
Wibla posted:It's time to move off Azure, y'all Just as a note, the app registration options that are marked as "unsafe" are not the default since at least 2018. You need to actively change it to get into the danger zone.
|
# ? Jul 22, 2023 18:11 |
|
This Zenbleed thing has been communicated like dogshit. All the linux distros push an AMD microcode update which seems promising, except I'm pretty sure it only includes a microcode update for the EPYC processors. Apparently some newer kernels will include the mitigation for other processors that don't have a microcode update. I'm assuming this is the same as the DE_CFG bit to disable the feature, but not certain. And it's not as obvious which kernels have it, and many distros don't upgrade kernels automatically, understandably. Also the site that explains the vulnerability has some misleading information. It says Zen 2 but then says Ryzen 5000's with integrated graphics... but the Ryzen 5000 APUs are Cezanne cores which are supposedly Zen 3, unless I'm missing something obvious. So my Ryzen 3600 is definitely vulnerable, but not 100% certain how to mitigate it (I'm manually setting the DE_CFG bit in a systemd script for now) and my Ryzen 5600G... should be OK?
|
# ? Jul 26, 2023 01:21 |
|
Some of the Zen 5xxx APUs are Zen 2. It’s a naming disaster. https://en.m.wikipedia.org/wiki/Template:AMD_Ryzen_Mobile_5000_series
|
# ? Jul 26, 2023 01:50 |
|
|
# ? May 25, 2024 15:37 |
|
Subjunctive posted:Some of the Zen 5xxx APUs are Zen 2. It’s a naming disaster. so are some of the 7xxx cpus, you have to look at the third digit to see what gen it is for the apus. lets looks at 7945HX3D https://www.msi.com/blog/understand-how-amd-name-their-mobile-cpu 7 means it's released in 2023 9 means it's a Ryzen 9 (in terms of the product stack, as in competes with an Intel Core i9) 4 means it's using Zen 4 architecture 5 means it's the higher-tier model within this specific product segment (with the other possible option for this digit being '0', for the lower-tier model) HX means it's for the 55W+ TDP target (HS is ~35W, U is 15-28W, C is 15-28W but for Chromebooks, e is 9W / fanless variant of a U) 3D means it uses 3D-stacked cache
|
# ? Jul 26, 2023 05:12 |