|
Boris Galerkin posted:This seems to work only if I'm using Dropbox for syncing I don't think so, he was just personally using Dropbox for syncing the keychain file so he instructed how to use it. The software is designed so the keychain is stored as ~/1Password/1Password.agilekeychain and you just symlink that to where ever your sync client stores the actual file.
|
# ¿ Feb 27, 2016 00:49 |
|
|
# ¿ May 3, 2024 10:43 |
|
cheese-cube posted:Hammer. Seriously, if you have data worth recovering from a physically damaged HDD by a nefarious third-party then you wouldn't be posting here. DBAN first, then hammer. The difference being that hammer makes data recovery extremely difficult, but DBAN makes it impossible. For the extent that harddrive is functional. Unfortunately, DBAN needs to be rebooted, it hasn't been designed for several runs. Alternative would be any number of live Linux boots like System Rescue CD, Knoppix, etc, and dd/ddrescue.
|
# ¿ May 31, 2016 19:06 |
|
Rocko Bonaparte posted:I'd like to get into these rules some more because I know some other sites have pretty tough policies. I think the big killer was having repeated characters, but it never outright stated which policy my password attempts violated. It allowed passwords between 8 and 32 characters. It required at least a number. It claimed to also need a symbol, but it ultimately did not. I know there was something like a wizard, and I set a lot of those rules, but there wasn't anything for repeated characters. Just generate a random password and then modify it so it fulfills the website requirements. Much simpler than trying to come up with a rule that produces compatible passwords, when it might affect only that one site.
|
# ¿ Jul 12, 2016 20:38 |
|
I agree. If her iPad was actually part of a botnet it would be too valuable to send spam using her address and trace it to the source. All the spam would have someone else as the sender that has nothing to with your mom. The only cause for concern is that her friends have also received these spams. But I would suspect that is because she has joined some contact stealing service like Twoo.com. You should probabaly go through the apps in her iPad, especially those that have access to her contacts. It would also be good if you can contact one of these friends that have received the spam emails. They should be savvy enough with computers to be able to find the full headers of the email and send them to you. You can use those to figure out where it originated from.
|
# ¿ Sep 4, 2016 13:49 |
|
Squeegy posted:It's not jailbroken, but I have no idea why she'd be targeted for email spoofing. Because she has an email address and it was included in some "Million Addresses for JUST $49.99!" megadeal.
|
# ¿ Sep 5, 2016 19:53 |
|
spiny posted:I got hit a few years back, got thousands of bounces, and a few hundred angry people telling me my computer was infected, which it wasn't. Just had to sit tight until it stopped :/ One of the few useful things Squeegy can do in this situation, is to explain faked email senders to his mother well enough, that she will be able to explain it to ther friends. May not be easy depending on how tech savvy that group is.
|
# ¿ Sep 6, 2016 17:39 |
|
Carbon dioxide posted:The reason non-experts change their passwords so often is because, well, if people use bad passwords to start with AND they reuse passwords, and you can't get them to change that behaviour, telling them to change passwords every so often is the only option left. I've sometimes thought that the only solution to password reuse would be to use required patterns in the password. When you go to change the password the page would tell you that the characters 4-6 in your new password must be "hEo", choose whatever you want for the rest. But it would require large portion of sites to use random patterns to make reuse impractical.
|
# ¿ Feb 25, 2017 01:27 |
|
anthonypants posted:I was having trouble setting up RANCID, and their documentation sucks rear end, so I thought I'd look at alternatives, and came across rConfig. It has a native web interface, and my coworkers hate Linux, so I thought I'd give it a look. Here's a few problems: Have you published this rant anywhere? I want to link it to my coworkers. That is a heroic amount of effort to do everything possible wrong.
|
# ¿ Mar 22, 2017 23:32 |
|
A friend has been trying to delete his Facebook account, but he has been unable to because he used the FB login to create his Spotify account, and in that situation Spotify doesn't have a "disconnect" option. Spotify's workaround is to create a new account and have support transfer over playlists and such. But Spotify doesn't offer the subscription plan he used anymore, a new plan would double the price. I've been too squeamish to use FB or Google login for anything else and I feel it has been the right choice.
|
# ¿ Mar 30, 2018 11:28 |
|
rabidcowfromhell posted:This seems wrong but I'm not smart enough to dispute it.... You can point out that the reason you need a complicated password is because they do steal the full password database. The passwords are hashed and need to be "cracked", and it's the simple passwords that are cracked first. If you have a complex password there's a good chance the thefts don't matter to you. You can also ask them to estimate how many sites they have reused their password on, and can they be sure that none of them have been hacked. I work at a large university and for us the problem is phishing, and a password manager can help with this too. Manager can simply refuse to input your password on a phishing site. Every now and then we go through a phishing campaign and as a result our email admins will repeatedly ask helpdesk to reset someone's password. I don't think we've had a case of password database theft in the past couple decades at least. Brute forcing is a non-issue, I once calculated that if you used a 6-digit PIN code you would have better than 50% chance of not getting brute forced during the password validity period because of our password lockout policies. Bigger problem is when you change your password and get your account locked repeatedly because of your cellphone of email client hammering the old password.
|
# ¿ Sep 13, 2020 20:24 |
|
Ynglaur posted:A 6 digit PIN? Really? Crack time per password for that is measured in microseconds. So if you have a 50-50 chance of dodging, either most ofyour other users have stronger passwords or you have a lot of users. I was talking about specific user's password. The system simply don't allow online brute forcing. When I did the calculation the system would lock the account for half an hour after 5 failed attempts within some time frame. You got less than 5 thousand attempts within a year before the password had to be changed. If you got the list of usernames, then you most likely could have cracked someone's PIN.
|
# ¿ Sep 14, 2020 03:32 |
|
RFC2324 posted:out of curiosity, whats the pattern to usernames? finitial+last? That is probably the most common pattern, but there are all kinds of variations. Some have only last name, some are split. And when a self-service account creation for students was built, where you can choose from a list of suggestions, we got usernames like hahaha or xooxoo.
|
# ¿ Sep 18, 2020 13:17 |
|
A coworker is running a VPN server on UDP port 53 (DNS), this may enable free access for example from airport wifi.
|
# ¿ Mar 1, 2021 15:49 |
|
If punctuation is required, then "." seems to be the safest choice. But they are to be avoided unless you can be sure you will never end up in unusual situation. Just this week my coworker was in trouble inside VMware console where he was unable to produce "=". At the same time my own hell was IPMI and IP-KVM consoles where it was impossible to type "$" using finnish keyboard layout. So I decided to fallback to US layout. Funny thing is, that IP-KVM also occasionally has a problem where key gets stuck and repeats dozen or couple times. So I type 'setkmap', press enter and it gets stuck. And setkmap selects the first choice. After the enter got unstuck I find out my keyboard is now producing completely random characters. After a lot of trial and error I figure out I can run the setkmap command again by typing "ödkvmar". Turns out I was using ANSI-dvorak.
|
# ¿ Mar 12, 2021 02:14 |
|
Rooted Vegetable posted:We're spiraling towards "Dicewear passwords would be more secure if you use ten d20 dice on word lists in a language you alone can speak. Literally a new fully functional language no other soul knows." Surprisingly this sort of has been done. "pwgen" that RFC mentioned creates random password, but you will notice patterns in them. The passwords sem to be based on words, but these are made up words designed so they are bit easier to remember and type. You would be amazed how easy it is to remember these completely nonsensical passwords.
|
# ¿ Mar 13, 2021 01:11 |
|
This discussion about government issue TOTP is interesting, because in Finland it basically works the other way. Your bank provides the TOTP or other MFA, and you use your online banking credentials to authenticate yourself to government services and many others too. Want to do your taxes, modify your car registration, check your medical records, it's all handled through bank authentication. Alternatives are authentication through your cell operators mobile certificate or a government issue smart card, but I have to have bank account anyway, so why would I pay extra for my operator or buy a 100€ smart card. I work for a large university and if I forget my password, I can go to the password change website, do bank authentication to prove my identity and set a new password.
|
# ¿ May 8, 2021 01:14 |
|
RFC2324 posted:here in the US I am pretty sure there isn't a single major bank that doesn't use SMS for authentication In Finland it has been paper number lists since last millenia. Only in the past few years EU regulations are forcing them to change it. Either you use the banking app on your phone, or you receive a number through SMS and check the PIN code that matches that number from your OTP list.
|
# ¿ May 8, 2021 02:26 |
|
Magnetic North posted:4: A bill-paying laptop: Similar to above, except that the only device which handles bills is a cheapo Chromebook or whatever. It feels kind of e-Waste-y to me to have an entire device for that, but I'm curious if it's worth the bother. I'd say there are different stages to employ this. Minimum is a separate Firefox profile you use only for banking. Next stage is a different user account for banking. Beyond that you could setup a Hyper-V virtual machine. All these are free options before buying another computer.
|
# ¿ Jul 24, 2022 12:41 |
|
Subjunctive posted:Definitely the system builder’s responsibility to calibrate things before delivery. I don’t think my old Spyder or whatever still works any more, so I just use rtings’ profiles and live with it. Isn't the recommendation to regularly recheck the calibration because monitors wear out and age.
|
# ¿ May 27, 2023 00:59 |
|
|
# ¿ May 3, 2024 10:43 |
|
And even if they tried to do something more advanced like installing malware to intercept online banking they couldn't afford to use something that would survive wipe and reinstall. That kind of malware would be way too valuable to waste on such an clearly visible attack.
|
# ¿ Feb 10, 2024 15:43 |