|
Nice, my motherboard's last BIOS update was in 2013. Everybody is totally going to be safe from Meltdown.
|
# ¿ Jan 5, 2018 01:28 |
|
|
# ¿ May 14, 2024 01:38 |
|
Ah, I see now. The PowerShell thing says that I am fine for CVE-2017-5754 [rogue data cache load], which is Meltdown. However, I need microcode updates for CVE-2017-5715 [branch target injection], which is one of the two variants of Spectre.
|
# ¿ Jan 5, 2018 01:58 |
|
I just use KeePass with the Kee extension for Firefox for matching passwords against the URL field. I'm not going to be super about this.
|
# ¿ Feb 25, 2018 07:43 |
|
Methylethylaldehyde posted:Real question time. I use Keepass at work, home, and on my android phone. I want to use 2 factor because any and all of my passwords I can both remember and type on my phone without wanting to kill myself are breakable, what should I get/use, and how does it compare to the 2nd best thing in a similar product space? I use the KeeOTP plugin to add TOTP to my KeePass entries. That lets me generate TOTP codes on my desktop computer. I also use Authenticator Plus for my Android phone and I add my TOTP keys to that too so I can generate keys with my phone.
|
# ¿ Feb 26, 2018 03:08 |
|
Sefal posted:I've been using Keepass for the last 2 years. Yes, there are multiple TOTP apps that support iOS. Authy, Google Authenticator, FreeOTP, and Toopher are just a couple.
|
# ¿ Feb 26, 2018 17:56 |
|
EVIL Gibson posted:Unless battlenet changed anything I was able to extract the key and time shift (and something else..) out of the app into a windows application to generate the same codes as the one on my phone. From what I've read, you can actually do this with Twitch's Authy stuff too. I haven't been able to get the secret yet, but you can run it as an 8-digit TOTP and just lop off the first digit to get a working 7-digit code.
|
# ¿ Feb 27, 2018 18:13 |
|
Everybody who has Comcast has it deployed at home. For years now.
|
# ¿ Mar 25, 2018 09:14 |
|
Are they talking about the optional password that is used to prevent number porting scams? Or the actual account password? Because those are two separate things and I can't tell which is under discussion here. It seems to be that they are talking about the optional password, which is like the code word you can put on your bank account that you have to verify before the teller will help you. It is just an additional pin number you verify over the phone.
|
# ¿ Apr 7, 2018 17:09 |
|
Proteus Jones posted:That may be (it’s still terrible). Even if it is a misunderstanding, this whole thing has grown so far beyond that. T-Mobile had sent out an SMS saying that there was a huge upsurge in number porting scams and that you should call them and set up a password to prevent it. I thought it was just some sort of password required to port out a number so I had KeePass generate a max length 15 character password. But it turned out to be a password that you have to say before the customer service reps will help you, like a set of security questions, so now I have to say that whole password out every time I call them up. Argh.
|
# ¿ Apr 7, 2018 17:42 |
|
Rocko Bonaparte posted:Well I figured out my problem with KeePass was that I never actually saved the database after adding a bunch of stuff, and I didn't seem to prompt me over that when I closed it in my original assessment. After learning to be religious with the CTRL-S combo with it, stuff persists just fine. I'm wondering now if there's an Android app that would sync with a KeePass database kept on my own VPS. That would mean HTTP or preferably SCP. I know DropBox and Google Drive has been supported forever, but I'd rather not use those if I can help it. Has anything updated in the Android space to support SCP? Everything I see is from 2014. KeePass2Android supports Dropbox, Google Drive, OneDrive, SFTP, FTP, HTTP (WebDav), HTTPS (WebDav), OwnCloud, 3rd party apps, or just straight from your file system. If you wanted to use SCP, you could install any SCP syncing app and then have KeePass2Android load the file from your filesystem.
|
# ¿ Apr 14, 2018 22:14 |
|
It sounds like Google Drive isn't syncing changed files immediately. Normally, if you save the database on the desktop, it should update the database file on the laptop. Then, when you save it on the laptop, it would recognize that the database file was altered and it would ask you to overwrite or synchronize your changes. However, if Google Drive isn't updating the file on the laptop immediately, you would get into a situation where you have conflicting changes. Dropbox seems to update immediately so I never have this problem. To resolve this, you could try using a plugin that lets you load the database directly from Google Drive. The cloud provider plugin would have KeePass directly sync with the cloud provider instead of relying on the Google Drive desktop app. Try one of these: https://sourceforge.net/projects/kp-googlesync/ https://github.com/Kyrodan/KeeAnywhere
|
# ¿ Sep 8, 2018 09:27 |
|
bitprophet posted:To be fair, aside from JavaScript's inherent language issues & the problems it gains from popularity & low barriers to entry (hi PHP!) this sort of thing could happen to any other open source project. See: uBlock vs uBlock Origin
|
# ¿ Nov 28, 2018 00:33 |
|
Pablo Bluth posted:Got an email a short while ago to say I'd been 'pwd. https://haveibeenpwned.com/Passwords You can check to see if your specific password was ever seen before in any password dumps. If it was a fairly unique password, you should be able to tell if it was yours that was leaked.
|
# ¿ Jan 17, 2019 16:01 |
|
I like how Keepass2Android installs a custom password keyboard on your phone for the pre-autofill days. It even helps for apps that don't make use of the autofill API yet.
|
# ¿ Feb 20, 2019 20:48 |
|
Kerning Chameleon posted:Firefox, for example. Firefox does work. You need to be on Firefox version 65 and the beta release of Keepass2Android.
|
# ¿ Feb 20, 2019 21:29 |
|
CLAM DOWN posted:MFA everything everywhere We've e-mailed you a security code. Please enter it to continue.
|
# ¿ Mar 5, 2019 08:56 |
|
Klyith posted:After seeing that article I did go look at all my addons to see which ones didn't publish source. Only two did not, and one of those is by a japanese guy so maybe I'm just not seeing it through translate. Pretty sure this is the npm problem, though, where what you publish on github and upload to your browser's addons repository don't necessarily have to be the same thing. At least Mozilla and Google ban addons with obfuscated and minified code, so you could, in theory, check if what gets installed into your browser matches what is in github.
|
# ¿ Jul 19, 2019 22:27 |
|
If you are using KeePass, just use the Kee browser plugin (Firefox and Chrome versions available) and avoid auto-type.
|
# ¿ Jul 25, 2019 03:56 |
|
OSU_Matthew posted:KeePass chat regarding some auto type issues people had a few pages back— CTRL+ALT+A autotype by default will look to see if any window titles contains the words of the entry's title. You don't HAVE to pick the specific window title in the entry unless you turn that option off or if you want different auto-type sequences for different individual windows. But I would try to avoid auto-type if you can and just use the Kee browser plugin. The only time I use auto-type anymore is using it to log into video game accounts.
|
# ¿ Aug 15, 2019 17:47 |
|
It's probably a reference to this stuff? https://github.com/gorhill/uBlock/wiki/Prevent-WebRTC-from-leaking-local-IP-address https://www.w3.org/wiki/Privacy/IPAddresses#Mechanism_whereby_the_local_IP_Address_is_exposed
|
# ¿ Aug 29, 2019 07:19 |
|
Every time I try to support a website by turning off uBO, I get those exact same webpage redirecting ads. Every time.
|
# ¿ Sep 5, 2019 06:50 |
|
NordVPN was audited last year in regards to their no-log policy. Maybe some others have done audits too?
|
# ¿ Oct 22, 2019 17:09 |
|
Combat Pretzel posted:What plugin do you use for filling in password fields on web pages? KeeForm? https://addons.mozilla.org/en-US/firefox/addon/keefox/ https://chrome.google.com/webstore/detail/kee-password-manager/mmhlniccooihdimnnjhamobppdhaolme Requires the use of a plugin for KeePass: https://github.com/kee-org/keepassrpc/releases/latest Full instructions: https://forum.kee.pm/t/installing-kee-with-keepassrpc-for-keepass-password-safe-instructions/23 You can ignore the "paid" aspects of the stuff you see. All they are doing is selling their own web-based password hosting service built on top of KeePass. The plugin integrates with the KeePass 2 client and is open source and entirely free.
|
# ¿ Nov 20, 2019 17:02 |
|
Zorak of Michigan posted:I just went from KeePass to KeePass2 on the desktop and Keepass2Android on my phone. I wasn't unhappy before but I am positively delighted now. Keepass2Android can talk directly to Dropbox, so sync is not an issue at all. I use a key file that isn't in Dropbox, so even if an attacker cracks Dropbox wide open, they'd still have trouble brute-forcing my database. I don't bother with plugins, I just do a lot of tinkering with auto-type strings in Windows, or the Keepass2Android keyboard in Android. Browser integration plugins are so nice though. But I have to ask. Why are you using the Keepass2Android keyboard? Are you on an older version of Android? Since version 8 (Oreo), Android has had an autofill service and Keepass2Android supports it. You tap the autofill button. Keepass2Android will say it can't find an autofill entry so you tap the "Select another entry" button, navigate to the password you want, and tell it to use that one. It will then save the app affiliation into your database. Now every time you tap the autofill button, it will just work.
|
# ¿ Dec 2, 2019 05:26 |
|
EssOEss posted:This seems to only persist in some local cache and never get uploaded back to cloud (I use Google Drive). Whenever my phone downloads an updated database, the app associations are gone. Am I doing it wrong? Yeah. That isn't right. Does the application itself not re-upload your database on changes? Maybe it's a problem with Google Drive or the Keepass2Android integration with it? I have my database on Dropbox and making any changes on my phone causes it to save the change back to Dropbox. The app association is saved inside your password entry under the "Advanced" tab. It makes a new string field. Here's my Pokemon Go association: Field Name: KP2A_URL_1 Field Value: androidapp://com.nianticlabs.pokemongo
|
# ¿ Dec 3, 2019 06:32 |
|
Lambert posted:They have. Do you have any update deferment set? (Advanced options in Windows Update) Oh man so that's why I haven't been able to download the security update. Thanks so much it explains everything.
|
# ¿ Jan 15, 2020 23:04 |
|
Combat Pretzel posted:I'm using Keepass, but it pisses me the gently caress off, because integration with a browser is a clusterfuck. Multiple unmaintained Chrome plugins, and the one that loosely works, you need to run another executable acting as a bridge. So I'm copypasting right now, which is annoying as hell. Firefox: https://addons.mozilla.org/firefox/addon/keefox/ : https://chrome.google.com/webstore/detail/kee/mmhlniccooihdimnnjhamobppdhaolme You install a KeePass plugin to make it work. Directions and links to the plugin are here: https://forum.kee.pm/t/installing-kee-with-keepassrpc-for-keepass-password-safe-instructions/23
|
# ¿ Jan 18, 2020 08:17 |
|
In reality you'll just get a pin number in a text message.
|
# ¿ Oct 30, 2020 01:54 |
|
I see four CVEs. In 2010, KeePass would load a trojan horse DLL in the current working directory. In 2016, the software update feature could be MITM attacked. In 2017, the entry view panel could cause some information to be decrypted. In 2019, the CSV password import feature had an injection exploit. Also: https://keepass.info/help/kb/sec_issues.html
|
# ¿ Jan 2, 2022 09:16 |
|
Dylan16807 posted:If the problem is with making an account then KeePassXC could actually be an easier option if they already have dropbox or google drive or similar installed. Just put the file there, and I think auto save and auto reload are on by default. Original KeePass has a half dozen addons to automate cloud storage. You can also install addons to allow browser autofill like the other services. But it is definitely an advanced tool and not easily zero-maintenance.
|
# ¿ Dec 26, 2022 17:28 |
|
I just installed Power Toys on my work laptop and use Mouse Without Borders to control both it and my personal computer at the same time. Now my workplace can't see my poo poo posting.
|
# ¿ Dec 6, 2023 16:17 |
|
Cannon_Fodder posted:I just got told I need to be in the office at least 2 days a week. Be careful, if you need a card to gain access they might be pulling access logs.
|
# ¿ Jan 14, 2024 07:57 |
|
I'm lazy and put my TOTP in both Authy and KeePass.
|
# ¿ Feb 14, 2024 02:49 |
|
Pretty much every major password management solution has web browser integration these days. Even KeePass has browser extensions.
|
# ¿ Feb 24, 2024 19:12 |
|
BlankSystemDaemon posted:And at least KeePass does it right, because it requires you to interact with it, instead of just filling it in automatically. It's actually configurable. You can have it do nothing, fill it in, or fill it in and submit.
|
# ¿ Feb 26, 2024 00:42 |
|
|
# ¿ May 14, 2024 01:38 |
|
Ellipson posted:Do what I did instead and get a PhD, which simultaneously closes doors and sucks up prime career advancement years (and you will still get screened on certs) Guy applied to a web dev position at work with a Ph.D. Disqualified for being over qualified.
|
# ¿ Apr 27, 2024 20:07 |