Welp, I finally did it. After seeing that Chrome is so invasive and vague when it comes to data collection that Google is literally getting sued, I jumped ship to #Vivaldi on my #Kubuntu 22.04 machine. Guess we're going to see how this goes :D
I need to finish getting my passwords out of Chrome and into #KeePassXC, which is somewhat of a pain, but once that's done I should be good.
afaict that then means you want closed-source proprietary SW. 😱
I'm going to reply in expectation that you actually do mean #FOSS. It's possible your written toot got scrambled in the DeepL.com translation.
For years, in all my Linuxes, i've used #KeePassXC, & regard it as wonderful. In Android i use an affiliated app, #Keepass2Android. They understand each other's db format.
PS: Ah yes, when i stopped using Masto's inbuilt DeepL.com, & instead used Firefox's internal translator, i see that this was a better indicator of your intention:
Say, for an external password manager, free of charge and cross-platform, what is your choice or recommendation?
I see KeePass, which seems to be a good choice, now exists in two separate forks: KeePassXC for PC and KeePassDX for Android. Are these two softs interconnected?
Could anyone give me recommendations for a password manager? Google is basically useless now and I don't know anywhere else to ask. 😅
So far, I've never found one that I trust enough to use. I do understand the importance but I'm extremely, incredibly hesitant to hand over my passwords to a 3rd party program. I'm even more hesitant to use randomly-generated passwords that I can't memorize as a backup.
All that being said, here's what's important to me:
Transparency - public audits, published whitepaper, and/or open source.
Export to a printable format. I don't have reliable backups, so this is a must-have!
Works with desktop & mobile Firefox.
Works on Windows & Linux (I regularly use both).
Works on Android - not critical, but would be really helpful.
Can work offline (I don't trust any sync server to stay online).
For everything else, I'm more flexible. I don't mind paying a small amount for a better / more trustworthy option, either.
Any suggestions, recommendations, or just boosts are appreciated! Thanks so much in advance! 💙
@isotopp I have a script like that for #Okta auth. Does a bunch of #curl calls to do the SAML redirects. I thought, if my browser can do it, so can curl : :ablobsmile: And I'm conveniently calling it from #keepassxc which feeds in my creds and totp token.
Only recently discovered that you can save a #TOTP entry (ie #2FA code) in #keepassxc together with the rest of your credentials and, the DB being just a file, you can copy that file elsewhere.
In doing so, you:
can back it up so you won't get locked out in case you lose one specific device and
can have access to your 2FA-protected accounts anywhere, and without having to carry your damn phone with you.
Damn. I now wanna replace all of my TOTPs, going as far as claiming loss.
I currently use the Chrome browser almost exclusively. I would like to experiment with Firefox and other potential alternatives. However, my reliance on Google's password and payment-info management is a barrier. Whatever one might think about Google, they are very good at security and cross-device data sync, which are both must-haves for these functions. And events like the LastPass data breach make me justifiably paranoid.
@isomeme I use #KeePassXC on desktop and you can pair it up with #StrongBox (iOS) or #KeePassDX (Android) on mobile. Offline solutions works best since cloud services can't be trusted as you well know.
Use Firefox or Safari, they have proper end-to-end encryption (browser maker can’t read the data) of bookmarks and other private and personal browsing information (like your passwords!).
I can’t stress enough just how ridiculous it is that most of you just hand Google your passwords to everything from your bank accounts to porn sites.
@thomasfuchs Totally agreed. I just deleted everything I still had there. I don't know why I kept it, I already copied and improved all my passwords using #keepassXC and store them locally properly encrypted. Thanks for the heads up.
What does this mean for people using it under #Tor due to #privacy or #security concerns? 🙄
I believe they will still be able to use #Git via SSH and HTTPS, but won't be able to do any admin task inside the portal.
The last nail in the coffin will be forcing the expiration of current personal tokens once 2FA is mandatory.
Is there any #OpenSource implementation of TOTP suitable for these folks?
What are your thoughts about this?
EDIT: (you may see exchange with @iampytest1 in the replies) - There are secure implementations of TOTP like #KeepassXC, which even comes installed by default in #TAILS, so Tor users can use 2FA safely with these.
" Hey kikobar!
We're reaching out to let you know that as announced last year, we will officially begin requiring users who contribute code on GitHub.com to have one or more forms of two-factor authentication (2FA) enabled. You are receiving this notification because your account meets this criteria and will be required to enroll in 2FA by October 6th, 2023 at 00:00 (UTC). "
You know those Google and Facebook buttons to log in into a website, which doesn't belong to those big corps, like small blogs.
What if we would have something like a universal #Fediverse login? Imagine logging in with your Mastodon account to comment on blogs, participate in a chatroom or do other stuff...
I really would like to have a chatroom where everyone can login with their fediverse login.
#Chatrooms are things I really miss on the fediverse or does it exist and I don't even know it's existence?
Is this technically possible with the #activitypub protocol and would it make sense?
Prawda jest taka, że czas najwyższy przestać rozdawać swoje dane wielkim korporacjom. Nie jednej konkretnej — wszystkim: #Apple, #Google, #Microsoft, itd. A najlepiej przestać podniecać się "chmurą".
Wiarze wydaje się, że problemu nie ma — wszak tak potężne firmy są przedmiotem szczególnego nadzoru, prawda? Stać ich na to, by zabezpieczyć nasze dane; mają zbyt wiele do stracenia, by sobie pozwolić coś odpieprzyć, a poza tym "wszyscy" używają ich usług, więc jak już, to nie będziemy gorsi.
Tyle że jeżeli nauczyliśmy się czegokolwiek o bogaczach to tego, że nigdy nie będą nasyceni, zawsze będą chcieć więcej. Jak zresztą się tak wzbogacili? Najpewniej już coś "odpieprzyli" i uszło im na sucho, i czują ekscytację, by spróbować znowu, i mają już armie prawników, by znów im uszło na sucho. Jasne, że twoje dane będą "bezpieczne" — priorytetem jest, by konkurencja się do nich nie dostała!
Tak, to trudne, to oznacza niewygody, ale to jedyne, co możesz zrobić, jeśli chcesz być wolną osobą, a nie niewolnikiem systemu korporacji. Nie musisz robić wszystkiego naraz, nawet kilka małych kroków może zrobić wielką różnicę.
Na przykład przestać rozdawać swoje hasła korporacjom, które trzymają je "w chmurze". Są świetne narzędzia takie jak #KeepAssXC, które są dużo lepsze niż wszystko to, co oferują wielkie korporacje, i nie są wcale trudne w użyciu. Za to robią tę wielką różnicę pomiędzy "obiecujemy, że nie będziemy zaglądać w wasze hasła", a nie dawaniem im możliwości zaglądania do nich.
Nie twierdzę wcale, że kiedykolwiek sobie faktycznie na coś takiego pozwolą. Za to czynią wiele innego zła, i liczy się każdy gest dezaprobaty.
Abbiamo aggiornato mastodon alla versione 4.1.4, che ha corretto alcuni problemi di sicurezza.
Ne approfittiamo per invitarvi ad abilitare l'autenticazione a due fattori dalle impostazioni. Se non vi piace Google Authenticator potete usare FreeOTP 🧙♀️
Is there a good password manager which works seamlessly on all major platforms (windows, Mac, Linux, iOS, android, browser) and has similar features to 1Password or LastPass but is fully open source?
@popey Since the last thing you want for your password database is vendor lock-in, use the #KeePass format. #KeePassXC is a good cross-platform client.
Das BSI warnt vor Schwachstellen im Passwort-Manager KeePassXC. Angreifer können Dateien oder das Master-Passwort ohne Authentifzierungsrückfrage manipulieren.
Mittwoch: Kritik an Amazons Arbeitsbedingungen, Blick in Gesundheitsdatengesetz
Amazon-Lagerhäuser "gefährlich" + Entwurf vom Gesundheitsdatengesetz + Vorwürfe an Gentest-Firma + Lücke beim Freundschaftspass + Schwachstelle in KeePassXC
@heiseonline Bin gespannt, ob wir genauso oft die Gegendarstellung zu sehen bekommen, wenn man auch offiziell anerkennt, dass die sogenannte Schwachstelle in #KeePassXC gar keine ist. 🙄
@keepassxc We’ve seen plenty of real vulnerabilities recently in all kinds of password managers, #BitWarden and #LastPass and #KeePass … really bad ones even … and now someone created a CVE for #KeePassXC‘s totally normal and safe behaviour, and the press mindlessly starts picking it up and shredding #FUD. Honi soit qui mal y pense. 😤
In #KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication
I was settling in to tinker with #ansible today for work and I just discovered a host called "docker0" on my #proxmox server here at the house. I have no entry for it in my #ssh config nor in #keepassxc. I have no clue what users are present on the system or what its purpose is. There does appear to be some #terraform state files laying around that might be related to it?
Current plan: murder it and see which family member starts to complain so I can identify what service(s) it's running.
1/2
Das 40,00€ teurer gewordene Nachfolgeticket zum 9-Euro-Ticket soll Daten melken. Zwar solle das Ticket übergangsweise nicht nur für Smartphones erhältlich sein sondern auch auf Chip-Karten und kurzzeitig auf Papier mit QR-Code, aber wichtig scheint es den Regierenden vor allem anderen, dass mit dem 49€-Ticket Echtzeit-Verkehrsdaten erhoben werden können.
Positiv klingt zunächst: "Es werde nicht gespeichert, wer von A nach B fährt, sondern nur, wie stark die Verkehrsmittel ausgelastet sind. Für die Fahrgäste könnte das ein Nutzen sein, weil die Verkehrsunternehmen so für ausreichend Kapazitäten sorgen könnten."
Allerdings: Das Ticket wird wohl nur als Abo personalisiert erworben werden können, so dass darüber anfallende Personendaten zukünftig schnell integriert werden könnten. Mit Hinblick auf den aktuellen massiven Ausbau des Überwachungsstaats und der Kontrollgesellschaft in Deutschland und der EU (digitale Personenkennziffer/RegMod, Chatkontrolle, Identifizierungspflicht, Biometrie, eIDAS uvm) ist es doch auch gar nicht die Frage ob, sondern nur wann und mit welchem Vorwand (Anschläge, Pandemie, Jugendschutz, Wahlkampf) personalisierte Datenerfassung und Polizeizugriffe kommen werden, sobald die digitale Kontrollinfrastruktur erst einmal errichtet wurde.