Could anyone give me recommendations for a password manager? Google is basically useless now and I don't know anywhere else to ask. 😅
So far, I've never found one that I trust enough to use. I do understand the importance but I'm extremely, incredibly hesitant to hand over my passwords to a 3rd party program. I'm even more hesitant to use randomly-generated passwords that I can't memorize as a backup.
All that being said, here's what's important to me:
Transparency - public audits, published whitepaper, and/or open source.
Export to a printable format. I don't have reliable backups, so this is a must-have!
Works with desktop & mobile Firefox.
Works on Windows & Linux (I regularly use both).
Works on Android - not critical, but would be really helpful.
Can work offline (I don't trust any sync server to stay online).
For everything else, I'm more flexible. I don't mind paying a small amount for a better / more trustworthy option, either.
Any suggestions, recommendations, or just boosts are appreciated! Thanks so much in advance! 💙
I am very annoyed with Sony. I can't log in to my PlayStation account because ALL of their sign-in forms were changed to only allow 32 characters. I default to 64 character random passwords, which they previously allowed, so now I can't enter my password anymore
WTF Sony? You decreased security everywhere and didn't even notify people with passwords that are no longer compliant? The least you could do is force a reset when I try to log in next.
EDIT: Obviously the solution is just change my password but jfc is this dumb
Tipp Nr.21: Aktiviere die Bildschirmsperre auf deinem Smartphone oder Tablet, um dein Gerät vor unbefugtem Zugriff zu schützen. Verwende eine längere PIN/Passwort (ab 8 Zeichen) oder biometrische Merkmale wie Gesicht oder Fingerabdruck. Verzichte auf Muster, die meist leicht zu erraten sind. Merke: Die Geräteverschlüsselung bzw. der Schutz, den sie bietet, ist nur so gut wie die verwendete Bildschirmsperre (PIN etc.).
protonpass is available for a few weeks now and i really enjoy using it on my mobile devices and on firefox. there is no "official" app for mac and desktop safari yet (proton claims that they have to heavily rewrite the extension to make it work with safari) so i installed the ipad version on my m1 mini and it works - in a way....
Not allowing users to see what they type counts in aggravation of sentencing.
Blocking paste, making us type in blind and then HAVING A TIMEOUT AFTER WRONG ATTEMPTS should be grounds for whipping the entire dev team and everyone above them in the org chart.
Tipp Nr.7: Verwende starke und einzigartige Passwörter für deine Konten. Mit »stark« ist gemeint, dass das Passwort möglichst lang ist (ab 16 Zeichen aufwärts) und zufällig entstanden ist. Die Verwaltung von den Zugängen/Konten solltet ihr über einen Passwort-Manager bewerkstelligen. Für zusätzliche Sicherheit: Zwei- oder Mehr-Faktor-Authentisierung (#2FA, #MFA) bspw. via TOTP, FIDO/U2F.
It's awesome to see the KeePassXC project has finally reached their goal of being independently audited for security and its application of cryptography:
I've cracked billions of #passwords from tens of thousands of #data#breaches in the past 12+ years, and because of this, I likely know at least one #password for 90% of people on the Internet. And I'm not alone! While I primarily crack breached passwords for research purposes and the thrill of the sport, others are selling your breached passwords to criminals who leverage them in #AccountTakeover and #CredentialStuffing attacks.
Use a #Diceware style #passphrase - four or more words selected at random - for passwords you have to commit to memory, like your master password!
Enable MFA for important online accounts, including cloud-based password managers!
Harden your master password by tweaking your password manager's KDF settings! For #Bitwarden, use Argon2id with 64MB memory, 3 iterations, 4 parallelism. For #1Password and other PBKDF2 based password managers, set the iteration count to at least 600,000.
Use unique, randomly generated passwords for all your accounts! Use your password manager to generate random 14-16 character passwords for everything. Modern password cracking is heavily optimized for human-generated passwords, because humans are highly predictable. Randomness defeats this and forces attackers to resort to incremental brute force! There's no trick you can do to make a secure, uncrackable password on your own - your meat glob will only betray you.
Use an ad blocker like #uBlock Origin to keep you safe from password-stealing #malware and other browser based threats!
Don't fall for #phishing attacks and other social engineering attacks! Browser-based password managers help defend against phishing attacks because they'll never autofill your passwords on fake login pages. Think before you click, and never give your passwords to anyone, not even if they offer you chocolate or weed.
#Enterprises: require ad blockers, invest in an enterprise password management solution, audit password manager logs to ensure employes aren't sharing passwords outside the org, implement a Fine Grained Password Policy that requires a minimum of 20 characters to encourage the use of long passphrases, implement a password filter to block commonly used password patterns and compromised passwords, disable #NTLM authentication and disable RC4 for #Kerberos, disable legacy broadcast protocols like LLMNR and NBT-NS, require mandatory #SMB signing, use Group Managed Service Accounts instead of shared passwords, monitor public data breaches for employee credentials, and crack your own passwords to audit the effectiveness of your password policy and user training!
I have lots of experience cracking password, but I have not used John since around 2011. I use hashcat. But a colleague suggested I use John for some upcoming training.
If you're using #bitwarden, make sure to change the KDF algorithm to Argon2id^1 which is much more robust against GPU-powered attacks compared to its counterpart.
So here’s the problem with iCloud Passwords by Apple.
As long as the url’s domain, username and password is the same, Apple treats it as the same credential. Even when they are different systems.
Then when you have OTP, it becomes like this.
How am I to know which OTP is for which system?
You can’t even split them.
#ProtonVPN is acting very strange, It works fine for a few hours (sometimes less) then start to put up #alerts; "Connection_Server" mostly?? Then it logs out and asks for my #password, That's always #rejected, Even after a #logout and #restart!?!? I've #reinstalled it multiple times and it keeps happening??!! Any ideas?? #protonvpn
Es ist wieder soweit und wie jedes Jahr am 1. Februar wird von vielen Seiten dazu aufgerufen, die Passwörter zu ändern. Ich sage: Lasst es. Dieses ständige Passwortändern bringt keinen messbaren Sicherheitsgewinn. Das Problem liegt ganz woanders. 👇
Hi, I've kind of stopped using kbin, the reason being that every time I go on this website, it asks me to relog in, even though I've selected remember me last time that I did log in....
My PhD thesis on the usability, security, and privacy of Risk-Based Authentication (RBA) is now published. For free, for everyone, as I believe that publicly funded research should be open to the public.
On 239 pages, you will learn how to strengthen password-based authentication with RBA while being privacy-enhanced and accepted by users.
PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.
Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.
OC Netflix Anti-Sharing in USA - It's Here
My family shares our Netflix account. We live in different states, but all in the United States....
FYI: ProtonPass on Mac/Safari (Apple Silicon) German
protonpass is available for a few weeks now and i really enjoy using it on my mobile devices and on firefox. there is no "official" app for mac and desktop safari yet (proton claims that they have to heavily rewrite the extension to make it work with safari) so i installed the ipad version on my m1 mini and it works - in a way....
Kbin not saving the account, asks me to relog in after little time
Hi, I've kind of stopped using kbin, the reason being that every time I go on this website, it asks me to relog in, even though I've selected remember me last time that I did log in....