@h4ckernews@mastodon.social avatar h4ckernews Bot , to random
@h4ckernews@mastodon.social avatar h4ckernews Bot , to random
CodyIwatzky OP , to Technology in LibreWolf remains AI-free!
@CodyIwatzky@lemmy.cafe avatar

How about using a password manager? I think KeePassXC is useful with its keyboard shortcuts.

Password managers
We suggest that you use a more robust solution than the built-in password manager available in the browser:

  • Bitwarden: open source password manager that allows for synchronization across multiple devices.
  • KeePassXC-Browser: official browser plugin for the open source password manager KeePassXC.

Recommended Addons – LibreWolf
https://librewolf.net/docs/addons/#password-managers

CodyIwatzky OP , to Librewolf in LibreWolf remains AI-free!
@CodyIwatzky@lemmy.cafe avatar

LibreWolf is based on Firefox, so all of Firefox add-ons work properly. Also, Bitwarden is even recommended by the developers.

Password managers
We suggest that you use a more robust solution than the built-in password manager available in the browser:

  • Bitwarden: open source password manager that allows for synchronization across multiple devices.
  • KeePassXC-Browser: official browser plugin for the open source password manager KeePassXC.

Recommended Addons – LibreWolf
https://librewolf.net/docs/addons/#password-managers

@d4nyl0@mastodon.uno avatar d4nyl0 , to random Italian
@h4ckernews@mastodon.social avatar h4ckernews Bot , to random
@h4ckernews@mastodon.social avatar h4ckernews Bot , to random
@jgobble@mastodon.social avatar jgobble , to random

Oh, yeah! got hacked!

They SAY passwords were hashed, but PLEASE your plex and force a sign-out on ALL devices using their interface as follows:

When doing so, there's a checkbox to "Sign out connected devices after password change," which we recommend you enable.

Irritating...especially cos they don't say WHEN this happened!

@lisamelton @briankrebs

@janbartosik@witter.cz avatar janbartosik , to random

While I appreciate the requirements, I admit to being at a loss atm.
So is my @bitwarden 😅

password web prompt
ALT
@dumbpasswordrules@infosec.exchange avatar dumbpasswordrules Bot , to random

This dumb password rule is from HM Revenue & Customs (UK Tax).

We store basically all of your data, but we can't store your password.

https://dumbpasswordrules.com/sites/hm-revenue-and-customs-uk-tax/

@dumbpasswordrules@infosec.exchange avatar dumbpasswordrules Bot , to random

This dumb password rule is from WeatherBug.

Maximum 16 characters.

https://dumbpasswordrules.com/sites/weatherbug/

@tuxedocomputers@linuxrocks.online avatar tuxedocomputers , to random

An ideal password should be at least 14 characters long and contain letters, numbers, and special characters to render dictionary attacks ineffective. Not sure how to generate such passwords?

Most password managers can help you create secure passwords based on your preferences.

@scottwilson@infosec.exchange avatar scottwilson , to random

“Passkeys for Normal People” by @troyhunt is a good article if you’re looking to better understand and how they are set up, managed, and used.

https://www.troyhunt.com/passkeys-for-normal-people/

@TechDesk@flipboard.social avatar TechDesk , to random

Password managers are one of the most effective ways of securely storing passwords for multiple sites and platforms, but a new report tells us that cybercriminals are increasingly targeting them in their attacks.
@DigitalTrends has the details:

https://flip.it/j7LgOK

@nat@partyon.xyz avatar nat , to random

Vanessa O @DreamsSarcastic Hacker: I have all your passwords Me: OMG thank you what are they
ALT
AnarchistArtificer , to Mildly Infuriating in The Automated Bot of Experian support phone line, refuses to let me talk to a real person... 🤬

It sounds like you have this sorted now, but I will share my tip anyway.

My master password was a randomly generated pass phrase of a few words, such as what you can generate with Bitwarden's password generator set to "passphrase"

Using an example I've just generated with that tool, if I had decided on a master password of "Daily-Exorcist-Nappy-Cornmeal", then I would generate a few more passwords and write those down too. So I'd have a list that might look like this:

snowman

daily

uncanny

backer

exorcist

thinner

showoff

nappy

cornmeal

nifty

(I have bolded the words belonging to the actual master password from my example above, but obviously that's not how it'd be written down. To remember that the passphrase has the words separated by hyphens, you could draw dashed lines around the list, like a decorative border. Here, I have also written words all in lowercase, even though the password has uppercase. (Though I would advise keeping the passphrase in the correct order, as I have in this example, because it's easy to pick out the correct four words from a list like this, but harder to remember the right order for them).

I don't have a safe either, but writing things down like this felt like a sufficient level of security against snooping family and the like. Though like I say, it seems like you've resolved this differently, so this is more for others who may stumble across this than for you.

I agree with you that the emergency access feature is great. A couple of years ago, my best friend died and I ended up being a sort of "digital steward" of all his stuff, because I was his tech guy and he had shitty passwords that I couldn't convince him to change. In the end, his laziness meant we got to preserve some digital mementos that would otherwise be lost (such as his favourite decks on Magic:Arena). At the time, I was using a personal system to generate and remember passwords, and I was shaken to consider how much would be lost if I died. I feel far more at ease now with the Emergency Access feature from Bitwarden Premium (I also like being able to use Bitwarden for 2FA codes). I'm sorry that you had the unfortunate experience of being locked out of your stuff, but I'm glad you were able to secure yourself such that you're protected from that in future.

@Tutanota@mastodon.social avatar Tutanota , to random

🥳 NIST is making updates to their standards:
https://pages.nist.gov/800-63-4/sp800-63b.html#password

Goodbye unnecessary rotations & hello longer maximum password length! (Fun fact: Tuta has no password length limits 😎)

What do you think of these changes? How do you create your passwords securely?

A guide from Hive Systems visualizing the time required to brute force a password in 2024.
ALT
@alternativeto@mas.to avatar alternativeto , to random

🔐 @protonprivacy 's password manager, Proton Pass, now features Secure Links for securely sharing items with anyone, using end-to-end encryption. Initially available to Visionary and Lifetime plan holders, it will soon be accessible to all paid users.
https://alternativeto.net/news/2024/7/proton-pass-introduces-secure-links-for-sharing-sensitive-data-with-end-to-end-encryption/

@ChallengeApathy@infosec.exchange avatar ChallengeApathy , to random

When @protonprivacy calls Proton Pass an "identity manager", they're not kidding. It's more than just a password manager, it really does let you easily manage your digital IDs online.

Proton Pass continues to get better and better, to the point where I genuinely can't see myself using any other password manager. I still keep an offline, duplicate backup in KeePassXC (with more sensitive logins exclusive to that) just to have, but for almost everything else, Proton Pass is more than enough and it makes it a breeze to keep accounts secure.

@schizanon@mastodon.social avatar schizanon , to random

PassKeys seem like a bad idea. Google backs them up to the cloud, so if your Google account is compromised then all your private keys are compromised. I don't see how that's an improvement over password+2FA at all.

Now security keys I get; keep the private key on an airgapped device. That's good. Hell I even keep my 2FA-OTP salts on a YubiKey.

firefly ,
@firefly@neon.nightbulb.net avatar

Structural security trumps computational security ... or ...
Diffuse structural security trumps amalgamated computational security ...
All your big, strong passkeys in one basket is less secure than your passwords in many individual baskets ...
Trying to explain this to tech bros can resemble pushing a wagon uphill ...
Because they want to sell something, logic is not paramount.

See here:

https://www.metzdowd.com/pipermail/cryptography/2023-September/038186.html

"A password in my brain is generally safer than an app or SMS stream that can be compromised. Although a passphrase may in some cases not be computationally more secure than a token mechanism or two-factor sytem, the simple passphrase is often structurally more secure because that passphrase only links to and exposes one service target."

and here:

https://www.metzdowd.com/pipermail/cryptography/2023-September/038188.html

"I like to compare it to having one basket of eggs in one spot, and many baskets of eggs in many places. If your one basket of eggs has the master key to all the other stronger keys, is it easier to get the one basket, or the many baskets with weaker keys? So in this scenario cipher strength is not the most important factor for security. With a single basket one fox or pick-pocket or one search warrant can own all of your eggs for all your services."