"A year after the disastrous breach, LastPass has not improved"

https://palant.info/2023/09/05/a-year-after-the-disastrous-breach-lastpass-has-not-improved/

#security #infosec #lastpass #passwordmanagers

@roywig @thatandromeda @leak it is "good enough", cuz we ain't 15 years ago where eberything needed archaic commands.

#Thunderbird integrates #OpenPGP / #GnuPG out of the box for some time.
#Gaijim & #MonoclesChat do support #XMPP - #OMEMO and #PasswordManagers like #Enpass are so easy, it literally took me 5 minutes to explain the use and setup a complete #Noob in it.

People aren't stupid, they are lazy and get groomed into being #TechIlliterate #Consoomers...

That is the problem!

@leak that's what #PasswordManagers are for...

@bitwarden Not until your programmers solve this problem that other #passwordmanagers seem to have solved:
Rather than autofill, BW mobile app requires a second unnecessary authentication.

Kotaku: The Password Game Is A Perfect Recreation Of An Online Disaster https://kotaku.com/password-game-google-chrome-neal-app-browser-captcha-1850589646 #gaming #tech #kotaku #cryptographicsoftware #technologyinternet #passwordmanagers #portablesoftware #passwordstrength #nealagarwal #password #security #google #enpass #pass

@ShadSterling @nzakas well, I just block all but whitelisted Cookies and JS.

And Yes, #Cryptojacking is a problem in general...

Needless to say users can't be made liable for shitty #ITsec of the company who's website they log in.

Point is: #PasswordManagers are the most secure option - period.

@nzakas it's an #AntiSecurity-Feature since it prevents people from using #PasswordManagers, resulting in weaker Passwords like:

Idonthavetimef0rthis$it!

instead of some solid password generated with cryptographic randomness...

Like a 128-digit password...
https://github.com/kkarhan/misc-scripts/blob/260f087c8337417c69f94787358abf4faf5090f9/bash/.bash_aliases

You should be backing up your password manager

It's a bad idea to entirely rely on the company hosting your password manager to back up your data.

https://blog.kamens.us/2023/06/26/you-should-be-backing-up-your-password-manager/

#ComputerSecurity #Computers #FreeSoftware #InformationSecurity #infosec #PasswordManagers

@secbox Typical spreadsheet applications are NOT made for handling secrets, and there's a good chance that they'll litter plaintext temporary copies all over the place.

If you want to keep the TOTP secrets separate from your other account details, then at least use something that is designed and intended to handle secrets. I think most #PasswordManagers can store #TOTP secrets, for example. Put them in a separate vault/file/database/refrigerator if you want & put a solid passphrase on that one.

@kura once should be enough.

People should use #PasswordManagers anyway...

@zens
And worst of all:

- Ableist #captchas and preventing the use of #PasswordManagers is the biggest asshole move one can do - aside from preventing non-#JavaScript use in #Screenreader-#Browsers like #Lynx and

# Don't block or discriminate against @torproject users at all. If you want them to securely connect to your site [i.e. for logins], make an #OnionService where every user will have their own & unique #circuit at runtime!

"In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running."

https://github.com/vdohney/keepass-password-dumper

KeePassXC (while the name is similar) is a different product, and doesn't seem to be affected.

#security #keepass #infosec #passwordmanagers

I #hacked the #CAD file for the #Signet #PCB. If I did it right, it means I will be able to build #hardware #PasswordManagers using components that are actually available once I get the new boards.

Of course, not wanting anything to go to waste, I'm still planning on sourcing the elusive voltage regulators to build out the boards I have now.

I'm going to order some new boards this week. Exciting progress (assuming I didn't mess anything up).

"KeePassXC Audit Report"

https://keepassxc.org/blog/2023-04-15-audit-report/

#security #passwordmanagers #keepassxc

@kubikpixel @Stark9837 #Encrypting #passwords doesn't get better because you use a library someone else has written to implement the #encryption.

Salted slow #hashing for passwords, yes. (Again, with the exception of #PasswordManagers where passwords really need to be stored securely in a reversible fashion.) But then you still aren't doing #encryption, you're doing #hashing, which was the point of my previous post.

@Stark9837 Passwords should never be stored encrypted. (The one exception being #PasswordManagers.) There is no legitimate reason to store passwords encrypted. Any service which encrypts, rather than hashes, #passwords should be treated as highly suspect.

I know a lot of people don't know the difference, but there is a HUGE one.

#Encryption is by definition reversible.

#Hashing is irreversible (if done right).

That said, I absolutely agree that every #password should be random and unique.

There are several good options. I strongly recommend one that doesn't backup or store anything in the cloud and that also syncs between your devices.

https://www.wired.com/story/best-password-managers/
#Apps #Programs #PasswordManagers #Security #Technology

Need a password manager? Check out these five that were reviewed by Wired Security..

#Security #PasswordManagers #Wired

https://www.wired.com/story/best-password-managers/

Hackers can steal your username and password for a website using an embedded iframe - Bitwarden elected not to address the issue #PasswordManagers https://www.techspot.com/news/97951-bitwarden-password-manager-browser-extension-has-known-exploit.html

"Boosting password security! Pwned Passwords, zxcvbn, and more!"

https://scotthelme.co.uk/boosting-account-security-pwned-passwords-and-zxcvbn/

#security #passwords #passwordmanagers