|
Actually, on the same topic, I'm thinking of migrating from last pass to 1password, but using their cloud sync stuff + browser integration, since that's my big use case. Has anyone done an analysis of what they do, and how it compares to last pass?
|
# ¿ Jul 11, 2016 05:44 |
|
|
# ¿ Apr 26, 2024 06:45 |
|
Right, and that's why I'm asking about it. I don't have an interest in doing the syncing myself, I want them to do it and have everything magically work without effort or thought, even though I'm a team of one. Given that this is pretty close to LastPass, I thought I'd ask if anyone has reviewed this yet.
|
# ¿ Jul 11, 2016 13:53 |
|
flosofl posted:I haven't used the "Family/Teams" version, so I can't talk to using their own cloud service for synching. Unfortunately, this is basically what I want to know about. They're offering a service that's remarkably similar to LastPass, including a web based management of your password store. I just want to know if anyone has anything to say about it, since the thread (read: OSIBeanDip) is pretty set against Lastpass's implementation.
|
# ¿ Jul 11, 2016 16:58 |
|
Sorry that I'm late to the party with this one, butInternet Explorer posted:Sorry, I only store my hashed password database on an encrypted flash drive stuffed in my rectum that requires a specific sequence of hot peppers at random Scoville values to dislodge. Fart Knocking
|
# ¿ Dec 4, 2016 02:22 |
|
It helped me tremendously to learn that everything is garbage everywhere, it's just generally a matter of degrees. No matter where you go. Just because things are moving slowly doesn't mean that the problem is you.manchego posted:I don't want to be in a PM position and not know what the gently caress I'm talking about. PMs are supposed to lean on their SMEs to tell them what the gently caress is going on, don't think for a moment that this should hold you back if being a PM is your jam. Volmarias fucked around with this message at 02:53 on Feb 17, 2017 |
# ¿ Feb 17, 2017 02:51 |
|
Cup Runneth Over posted:"Change every password you have, starting with the most important ones, until you get bored" 0 passwords later "OK I guess I'm good to go! "
|
# ¿ Feb 24, 2017 21:10 |
|
Martytoof posted:How do you guys deal with "black box" products going into your environments that are really just Linux based appliances? Enforcing hardening standards seems unfeasible since you typically have no visibility into the inner workings of the solution but just trusting a vendor to harden the device seems like a foolish thing to do. I'm fairly sure if I go to a vendor and say "we need this hardened to CIS level 2" they'll just reply "nope" so all of a sudden I have to create exceptions for my own policies and hope to put enough compensating controls around the black box. I'm getting a headache trying to figure out what kinds of questions to even ask short of just asking vendors to describe the security of their appliance to me which will likely result in a boilerplate PDF with buzzwords. Just assume that it's a ticking time bomb that will never ever receive security updates.
|
# ¿ Mar 5, 2017 15:02 |
|
Absurd Alhazred posted:MD5 is deader than dead. Nice
|
# ¿ Mar 8, 2017 00:53 |
|
On the plus side, we've started to see some sites/apps have a checkbox for "show my password" Mostly, it's because doing that checkbox requires additional development time, while just doing <input type="password"> gives them the bullets for characters for free and they can get on with writing new features.
|
# ¿ Mar 8, 2017 15:15 |
|
There's interesting stuff, but nothing damaging or revealing as the NSA leaks, from what I understand.
|
# ¿ Mar 9, 2017 14:54 |
|
Email addresses aren't generally considered secret, so I'm not sure what you're protecting against, save for password reuse on other sites.
|
# ¿ Mar 11, 2017 02:37 |
|
Absurd Alhazred posted:LOL (, possibly) Context for those of us not Australian? Or is it just the funny goatse?
|
# ¿ Mar 15, 2017 03:39 |
|
Based on what I've seen before, I'd safely bet that the image attachment is solely to get around spam text scanning in low end anti spam endpoints. It's been around so long that I can't imagine it still working though. Just ignore them.
|
# ¿ Mar 19, 2017 00:59 |
|
Seriously, the answer here is to figure out the underlying issue and figure out if it's fixable. I guess it's also a question of how sensitive this info is vs how hard it is to actually fix the problem vs how important the one user here is.
|
# ¿ Mar 19, 2017 21:10 |
|
PBS posted:Trashed 1password, it butchered the import completely. Tested out the form fill and it doesn't even work on some popular sites I tried. (With new, non-butchered items) Pretty much this. It was garbage usability-wise last year when I tried it out. I'd be ecstatic if there was a competent password manager that wasn't itself insecure which was also as reasonable to use as lastpass is.
|
# ¿ Mar 22, 2017 03:22 |
|
Furism posted:It's something "I have" and is an extra layer of security from something "I know." My password doesn't have such a huge entropy (120 bits or so) because I need to type it regularly so it needs to be somewhat memorable. If I'm losing a device with the keepass database on it, and somehow it's found unlocked (I could get mugged, the laptop could be stolen while I'm working on it, who knows ; I do travel a lot for work so the chances of this happening are higher than the average), I don't want anyone to be able to brute force it. I feel that 2FA helps with this. If someone mugged you and stole your laptop, why wouldn't they take whatever hardware your 2nd factor is too? Will you be carrying it clenched tight between your paranoid cheeks? Who exactly is your adversary that's going to brute force your db password instead of immediately wiping and or flipping the laptop? In particular, who is doing so faster than you getting a backup copy and changing all of your passwords?
|
# ¿ Mar 22, 2017 13:25 |
|
Doug posted:This is a pretty good resource too if you want to learn crypto by breaking it: https://cryptopals.com/ Seconded, this was fun.
|
# ¿ Apr 19, 2017 13:51 |
|
You can roll your robots, just don't loving expose them to the internet.
|
# ¿ May 3, 2017 13:50 |
|
Thermopyle posted:I always wish I could talk to the people who implemented these stupid things and find out what the hell they were thinking. "We need to get this thing out yesterday and they're not paying us to do anything after it's feature complete" mostly
|
# ¿ May 11, 2017 18:23 |
|
Some amazing luck right there
|
# ¿ May 13, 2017 01:29 |
|
Cup Runneth Over posted:Yeah, but it's a good incentive. The computer still running XP for the X-Ray machine software is not getting updated to Windows 10 because now it's $0 instead of $100. It is not getting upgraded for any reason, unless the reason is "the manufacturer is giving us a free version of their newest software and sending a tech out gratis to handle the migration and also they're buying a new computer and also they're compensating us heavily for the cost of our machine being out of commission while they do it" Except the manufacturer went bust 10 years ago so that's never even a theoretical Volmarias fucked around with this message at 12:57 on May 13, 2017 |
# ¿ May 13, 2017 12:55 |
|
Martytoof posted:https://www.theregister.co.uk/2017/06/12/tata_bank_code_github/ Could have stopped at "Tata"
|
# ¿ Jun 12, 2017 23:52 |
|
Furism posted:yeah I think Druva's side isn't super fast) and now IT tells me to store the files somewhere like C:\firmwares. I'm fairly sure that's against some recommended best practice from Microsoft and that the only place we should put files on a Windows systems is under C:\Users\<myUser>\. If you are asking from the "will this break anything" side, it's totally fine to place your files under some random root directory. If you're used to Linux et all, Windows basically mounts the hard disk whole, excepting some boot data that is totally transparent to the end user. While programs SHOULD look in the user's home directory, there's no need for them to do so. If this is a laptop that only you will use, there aren't permissions concerns to worry about here. From a "is this a nice thing to do" perspective it's a little gross but still very much the norm in many places.
|
# ¿ Jul 11, 2017 13:41 |
|
It definitely would be nice if the source code was provided under a non commercial license of some kind solely for archivists.
|
# ¿ Aug 4, 2017 22:57 |
|
Boris Galerkin posted:What do I need to do to take care of my poo poo in light of this new breach? Freeze your credit if you haven't already, and pray that TransUnion and Experian handle their pins better.
|
# ¿ Sep 10, 2017 16:24 |
|
Thanks Ants posted:Always. While I want to give them poo poo, i know that this position is probably born of people using some sort of goofy and slow network storage over a lovely remote connection causing the file to be half written when the user closes the lid on their laptop, causing a VERY MYSTERIOUS case of data loss that must be Adobe's fault.
|
# ¿ Sep 23, 2017 03:54 |
|
Subjunctive posted:2 Fuckup Authentication
|
# ¿ Sep 26, 2017 14:10 |
|
Subjunctive posted:2 Fuckup Authentication
|
# ¿ Sep 26, 2017 14:14 |
|
... That was not intentional, but drat if it didn't make it funnier.
|
# ¿ Sep 26, 2017 16:01 |
|
fyallm posted:Hahaha Deloitte ... What.. The... gently caress.. Looking forward to the total lack of effective repercussions
|
# ¿ Sep 26, 2017 17:26 |
|
Absurd Alhazred posted:If Deloitte isn't penny-stock by next week, I'm going to be very disappointed in the Invisible Hand of the Market. Better prepare your pity party, the market has shown that it doesn't care about massive security breaches.
|
# ¿ Sep 27, 2017 14:36 |
|
Furism posted:To log into my bank I need to use my customer number and a 6 digits PIN. So, okay, they log you out after 5 attempts, but to reset the PIN they send you a snail mail. If anybody determined knows where I live it'd be trivial to steal it. Mailing you the new PIN sounds perfectly reasonable, since the alternative is "what's your mother's maiden name" or "what color was your first car". You're right that it's vulnerable to Steve Down The Street taking the letter, but that's orders of magnitude less likely than the typical attack scenario of Uri From The Ukraine.
|
# ¿ Sep 30, 2017 14:55 |
|
Furism posted:Analog APT. Advanced Postal Threat Guy Axlerod posted:Sign up for informed delivery: https://informeddelivery.usps.com/box/pages/intro/start.action Sweet, full color scans of the local circulars that get shoved into my mailbox. Let me know when I can pay money to have the garbage not delivered TO my home.
|
# ¿ Oct 1, 2017 18:55 |
|
Guy Axlerod posted:Yeah, just the FINAL NOTICE letters from "Car Warranty" companies. The W2, replacement bank cards, and DMV stuff is good though. This. Everything important is on autopilot and the bills come by email. I'd be delighted if there was a way to be notified if an actually important piece of mail came, but there typically never is, outside of W2s and replacement CCs. I can basically just bring in the I'd really, genuinely be far more excited and willing to pay money for a system that allowed the junk mail to never reach me in the first place. Volmarias fucked around with this message at 21:23 on Oct 1, 2017 |
# ¿ Oct 1, 2017 21:21 |
|
And then marketing and product make angry screeches about how many steps it takes to sign up and why are you making this so difficult??? So you just give in and resign yourself to a "verified" flow happening after account creation.
|
# ¿ Oct 7, 2017 21:43 |
|
It's still pretty awful. Even if you have "identity theft target DO NOT CHANGE ACCOUNT OVER PHONE" and you tell them to require you to say a password, they'll still assign your number to another sim if someone sweet talks them enough. This happened to a co-worker a year ago or so, and the most he got out of them was "oh, oops.". It's perfectly understandable on their end because there's no actual ramifications for them if you can't realistically change networks because only one has adequate coverage of your area. That said, it's better than nothing, especially for users that don't use password managers, but only barely.
|
# ¿ Oct 8, 2017 13:17 |
|
Furism posted:Why do you guys say "push 1TB" when you mean "pull"? Sometimes when we want to move the big crate of data it doesn't have straps or handles, so we sort of have to shove it and push it to get it over there instead of being able to pull it. That's just how bandwidth works
|
# ¿ Oct 19, 2017 13:45 |
|
The fact that they're using IDA at all puts them light years ahead of the rest of the industry as far as representing computer things goes, where this is common: https://www.youtube.com/watch?v=u8qgehH3kEQ
|
# ¿ Oct 22, 2017 04:44 |
|
|
# ¿ Apr 26, 2024 06:45 |
|
I'm curious: who's requesting the service from you? The person whose credit is being pulled, or an agent acting on their behalf (finance person at a store, etc)? Is this some sort of credit escrow service where you can "prove" to an interested party that you'll be a good risk without having to give them more intimate details? I'm basically curious how the password even helps here, since you'd be using the service so infrequently that you're almost guaranteeing any repeat visits involve a password recovery flow and what are you using for THAT?
|
# ¿ Oct 25, 2017 00:50 |