spraci.info

Search

Items tagged with: passwords

Secure Quick Reliable Login

A highly secure, comprehensive, easy-to-use replacement for usernames, passwords, reminders, one-time-code authenticators . . . and everything else.

https://grc.com/sqrl/sqrl.html

#privacy #security #encryption #passwords #OTP #technology #logins #usernames #authentication #websites
 
Image/photo
I have a friend with a severe password problem. She could use this.

I love, love my mSecure app.

#passwords #humor
 

#Mixcloud data #breach exposes over 20 million user records


Source: https://techcrunch.com/2019/11/29/mixcloud-data-breach/
The data contained usernames, #email addresses, and #passwords that appear to be scrambled with the SHA-2 algorithm, making the passwords near impossible to unscramble. The data also contained account sign-up dates and the last-login date. It also included the country from which the user signed up, their internet (IP) address, and links to profile photos.
#leak #security #privacy #internet #darknet #news
Mixcloud data breach exposes over 20 million user records
 
Generate random #passwords with this #Bash script
 

Is #BlueMail really spying?


https://benbloggt.wordpress.com/2018/03/11/is-blue-mail-really-spying/
Summary

Blue Mail is sending email creditals to its own servers. Period. No discussion. You have a #security breach. The mail account is compromised. Mike Kuketz is right. The reports are true. You must change #passwords. You must uninstall Blue Mail. You must find another mail client.
#privacy, #freesoftware,
 
How to create strong #passwords
https://blog.mozilla.org/firefox/how-to-create-strong-passwords/ #security
How to create strong passwords
 

Mouse Jacking! God-damn computers!


So after hearing the latest episode of the Hackable podcast I want only wired computer-mice! Check the MouseJack site to see if your #Bluetooth #Mouse is an #AttackSurface giving out your #Google stored #PASSWORDS!!!
Wireless Mouse Hacks & Network Security Protection | Mousejack
 

When a Company Asks You to Reset Your Password, Should You Be Worried? It Depends...


As internet security reporter Brian Krebs points out in a recent blog post, a company asking you to change your password doesn’t necessarily mean your account has been specifically targeted, nor that your data was seized by hackers due to poor security measures. It may simply be a proactive measure on behalf of the company to help you maintain the security of your account.

Large companies actively cross-check their hashed user data — like your secure password — by using these same hashing mechanisms to convert plaintext passwords found in various data breaches. If these hashed passwords match up against the hashed data already found in the company’s database for a user, that person is asked to update their password.

So this may be a good proactive measure, unlike unrecognised attempts or a lock-out, but the ability to compare your password in this fashion also usually means your service provider can easily also reset your password to gain access to yo... Show more...
 
Currently the main part of #Abuse emails for the #Tor exit is related to #SSH #bruteforce.

Don't do that and more importantly do not use insecure #passwords, use passwords together with two factor auth. or do not use passwords but keys!
 

9 Open Source Password Managers to Secure Yourself With


People use password managers so that they don’t have to remember all the usernames/passwords of the websites they visit. Instead, they can just remember 1 password, and then access all the other passwords whenever they need. In addition to that, this allows you as a user to increase the length and the complexity of the passwords you use, because now, you no longer have to remember them, so you can make your Facebook’s password something like 21#^#Y3#^2h281+_0H^I@F!##YU&^ with no problem.

Also, some password managers offer other features that you can use. E.g: Auto-fill (automatically fill the passwords when you open the URL in your browser), synchronization between devices, team storage (sharing passwords between multiple people), smartphone integration, various types & tools of encryption, emergency codes.. And so on.

Traditionally, there are many closed-source proprietary password managers, and there are those which are open source.

It is good to see some newer password mana... Show more...
 

Password expiration is dead, long live your passwords - Let your sys admin know in case they are not up to date


May was a momentous month, which marked a victory for sanity and pragmatism over irrational paranoia. I’m talking about Microsoft finally — finally! but credit to them for doing this nonetheless! — removing the password expiration policies from their Windows 10 security baseline.

To quote Microsoft:

"Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives … If a password is never stolen, there’s no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem."

"…If an organization has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic passwo... Show more...
 

Microsoft realizes password expiration is poor security - They are not the first to realise this but I wish the myth of mandatory password expiry would just die


Thinking of a secure password is hard, so demanding a user change it every 60 days fills many with dread and leads to weaker security. Microsoft has realized this and decided to remove default password expiry as a security baseline feature in Windows 10.

Microsoft explains in its latest draft security baseline for Windows that, "When humans are forced to change their passwords, too often they'll make a small and predictable alteration to their existing passwords, and/or forget their new passwords ... Periodic password expiration is a defense only against the probability that a password (or hash) will be stolen during its validity interval and will be used by an unauthorized entity. If a password is never stolen, there's no need to expire it."

Microsoft also points out that if a password is stolen, the thief has up to 60 days to use it based on this expiration policy, which is ample time to gain entry... Show more...
 

The Mathematics of (Hacking) Passwords - Scientific American


A very long read, but one that everyone who uses passwords on any device should read, study, and understand.




#security #passwords #encrypt #decrypt #hacking #mathematics #infosec
 

Elsevier Left Users’ Passwords Exposed Online


Due a to a misconfigured server, a researcher found a constant stream of Elsevier users’ passwords.
Article word count: 346

HN Discussion: https://news.ycombinator.com/item?id=19423770
Posted by markovbot (karma: 844)
Post stats: Points: 136 - Comments: 29 - 2019-03-18T18:35:25Z

\#HackerNews #elsevier #exposed #left #online #... Show more...
 

I was aware that the good practice is to store them securely, but the task didn’t mention anything about that


Interesting study about #security in storing #passwords
 

Good article about password manager's memory handling


You can read how KeePassXC handles data in memory

https://keepassxc.org/blog/2019-02-21-memory-security/

#security #passwords #passwordmanagers
 

Big security flaws found in popular password managers 1Password, Dashlane, KeePass, and LastPass - But open source KeePass may be least affected


A report by the Independent Security Evaluators (ISE) shows that many popular password managers store their master passwords in plain text, potentially exposing users’ data to hackers.

The ISE tested 1Password, Dashlane, KeePass, and LastPass on Windows, and found that all of these apps “fail in implementing proper secrets sanitisation”.

See https://mybroadband.co.za/news/security/296572-big-security-flaws-found-in-popular-password-managers.html but also click through to the actual report which shares the details of this test along with a summary near the bottom and it is interesting to note that open source KeePass has the least red blocks. These may be potential vulnerabilities but in the real world these are still by far your best protection.

#passwords #passwordmanager#1Password #Dashlane #KeePass #LastPass #passwordmanagers #passwordsecurity #Security
Big security flaws found in popular password managers
 
Big security flaws found in popular password managers 1Password, Dashlane, KeePass, and LastPass - But open source KeePass may be least affected

A report by the Independent Security Evaluators (ISE) shows that many popular password managers store their master passwords in plain text, potentially exposing users’ data to hackers.

The ISE tested 1Password, Dashlane, KeePass, and LastPass on Windows, and found that all of these apps “fail in implementing proper secrets sanitisation”.

See https://mybroadband.co.za/news/security/296572-big-security-flaws-found-in-popular-password-managers.html but also click through to the actual report which shares the details of this test along with a summary near the bottom and it is interesting to note that open source KeePass has the least red blocks. These may be potential vulnerabilities but in the real world, these are still by far your best protection.

#passwords #passwordmanager
Big security flaws found in popular password managers
 
\https://plus.google.com/+DanievanderMerwe/posts/A7nTXkaqK1K

Big security flaws found in popular password managers 1Password, Dashlane, KeePass, and LastPass - But open source KeePass may be least affected

A report by the Independent Security Evaluators (ISE) shows that many popular password managers store their master passwords in plain text, potentially exposing users’ data to hackers.

The ISE tested 1Password, Dashlane, KeePass, and LastPass on Windows, and found that all of these apps “fail in implementing proper secrets sanitisation”.

See https://mybroadband.co.za/news/security/296572-big-security-flaws-found-in-popular-password-managers.html but also click through to the actual report which shares the details of this test along with a summary near the bottom and it is interesting to note that o... Show more...
 
770 #Million #Email #Addresses, 22 Million #Passwords #Found On #Popular #Hacking #Site



Possibly the largest collection of email addresses and passwords ever posted has been found on a popular hacking site. Change your passwords now!
https://interestingengineering.com/770-million-email-addresses-22-million-passwords-found-on-popular-hacking-site
 

Buttercup is a free and open source cross-platform password manager that syncs to your own shared storage services


Manage your online identities and credentials with Buttercup: An open-source, free and secure credentials manager. Buttercup uses the strongest industry techniques to encrypt and store your details in a variety of locations of your choosing. Use Dropbox, ownCloud, Nextcloud or a WebDAV connection to remotely host your archive for high accessibility. You can also connect local files when using the Desktop application.

Buttercup's browser extension (Firefox and Chrome) allows you to easily log in to all of your online profiles and sites, is extremely secure, is easy to use and completely free of charge. We collect no data about you or any activities you perform. Keep your master password safe as it is the only way to open your archive and access your credentials.

There are also mobile apps for iOS and Android so it certainly seems to hit all the right notes and could be well worth trying. They have covered using multiple own hosted sharing locatio... Show more...
 
Buttercup is a free and open source cross-platform password manager that syncs to your own shared storage services

Manage your online identities and credentials with Buttercup: An open-source, free and secure credentials manager. Buttercup uses the strongest industry techniques to encrypt and store your details in a variety of locations of your choosing. Use Dropbox, ownCloud, Nextcloud or a WebDAV connection to remotely host your archive for high accessibility. You can also connect local files when using the Desktop application.

Buttercup's browser extension (Firefox and Chrome) allows you to easily log in to all of your online profiles and sites, is extremely secure, is easy to use and completely free of charge. We collect no data about you or any activities you perform. Keep your master password safe as it is the only way to open your archive and access your credentials.

There are also mobile apps for iOS and Android so it certainly seems to hit all the right notes and could be well worth trying. They have covered using multiple own hosted sha... Show more...
 
\https://plus.google.com/+DanievanderMerwe/posts/6E1DcGkWY72

Buttercup is a free and open source cross-platform password manager that syncs to your own shared storage services

Manage your online identities and credentials with Buttercup: An open-source, free and secure credentials manager. Buttercup uses the strongest industry techniques to encrypt and store your details in a variety of locations of your choosing. Use Dropbox, ownCloud, Nextcloud or a WebDAV connection to remotely host your archive for high accessibility. You can also connect local files when using the Desktop application.

Buttercup's browser extension (Firefox and Chrome) allows you to easily log in to all of your online profiles and sites, is extremely secure, is easy to use and completely free of charge. We collect no data about you or any activities you perform. Keep your master password safe as it is the only way to open your archive and access your credentials.

There are also mo... Show more...
 

Terrible Passwords, Password Security, and Protecting Your Online Account


#account #hash(0x26a43c8) #hash(0x26a4488) #hash(0x26a4548) #hash(0x26a4608) #hash(0x28794a0) #hash(0x2879560) #hash(0x2879620) #... Show more...
 
- #Memorizing #passwords with #Anki & #1Password


Recently, I started using Anki, a spaced repetition scheduler1, a lot to learn French using the Fluent Forever method, and while there have been setbacks, it’s been a pretty great experience overall. It seems to be super useful for memorizing and retaining all sorts of information! Since I have to memorize all sorts of passwords (phone unlock code, laptop login password, gym locker combination), why not use 1Password to help me retain them?
https://boinkor.net/2018/11/memorizing-passwords-with-anki-1password/
 
The #Worst #Passwords of #2018: Is it #Time to #Change Yours?


You should definitely change your password, if you find it on this list of the most unsecure for 2018.
https://interestingengineering.com/the-worst-passwords-of-2018-is-it-time-to-change-yours
 

GDPR in practice – chat app fined for plaintext passwords


PLAIN TEXT passwords showed up on file-hosting site
Article word count: 254

HN Discussion: https://news.ycombinator.com/item?id=18531588
Posted by marcus_holmes (karma: 2412)
Post stats: Points: 93 - Comments: 74 - 2018-11-26T06:43:23Z

\#HackerNews #app #chat #fined #for #gdpr #... Show more...
 

Login_duress: A BSD authentication module for duress passwords


A BSD authentication module for duress passwords. Contribute to jcs/login_duress development by creating an account on GitHub.
Article word count: 43

HN Discussion: https://news.ycombinator.com/item?id=18153862
Posted by djsumdog (karma: 14059)
Post stats: Points: 100 - Comments: 44 - 2018-10-06T06:35:13Z

\#HackerNews #authentication #bsd #duress #for #login duress #module #passwords
Article content:

Image/photo

You can’t perform that action at this time.

You signed in with another tab or window. [1]Reload to refresh your session. You signed out in another tab or window. [2]Reload to refresh your session.

Press h to open a hovercard with more details.

References

Visible links
1. file:///dev/
2. file:///dev/

HackerNewsBot debug: Calculated post rank: 81 - Loop: 283 - Rank min: 80 - Author rank: 42
 
- #MasterPassword Is A #Password #Manager #Alternative That Doesn't #Store #Passwords
Image/photo
Master Password is a different way of using passwords. Instead of the "know one password, save all others somewhere" way of managing passwords used by regular password managers, Master Password's approach is "know one password, generate all the others".
https://www.linuxuprising.com/2018/09/master-password-is-password-manager.html
 

Cisco Removes Backdoor Account, Fourth in the Last Four Months


For the fourth time in as many months, Cisco has removed hardcoded credentials that were left inside one of its products, which an attacker could have exploited to gain access to devices and inherently to customer networks.

This time around, the hardcoded password was found in Cisco’s Wide Area Application Services (WAAS), which is a software package that runs on Cisco hardware that can optimize WAN traffic management.

Making matters worse, this SNMP community string is hidden from device owners, even from the ones with an admin account, meaning they couldn't have located it on their own during regular security audits. "This string can not be discovered or disabled without access to the root filesystem, which regular administrative users do not have under normal circumstances," Blair says.

But while it took Blair root access to spot the hidden SNMP creds, they don't require root access to be exploited, and anyone knowing the string can retrieve stats and system info from affected dev... Show more...
 
Another Day Another Hack

Hacked: 92 Million Account Details for DNA Testing Service #MyHeritage


On Monday #MyHeritage announced a security researcher had uncovered tens of millions of account details for recent #customers, including #email #addresses and hashed #passwords.

"Don't give your #DNA to a company"

https://motherboard.vice.com/en_us/article/vbqyvx/myheritage-hacked-data-breach-92-million

#vice #motherboard #hacking #privacy #security
 
Later posts Earlier posts