Holy crap this is a bad idea. Hacker gets one password then the have access to all your stuffs.
And don't try something cute like
Passwd1
Passwd2
Passwd3
Because if the figure out passwd1 it's trivial to try your other accounts with
Passwd(1-0)
-
Be sure to read this post! Beware of scammers. https://www.indianagunowners.com/threads/classifieds-new-online-payment-guidelines-rules-paypal-venmo-zelle-etc.511734/
What password manager are you using?
- Thread starter Tactically Fat
- Start date
The #1 community for Gun Owners in Indiana
Member Benefits:
Fewer Ads! Discuss all aspects of firearm ownership Discuss anti-gun legislation Buy, sell, and trade in the classified section Chat with Local gun shops, ranges, trainers & other businesses Discover free outdoor shooting areas View up to date on firearm-related events Share photos & video with other members ...and so much more!
Member Benefits:
And don't try something cute like
Passwd1
Passwd2
Passwd3
Because if the figure out passwd1 it's trivial to try your other accounts with
Passwd(1-0)
Agreed 100%. One of the main benefits of using a vault is to also as randomly as possible generate passwords that are unique from one another for anything you care about. You don't have to do this, but definitely a big benefit. Also if at all possible and the resource you are accessing offers it, use Multi Factor Authentication (MFA), and preferably with an MFA app, etc and not SMS if you can.
If you reuse the same password everywhere or lots of places or use common words, etc it's subject to the lowest common denominator of sites you are accessing, and if common words, subject to password spray attacks.
That is true with a password vault, one pw unlocks them all. Of course that is the one pw that is never written down.
Food for thought:
Since I am not a programmer (just a sysadmin), I don't even trust open source apps with critical data much of the time. How to tell those apps that auto-fill keep the passwords secure and aren't "leaking" them to somewhere, esp. on a mobile device.
Most folks are way too trusting of our modern software infrastructure. I won't use my phone for any financial transactions, not enough trust in the platforms since there are apparently many entities that can jailbreak/decrypt phones, even the latest IOS (i.e. Cellbright).
While it may be convenient, I only do important things on my desktop running behind several firewalls with rootkit scanning/prevention software, anti-virus, and tamper prevention programs like tripwire.
It may all be no more than "feel good" measures, but I am more confident I am at least doing my best at keeping my private matters private when there are so many nation-states constantly hacking things.
Also, remember to backup everything you want to keep. If I were to get hit with ransomware right now, it would only be a minor inconvience for me since I keep all important data backed up offline, f**k the cloud, dumbest idea ever foisted on the consumers.
I also make up fake answers to the password recovery personal questions so even if I were thoroughly researched/investigated, they'd never figure out my actual answers.
Most folks are way too trusting of our modern software infrastructure. I won't use my phone for any financial transactions, not enough trust in the platforms since there are apparently many entities that can jailbreak/decrypt phones, even the latest IOS (i.e. Cellbright).
While it may be convenient, I only do important things on my desktop running behind several firewalls with rootkit scanning/prevention software, anti-virus, and tamper prevention programs like tripwire.
It may all be no more than "feel good" measures, but I am more confident I am at least doing my best at keeping my private matters private when there are so many nation-states constantly hacking things.
Also, remember to backup everything you want to keep. If I were to get hit with ransomware right now, it would only be a minor inconvience for me since I keep all important data backed up offline, f**k the cloud, dumbest idea ever foisted on the consumers.
I also make up fake answers to the password recovery personal questions so even if I were thoroughly researched/investigated, they'd never figure out my actual answers.
But you gotta get that vault...
And those vaults tend to be very secure as that's their job. There's plenty of times that a sysadmin for a serious place used the same password in a generic forum (e.g. INGO)...
Now the hacker merely has to break into INGO rather than the much more secure site.
There was a very high profile XBox dev hack like this many years ago using this exploit.
I like b-folders. I have had it for years so newer options are likely available but last I checked it doesn't play well with apple products. For desktop and android access it is great. NO offsite cloud, or any reason to be on a network. Phone app used all the time, sync with my laptop whenever I think about it as a backup.
Ok I looked at the app settings for the first time in years, current version has finger print unlock security option, self destruct after so many attempts option and other things I was unaware of.
I use it as a glorified note organizer that's behind a password wall. Over 100 entries, about 75% are actually un/passwords.
Ok I looked at the app settings for the first time in years, current version has finger print unlock security option, self destruct after so many attempts option and other things I was unaware of.
I use it as a glorified note organizer that's behind a password wall. Over 100 entries, about 75% are actually un/passwords.
Last edited:
If you are a sysadmin with no scripting abilities you're working way harder than you need to.
If you're a win admin teach yourself powershell. It's easy.
If you're a Linux admin it's hard to imagine anything higher than a junior with no scripting abilities.
Nah, I use words in different languages followed by numbers and symbols. Also the passwords for my Paypal, ,mobile/online banking, are the exclusions of the big 3. The big 3 are like forum passwords, credit cards, and random accounts for places like JBO, Midway, etc. If someone gets ahold of those and tries to do something I get an email from lifelock, call whatever credit card they tried to use, tell them it wasnt me, and they handle it from there. I NEVER order anything online with my debit card. That gives them access to my money and that isnt a risk im willing to take. But so far I've never had an issue and I refuse to put my passwords on any device aside from my phone or lifelock.
I am fairly competent with bash (and other shells), but not much good at java (our company's entire platform written in it) or Python, PHP, etc. I don't enjoy coding enough to be excellent at it, but I can muddle through existing code enough to perform minor modifications to them.
It takes some fairly serious comp-sci skills to vet, secure, and find security bugs in software, I am simply self-taught in many things IT with no formal schooling. I've been running a linux desktop since the late 90's when OS/2 didn't go anywhere starting on Debian and Mandrake then later Redhat and its derivatives.
I was once a Windows admin but hated it, so I've focused on UNIX/Linux. Experienced in AT&T SYSV, HPUX, Solaris up to v10. I am THE definition of a technician - I know something about just about everything but I don't know everything about something.
Last edited:
It's hard to be a Linux admin and not trust open source software.
gunworks321
Expert
Dashlane works pretty well for us.
I obviously trust it over proprietary software like windows to certain extent.
I rely on the security professionals both at large and within my company that the software we use is safe and doing what it supposed to do.
I also know a tiny bit of what to look for in my firewall logs and network monitors like wire shark to check for rogue connections.
Despite what John Kerry and this administrations claims that people doing labor jobs can simply change jobs and learn to code is utter BS, not everyone has the capacity to do it or wants to.
but anyhow it’s just my own opinion that I don’t think passwords should be handled by anyone or anything but myself.
Last edited:
Site Supporter
Latest posts
-
-
-
-
NWI INGO General Thread #27 - Fresh Pink Air On US-30 smells like...- Latest: Ballstater98
-
Members online
- patience0830
- Chip
- YankeeDollar
- slipnotz
- edwea
- Glocker99
- Don Parks
- Leadeye
- Highstandard
- n9znd
- Whitey
- flyingsquirrel
- Grogmister
- Bybo
- phylodog
- 1943Izzy
- KJQ6945
- INPatriot
- OZZY.40
- getem2011
- Chalky
- NyleRN
- Jndturner317
- slims2002
- pokersamurai
- IndyLongColt
- 4sarge
- hotcupofbro
- Bluejrdn5
- MeltonLaw
- Old Dog
- Titanium_Frost
- jaymark6655
- WebSnyper
- Flingarrows
- Super Bee
- vantex502
- ikky68
- ECS686
- jamil
- Lee11b
- Indyhd
- Mr24g
- INP8riot
- 7920drew
- TheGrumpyGuy
- SouthernStar25
- Xterminator
- user11230706
- Dean C.
