Follow

Be aware of a common scam running on the internet - someone emails you with a password that you will recognize and threaten to publicly bad post things about you on social media unless you pay a ransom. The password and email come from some web site breach, such as LinkedIn. Don’t fall for it. Delete and move on. Also, take this opportunity to get a password manager and use a different password on every site/service you use. ✌️

@Miredly I recently switched to Dashlane. It’s somewhat expensive for the pro version, but it’s quite refined and easy to use. I used to use 1Password - also good, not quite as easy to use IMO. Lots of people like Enpass, but I’ve not spent much time with it.

@jerry @Miredly Bitwarden is a good free and open source alternative, and if you opt to pay you get the ability to have OTP keys automatically copied to the clipboard when autofilling login details.

@swedneck @jerry @Miredly LastPass is pretty nice as far as compatibility goes. All the usuals, but (working) BSD, Blackberry, Opera, and Winphone support if that matters to you.

If not, @jcs has a nice open source re-implementation of the Bitwarden server if you ever decide to bring that into your own "cloud". github.com/jcs/bitwarden-ruby

@Miredly Try KeePass. I've been using it both on Windows and on Linux (Ubuntu, Xubuntu, Fedora).

@Miredly @jerry KeePassXC is the new, community maintained version of KeePassX, the multi-platform re-implementation of KeePass.

Thanks to KeePassXC I wouldn't recognize any of my service passwords if they were sent to me :)

@jerry
lol yeah I remember they tried to blackmail me after the Patreon breach

@jerry Haven't seen that one yet. Thanks for the warning.

My favorite scam of the moment is the message self-identified as from Microsoft or Google (I have seen both) saying they have received strange signals from your device and believe it has been hacked. Do not fall for this. Neither Microsoft, Google, or Apple monitor every one of the 10s of thousands of devices they have out there. Delete the message and move on.

@yuri56

@jerry

I like Keepass. Android and windows versions and can keep synced across devices.

@Patrickme @jerry yeah that's better, anything that's offline storage it's better because you got control over it and you can use your own security measures instead of trusting a centralized server or something like that

@yuri56

@jerry
Keepass will do password + gpg key to protect your password file.
It has a Chrome extension too for auto fill which is nice.

@Patrickme @jerry also you could store the portable windows version in a encrypted usb drive or boot TailsOS and use the KeePassX program there and everytime you want to restore your KeePassX list of passwords you could use encrypted persistence avaible in TailsOS

@Patrickme @jerry @yuri56 I do that too, I use Syncthing to sync the .kdbx to my devices

@jerry bugger! you mean I could have kept all that Bitcoin???

@jerry seriously though, I don't use a password manager, as having "one password to rule them all" worries me! I use a physical "card" from passwordcard.org . I write down the refs to the passwords , in a document I keep on cloud servers, using cryptomator for end to end encryption. (so when I need a password, I open cryptotmator, open the document , get the reference (like "$5") and then read the password off my laminated card that is in my wallet) sounds convoluted, but it isn't really!

@whonose123 hey, whatever works for you. As long as the passwords are unique, rock on.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.