64 Matching Annotations
  1. May 2020
  2. Apr 2020
    1. Take a moment to consider the alternative. No, not the IT department's fantasy world, that never-gonna-happen scenario where you create a strong, unique password for every account, memorize each one, and refresh them every few months. We both know it's not like that. The reality is that in your attempts to handle all those passwords yourself, you will commit the cardinal sin of reusing some. That is actually far more risky than using a password manager. If a single site that uses this password falls, every account that uses it is compromised.
    2. This cache of passwords is, of course, protected by a super-password of its own—one you obviously need to choose wisely. More from Popular Mechanics Handmade whistles from England Video Player is loading.Play VideoPrevious VideoPlayNext VideoMuteCurrent Time 0:00/Duration 3:52Loaded: 2.59%0:00Stream Type LIVESeek to live, currently playing liveLIVERemaining Time -3:52 1xPlayback RateChaptersChaptersDescriptionsdescriptions off, selectedCaptionscaptions settings, opens captions settings dialogcaptions off, selectedEnglishAudio Trackdefault, selectedQuality1080p540p720p360p270pauto, selectedPicture-in-PictureFullscreenThis is a modal window.Beginning of dialog window. Escape will cancel and close the window.TextColorWhiteBlackRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentBackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentTransparentWindowColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyTransparentSemi-TransparentOpaqueFont Size50%75%100%125%150%175%200%300%400%Text Edge StyleNoneRaisedDepressedUniformDropshadowFont FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall CapsReset restore all settings to the default valuesDoneClose Modal DialogEnd of dialog window. Replay "ACME Whistles | MADE HERE | Popular Mechanics" Up Next 01:29 First Look: 2020 iPhone SE 01:29 04:05 Clean your dishes in seconds 04:05 03:04 Easy Car Roof Access 03:04 Yes, this does pose a risk of its own, as you might already be screaming at your screen.
    1. You already have good reason to treat the password for your Google account as if it’s a state secret. But now the stakes are higher. You’re trusting Google with the passwords that protect the rest of your life – your bank, your shopping, your travel, your private life. If someone learns or guesses your Google account password, you are completely compromised. The password has to be complex and unique. You have to treat your Google account password with the same care as a LastPass user. Perhaps more so, because it’s easier to reset a Google account password. If your passwords are saved in Chrome, you should strongly consider using two-factor authentication to log into your Google account. I’ll talk about that in the next article.
    1. OPVault is an almost perfectly documented format. This makes it highly improbable to come across a file that will fail to be imported. If it ever happens, a bug in the plugin is probably to be blamed.
    1. While KeeFarce is specifically designed to target KeePass password manager, it is possible that developers can create a similar tool that takes advantage of a compromised machine to target virtually every other password manager available today.
    2. KeeFarce obtains passwords by leveraging a technique called DLL (Dynamic Link Library) injection, which allows third-party apps to tamper with the processes of another app by injecting an external DLL code.
    1. As for the syncing: I think BitTorrent Sync should do it. It's p2p, meaning there're no servers inbetween. Maybe there're even open alternatives already. TL;DR: KeePass <-> BitTorrent Sync for database transfer <-> MiniKeePass
    2. And most important: No proprietary encryption software can be fully trusted
    3. If you are concerned about privacy and looking for a bullet-proof solution then the only way to go is open-source software. For example, there was another incident with a proprietary file "encrypter" for Android/iOS which used the simplest possible "encryption" on earth: XORing of data that is as easy to crack a monkey could do that. Would not happen to an open-source software. If you're worried about the mobile app not being as reliable (backdoors etc.) as the desktop app: compile it yourself from sources. https/github.com/MiniKeePass/MiniKeePass You can also compile the desktop version yourself. Honestly, I doubt most people, including you and me, will bother.
    1. By default: no. The Auto-Type method in KeePass 2.x works the same as the one in 1.x and consequently is not keylogger-safe. However, KeePass features an alternative method called Two-Channel Auto-Type Obfuscation (TCATO), which renders keyloggers useless. This is an opt-in feature (because it doesn't work with all windows) and must be enabled for entries manually. See the TCATO documentation for details.
    1. Seriously, the lesson I'm trying to drive home here is that the real risk posed by incidents like this is password reuse and you need to avoid that to the fullest extent possible
    1. Having visibility to the prevalence means, for example, you might outright block every password that's appeared 100 times or more and force the user to choose another one (there are 1,858,690 of those in the data set), strongly recommend they choose a different password where it's appeared between 20 and 99 times (there's a further 9,985,150 of those), and merely flag the record if it's in the source data less than 20 times.
  3. Jan 2020
  4. Dec 2019
  5. Sep 2019
    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected.

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

    1. This content is password protected.

      This section of Undissertating is in development is not yet published to a wider readership, but will be soon.

      If, however, you're excited to chat about it in advance, please feel free to reach out on Twitter at @Naomi_Salmon and we can figure out a mode of conversation from there!

  6. Jun 2019
  7. Nov 2017
  8. Nov 2016
    1. Do students recognize the importance of password-protecting their devices and having different passwords across platforms?

      I'm curious to know if the answer to this question would differ from Generation Y to Generation Z.