Generic Retard
kiwifarms.net
- Joined
- Jan 31, 2021
I hope that is acid-free paper and you are using archival pens.
2023 Security Check-up Reminder
- Thread starter Null
- Start date
- Joined
- Aug 2, 2019
I still cannot believe in 2023 that Minecraft still isn't fucking multithreaded.
I mean you're right.
- Joined
- Feb 10, 2023
Far better than using an online service like LastPass that’s just going to get owned.
Keypass and other local managers are as good as your systems security. In cases with malware on your machine it certainly still has weaknesses, as your master password (if keylogged) and keypass db could be exported out.
If you’re super autistic or security conscious you could run QubesOS, Fedora distro where everything runs in its own VM and you can have offline vaults etc.
- Joined
- Jun 24, 2020
Because not everyone can spend all day memorizing bruteforce-proof passwords.
And keeping a notebook of your passwords on your desk (assuming you're a desk jockey and don't WFH/aren't a NEET) is like keeping cash under your mattress.
Last edited:
- Joined
- Dec 24, 2018
I keep my passwords on a little sticky note that I move to a different place in my cubicle daily.
Generic Retard
kiwifarms.net
- Joined
- Jan 31, 2021
Oh and by the way, if you are managing an "important" server.
Don't use passwords at all FFS, just use smartcards or Yubikeys (keep a password in cold storage for emergencies).
Definitely disable root login over SSH (already a default), and password authentication too. Keys only!
And remember: If you are using unrestricted sudo for your main user: Your password for that better be as good as your emergency root pw!
Your hoster should also support a second factor to authenticate you before you can use your plaintext passwords to login through their KVM.
Make sure your dongle or smartcard locks on its own after a set amount of time, so you have to enter the PIN again to use your keys.
That way an attacker can not gain access, at least for the most important stuff.
Don't use passwords at all FFS, just use smartcards or Yubikeys (keep a password in cold storage for emergencies).
Definitely disable root login over SSH (already a default), and password authentication too. Keys only!
And remember: If you are using unrestricted sudo for your main user: Your password for that better be as good as your emergency root pw!
Your hoster should also support a second factor to authenticate you before you can use your plaintext passwords to login through their KVM.
Make sure your dongle or smartcard locks on its own after a set amount of time, so you have to enter the PIN again to use your keys.
That way an attacker can not gain access, at least for the most important stuff.
- Joined
- Jun 24, 2020
That's a different place every day that someone nosy enough can stumble upon it or you can misplace it.
- Joined
- Dec 16, 2019
you have to assume they did, even if all they got was the usernames or usernames and hashes, they could try cracking the hashes and for all we know the passwords were in plaintext or someshit.
PREDICTION: chudbuds.lol expires on 2023-09-15T21:43:45.00Z and ten milliseconds after that, someone will buy it and setup a honeypot to catch more idiots
- Joined
- May 26, 2020
Wonder if Jon is practicing safe opsec and encrypting his 66GB porn collection?
- Joined
- Sep 30, 2018
Maybe now we can build the great sneed?
- Joined
- Jan 25, 2020
There is a telegram channel, I doubt that there would be a dedicated autist who would host kiwifarms minecraft server.
Autism finds a way if need be.
- Joined
- Mar 18, 2019
Unless the pihole is running through the vpn as well, it half negates the anonymisation factor of the vpn. Speaking of which, you probably don’t need one.
- Joined
- Sep 28, 2022
yeah if you get compromised to the point where someone is reading your keystrokes from inside your system then you're just completely boned no matter what other security measures you have in place
- Joined
- May 24, 2022
I'm just over here using Keepass. Been using it for 15ish years and I "sync" it with a USB cable and keep backups on a couple of USB drives. I have never, ever had a problem. Things like passwords don't need to be stored on any cloud service.
How difficult is it to have an IRL email address and a shitposting email address and keep them both separate?
jesus christ
Edit> and VPNs/Tor/masking IP - I honestly just don't give a shit. But I'm in a unique position to not give a shit so that will obviously not work for everyone.
How difficult is it to have an IRL email address and a shitposting email address and keep them both separate?
jesus christ
Edit> and VPNs/Tor/masking IP - I honestly just don't give a shit. But I'm in a unique position to not give a shit so that will obviously not work for everyone.
- Joined
- Dec 8, 2020
Imagine trusting a mediafire link over an official fucking mod distributor
F for my man byuu being completely retarded spreading malicious files for zero fucking reason
F for my man byuu being completely retarded spreading malicious files for zero fucking reason
- Joined
- Apr 1, 2022
Once again, a lot of discussion about password managers, but not about the core problem: Stop storing your passwords.
Any password manager that stores your password will be breached in a long enough timeline. Use tools that generate your passwords on-the-fly, and only store the tedious details that are required to create the password, such as login username, the URL, etc. These are called stateless password managers, I use:
lesspass.com
But that is only because of inertia, I've used it for years. It's opensource, on Github. You can selfhost your own instance. There are browser extensions for it, though it won't paste the password for you.
There are others, and they might be better, too. Spectre was kown as Master Password, and is older than LessPass. pass can be configured to generate stateless output, for those autistic enough. I'm sure there's more out there.
Build your own threat model over time, it doesn't need to be detaild, but help you figure out what behaviors are best for you to cultivate.
Any password manager that stores your password will be breached in a long enough timeline. Use tools that generate your passwords on-the-fly, and only store the tedious details that are required to create the password, such as login username, the URL, etc. These are called stateless password managers, I use:
LessPass
lesspass.com
But that is only because of inertia, I've used it for years. It's opensource, on Github. You can selfhost your own instance. There are browser extensions for it, though it won't paste the password for you.
There are others, and they might be better, too. Spectre was kown as Master Password, and is older than LessPass. pass can be configured to generate stateless output, for those autistic enough. I'm sure there's more out there.
Yes, there are drawbacks, as there is for everything. Do not forget your master password. Use multiple master passwords if you need to segment your life, as @mindlessobserver said. I keep a journal; if someone wants my passwords, I'm more likely to be hacked/phised/compromised versus physically entering my home.
Build your own threat model over time, it doesn't need to be detaild, but help you figure out what behaviors are best for you to cultivate.
- Joined
- Dec 14, 2022
"After all, why not? Why shouldn't I use the TND copypasta as a password?"
Edited because I'm a stupid phoneposter who doesn't read his posts before hitting send lol about it
Edited because I'm a stupid phoneposter who doesn't read his posts before hitting send lol about it
- Joined
- Sep 15, 2016
You’re telling me!
MF when I have to change from adolfhitlerismywaifu to adolfhitler!ismywaifu! and some goddamn homo website tells me I need to shove some numbers in there as well.
Being online is getting to be more and more of a hassle for each year.
- Joined
- Jul 4, 2022
KeePass2 Master Race
Reminder that ProtonMail does not respect your privacy and also probably glows.
Reminder that ProtonMail does not respect your privacy and also probably glows.
Last edited:
- Joined
- Apr 5, 2019
And here I was worried that I went full retard about and used a regular email for chudbuds. Thank god I'm paranoid about most platforms.