2023 Security Check-up Reminder

[DumbDude43]

@Null

Use a password manager. You want a good one, which is open source. BitWarden is considered the best. If you use LastPass, you should migrate to another.

thoughts on KeePass? it seems solid as far as i can tell (except for the "Keep Ass" name lol) but i am not a cryptography expert

 

[wtfNeedSignUp]

Your main password should be something very long. Use a passphrase, not a password.

I've always wondered about how much that's correct. The amount of words in used english vocabulary is pretty limited, you could probably limit it further with famous quotes people will likely use.

 

[New001]

Also I would never use a password manager.

All of this ^
I have no idea why people suck the long schlong of password managers so much. They are all a massive single point of failure and run antithetical to some of the primary tenants of operational security. You should be using naming schemes you can keep in your head and if you have to many accounts or accounts used less often then the credentials for those accounts should either be on a unplugged device for cold storage or stored outside of digital accessibility.

 

[Null]

I've always wondered about how much that's correct. The amount of words in used english vocabulary is pretty limited, you could probably limit it further with famous quotes people will likely use.

If you use capital letters and punctuation, a password length of 64 would require a future computer at least decades away from where we're at now to crack it. My core passwords are usually at least multiple sentences with proper cases and punctuation.

Modern bitcoin wallets use seed phrases composed of words and they are very safe.

Brute forcing is about length, not usually word count.

 

[StacticShock]

Virgin moron who boasts about his 66GB porn collection under his real name responds to this thread and comments on KF's opsec
View attachment 4730357

View attachment 4730372

more about him on his thread

66GB? is he a poorfag or something? these are rookie numbers.
still, one must never falter, one must never relax for your passwords and dox can be taken in a quick swoop.

If you use capital letters and punctuation, a password length of 64 would require a future computer at least decades away from where we're at now to crack it.

some banks are demanding 12 characters minimum, more numbers and special characters as well with at least two capital letters, for a regular person to memorize that shit, it's a pain in the ass.

 

[NetZero.exe]

The user downloaded it off mediafire and ran it, which means the hacker probably has access to his shit too.

I mean I guess if they are retarded enough to create a KF Mine Craft server... Then download a random file someone posted in chat.... yeah seems par for the course.

If you are going to be downloading random shit from random ass places do it in a clean VM at least.

 

[RotPockets]

I don't trust Nord, personally. Mullvad and ProtonVPN are alternatives I like.

I only use it when I need to spoof my location for purchases (ex. Netflix in Hungary is $5.00) but I don’t even use Netflix anymore. Now I only use it to access KiwiFarms when the site it getting messed with, or if I want to torrent something from a public site, like a Switch game update. It bypasses the Pi-Hole adblock so I only use when absolutely necessary. What happened with Nord to cause it to lose your trust?

 

[General Emílio Médici]

I've always wondered about how much that's correct. The amount of words in used english vocabulary is pretty limited, you could probably limit it further with famous quotes people will likely use.

True but the fact is that brute force works on simple math. Every single character added increases the entropy and amount of time needed to brute force shit exponentially. And then you consider spaces, punctuation, and more. It's a better convention to use than the retarded demands of "special symbol, uppercase and number" that just end up with people using Password123!

 

[Preacher ✝]

Gmail usually requires "recovery" bullshit like emails/phone numbers. It ends up being a gay daisy chain of burners and alts. If Yahoo wasn't so broken it'd be the main email I'd use. Protonmail isn't even accepted by several websites.

It's all so very tiring…

Yea its not ideal but it can work and if you're clever you can basically turn them into a circular recovery system that ultimately only needs one phone number or external email attached to it in an obscure, buried, way. More hassle to reach then its worth.

It also helps to be a relatively uninteresting Internet user who doesnt engage in gay ops.

If you stick to posting memes, giving your 2 cents take, and having a laugh most hacker types wont bother.

On the plus side gmail does have some very useful extra features like access to Google Voice. I use Google Voice free phone numbers to get around my actual phone number being banned from Twitter. It works fine and the only downside is its ineligible for Twitter Blue which I could care less about anyway.

 

[Generic Retard]

Isn't "Correct Horse Battery Staple" far easier to guess than an 8 character random password, if the hacker guesses you're doing that and uses a dictionary attack instead of bruteforcing random characters?

Not necessarily, that is why you use something like Diceware with a minimum of 6 words out of a list of 7776 words.
To guess one word correctly is a chance of 1/7776 to guess all 6 would be (1/7776)^6
You could also make your own (longer) lists that are not available for anyone to try against you.

Also: It's not a dictionary attack when the symbols used appear in the dictionary. A dictionary attack uses pre-computed hashes which you only have to compare to the leaked database instead of computing it in real time. This is usually countered by services using a salt in addition to simply "hashing" the passwords with a secure key derivation function because normal hash functions are too easily computed in $current_year.
My mistake, I was thinking of rainbow tables for some reason.
But it's still not a dictionary attack, there you are already using something like mostUsedPasswords.txt to just try them out one by one.
Maybe with some variations like added ! at the end.
The Diceware word list would not count as a dictionary for an attack because it would be the same as using the alphabet, numbers and special characters as a "dictionary" for normal passwords.

 

[Vic Viper T301]

They didn't actually get the passwords, right? I changed mine anyway, but all I see in the leak text is emails and usernames.

 

[PointOfNoReturnPoint]

Gmail usually requires "recovery" bullshit like emails/phone numbers. It ends up being a gay daisy chain of burners and alts. If Yahoo wasn't so broken it'd be the main email I'd use. Protonmail isn't even accepted by several websites.

It's all so very tiring…

You have to pay for burner numbers with cards, and even then some sites still dont allow it. Alot of true anonymity is really gone on the internet.

 

[Die Dunkle Maus]

And I try not to put myself in the cross hairs of someone with weapons grade autism.

Too late, buddy. Don't worry, at least I'm not gay. I'm not! I AM NOT. NO NO NO NO NONONONONONO!

 

[Desu Mountain]

Your main password should be something very long. Use a passphrase, not a password.

passwords_blog_protonmail.jpg

This is shit advice. Passphrases will fall in seconds to even a rudimentary dictionary attack. Any password that can be cracked by a method other than brute force is inherently shit.

 

[Slav Power]

thoughts on KeePass? it seems solid as far as i can tell (except for the "Keep Ass" name lol) but i am not a cryptography expert

It's a good password manager, however it's not as normie proof as BitWarden. Also it's the default password manager for the federal administration of Switzerland. I've been using it for over a decade and nothing bad has ever happened.

 

[Onni Kalsarikännit]

Virgin moron who boasts about his 66GB porn collection under his real name responds to this thread and comments on KF's opsec
View attachment 4730357

View attachment 4730372

more about him on his thread

- chudbud gets hacked bc minecraft mod
- fresh meat wants to start a kiwifarms minecraft server
- oldfag links the minecraft hack mod
- fresh meat uses the minecraft hack mod
- everyone laughs
- byuu dies for real this time
- Null has to do a safety rundown again bc we are retards
- random obscure lolcow appears and gloats on twitter
- random obscure lolcow's thread gets linked in how-to-be-not-a-retard-thread
- I learn about a new lolcow I would probably have never learned about

I like this place so much.

 

[Kendall Motor Oil]

Well yeah, their employees are dumb asses who don't know how to update shit and think working from home in the security business is a good idea and it will probably die with all of the lawsuits coming in.

They both do now. I believe there's a way to block it though, but you can also play on an older edition

You can work from home but you need to not be a retard. You'd be surprised(or not) how many security professionals are retarded.

 

[WelperHelper99]

I got a password manager alright, the ultimate weapon that cost me 34 cents:

If you hack this I'm fucked

 

[HodgePodgeRogerDodger]

The Byuu thing was pretty funny. The Pepe/ Sopranos guy deserved it for having that avatar.

 

[DumbDude43]

I've always wondered about how much that's correct. The amount of words in used english vocabulary is pretty limited, you could probably limit it further with famous quotes people will likely use.

the amount of words is pretty massive (thousands of words in the language, as opposed to just dozens of symbols in the alphabet) plus it's not easy to target with brute force because there is so much possible variation in how you actually type it.

for example you can do shit like
"This Phrase Is Not Very Secure!"
"thisphraseisnotverysecureLMAO"
"ThisPhraseIsNotVerySecure?!"
"this1phrase2is3not4very5secure6"
"7h15_phr453_15_n07_v3ry_53cur3"
"this phrase is not very secure 420 69"
"thís phrásé ís nót vérý sécúré"
etc. the possibilities are endless, the only limit is your creativity.
any variation like that is still super easy for you to memorize, but it will make any "try to guess the phrase" attacker die of old age before he actually cracks you.