For me it’s the paranoia surrounding webcams. People outright refuse to own one and I understand, until they go on and on about how they’re being spied. Here’s the secret - unplug the damn thing when you think you won’t use it or haven’t used it in a while.
They, whoever it is, can’t really spy on you on something that’s already off and unplugged!
Password managers. People will use anything but that: paper, notes app (without any security), using the same password everywhere…
I keep trying to convince my parents. Then they say but what if I forget the master password? I say they won’t with a passphrase but they don’t believe me.
Also I don’t have experience with PW managers other than 1Password, Bitwarden and Roboform. I personally didn’t like Bitwarden. I think it’s UI is janky and oldschool. Roboform is so bad I don’t even know where to start complaining. So I keep using 1Password even though the UI has been getting worse but it still works for me because of the good integration into the Apple ecosystem. But it’s rather expensive for managing the 20 something passwords my parents have. I read about breaches on other PWMs sometimes so I don’t really know what to trust and recommend.
I keep telling myself I need to start using a password manager but I’m worried I won’t be able to log into things on my phone or other devices like my work computer when I need to because I don’t know the password. Is that a legitimate worry or is there a solution for this? How do you sync passwords between computer and phone?
Eh, I don’t trust any 3rd party enough to give them all my passwords and I don’t trust myself enough to secure a server for self hosting a password manager.
I know all my passwords, can’t forget em, no paper or notes, no repeat passwords.
If you know all your passwords and can’t forget them, I’m assuming your using some sort of pattern to remember them in which case you have a major issue in case of data breaches as your other passwords can be guessed.
Just as a heads up, sometimes the pattern is not that easy for computer to brute force. As an example, my old password contains a birth date but with an alternating shift making them a combination of digit and symbol.
Technically you could use PGP to encrypt a .txt file with all your passwords in it. Which would be more or less the same thing with a lot less polish to it.
Sorry stupid question, but how do I import my passwords from Proton Pass to KeepassDX?
Fucking THANK YOU.
A very good friend of mine doesn’t use any password manaher. I’ve often in the past told them why don’t they? They argue that then all their passwords would be gone if they forget that one master password. Okay, I say, how the fuck is having to remember 1 password harder than having to remember 20 passwords?
Any good password manager nowadays also has an account takeover feature if you opt in. Basically your spouse / child / parent can take over your account to recover it for you if you can’t get in.
Rebooting your PC really does fix a lot of issues.
But in Windows, you have to go to a sub-sub-sub-menu of the old control panel, click on a button called “choose what closing the lid does”, then on “change settings that are currently unavailable” and then disable “fast startup (recommended)”, just to get your pc to reboot properly.
Hold shift while you click start and shutdown (or reboot) when necessary. This will have windows do a full shutdown instead of a hybrid shutdown.
Here’s an even easier hack than all of that :effort:
Just hold the power button down for about 10 seconds, ez-pz
I like to call that the “putting a pillow over its face” method of rebooting. Reserved for when even a shutdown /r /t 0 doesn’t work
I call this one forbidden knowledge because I see it so little in public, but I’m sure it’s well known in privacy communities: A password like “I have this really secure password that I type into computers sometimes” is a much stronger and easier to memorize password than “aB69$@m”. It seems more often than not I find networks where the SSID is a better password than the WPA key.
I agree but I think the problem is that some apps/sites have strict password requirements, which usually includes adding upper-case, symbols, numbers, and then limits the length even sometimes…
Which is funny because those strict rules reduce the number of combinations an attacker has to guess from, thereby reducing security.
Provably false. That’s only true if the rules specify some really wacky requirements which I haven’t seen anywhere except in that one game about making a password.
Think about it this way. If you have a password of maximum length two which only accepts lowercase letters, you have 26 choices for the first character & 26 for the next. Each of the 26 characters in the first spot can be combined with any of the 26 characters in the second spot, so 26 * 26 = 676 possible passwords.
By adding uppercase letters (for a total of 52 characters to choose from), you get 52 * 52 = 2704 possible passwords. It increases significantly if you increase the length beyond two or can have more than just upper & lowercase letters.
Computers have gotten so efficient at generating & validating passwords that you can try tens of thousands of passwords in a minute, exhausting every possible two-letter password in seconds starting with aa and ending with ZZ.
The only way you would decrease the number of possible passwords is if you specified that the character in a particular spot had to be uppercase, but I’ve never seen a password picker say “your fourth character must be a lowercase letter”.
Here’s what I’ve shared with my company.
I agree - I do use passphrases in some critical cases which I don’t want to store in a password manager.
However, I believe passphrases are theoretically more susceptible to sophisticated dictionary type attacks, but you can easily mitigate it by using some less-common 1337speak character replacements.
Highly recommend a password manager though - it’s much easier to remember one or two complex master keyring passwords & the random generated passwords will easily satisfy any application’s complexity requirements.
If you don’t have your files on another physical location you can show me, you don’t have a backup, you don’t own your files, you basically give your “digital life” to someone else.
Likewise, as the old rule goes, if you don’t have a secondary backup, then you don’t have a backup.
The other day, I was chatting on a Discord server about how people manage their photos, which keep piling up each year. I asked which cloud service they use, and one person replied, ‘Save them offline.’ That really struck me because I haven’t invested in offline storage devices in years, and I realized I wasn’t storing anything offline.
People who complain about ads on YouTube. I tell them about ads blockers and they always go “Huh, you sure it works? Sounds good, I might try that” and then proceed to forget about it and complain about ads in a few months time…
I’m pretty positive by this point that people love to bitch about ads for the sake of bitching about ads. They bring this onto themselves.
Same goes for them going onto sites without ad blockers. Then when you tell them, it’s either “OHHH THANKS!” or “Uhhhh, I cAn’t” for no reason.
Or people, like my mom, who are were relatively educated about technology and don’t want to learn new technologies/tools under the pretense of security (even if the software is foss, like again most adblockers.
Edit: Whenever I use a browser without an adblocker, I remember how shitty the web is without them.
My mom built computers in the '90s and '00s, she taught me how to use the command prompt to play my dos games. now she can barely use one. I don’t know what the hell happened.
I think this happens because people believe that ad blockers are “too good to be true”. That was what I first thought when first getting an ad blocker, that there was going to be some kind of “catch” like slowing down websites, making them less functional or being malicious. But it turns out they actually improve performance, rarely affect functionality and are even recommended by the FBI because they protect against malicious advertising.
I hate the ad blocker argument for youtube. How am i supposed to do that on my tv or my phone?
- invidious
- piped
- some TVs have 3rd party specialized versions of the official webapp
The first two have web pages and phone apps. You can find the phone apps on F-droid.
Fun fact: did you know that the youtube app on your TV is just a no-effort web browser with a URL fixed to a web page, which you could even use on your PC?
I just install it for them or tell them to use Brave (don’t down vote me, these people aren’t going out of their way to use firefox and download all the needed extensions)
