Search the Community
Showing results for tags 'passwords'.
-
Hello guys! So the other there, one of my friends wanted to get some scripts on a Roblox game (neither did I or he know that, the respective game did not have scripts for a while) and since I used some scripts in the past, I advised him to proceed with caution. So he downloaded a injector with some scripts, but in the installation setup he had to allow all oh those crappy bloatware and spam, however I told him to just skip those, but he did not. After he did all that, a bunch of windows CMD'S and also a lot of google tabs. Then hes PC crashed, and he got security alerts from all of his Google Accs., and right after that, his Steam Acc. and Discord Acc. started sending those weirds mesaages to all his friends, to click on a link for something free and stuff, after that he reinstalled windows and created new passwords. It all went great, until yesterday when all of this stuff happened again. So what is to do? Im guessing that the virus had some kind of deep roots that it restared again, since he didnt do shady stuff after the reinstall. Can you guys help me and him with this? Also, I am sorry if i picked the wrong topic.
-
What's safer? To sign up with Google or to use your email and password with a password manager. I understand the privacy trade-off, but which is the better option solely in terms of security (since Google will find a way to track me down anyway). Is it better to have all of your eggs in 1 basket with Google, or use a password manager and put all of your eggs in that basket instead... Bonus Questions! #1: Why does Imgur let you sign-up with Yahoo? Who uses Yahoo? #2: If you sign-up to Twitter with Google, then sign-up to another site with Twitter, who gets your data? Will it make the world implode? #3: What's the longest chain or cross-logins you can think of? I can't get past Google -> Twitter -> Imgur #4: Should I have just made this a poll...?
- 10 replies
-
I've automated a number of backup/archiving tasks on my Linux Mint machine, but have run into one task that doesn't see doable except manually. It seems that Chrome/Chromium stores passwords in an encrypted data store, which I can easily back up, but it seems the key is tied to the current user and DOES NOT work if you have to rebuild the machine or do a full OS upgrade. I'm not interested in uploading/storing the data with Google for security reasons. Am I wrong about any of this, or is there a way to robustly export/archive this data like there is with Firefox?
-
A user on Reddit discovered that Wells Fargo's website login does not have case sensitive passwords. This is a huge security issue, it makes passwords much easier to crack as not all letters and combinations of upper and lower case need to be tried. If your password was "PassWoRd123" any variation of the word "password" would be accepted and log you in. Wells Fargo does offer 2 Factor Authentication, but it is not manditory, nor do they tell you that they even offer it. You need to go into your account settings in order to enable 2FA. This means that many customers, especially the older generations that would have mortgages, checking, savings, and investments are at a huge risk to being compromised. Even if you are not a Wells Fargo customer, check with your bank's site and make sure they are using case sensitive passwords, as another user pointed out in the thread: As of posting this, I have tested with my account and it still is not case sensitive.
- 22 replies
-
- well fargo
- security
-
(and 1 more)
Tagged with:
-
Sources: Cornell University Library, Science Mag, and Threat post The article however didn't mentioned password managers so I guess it's safe to use a reliable password manager with two factor authentication. I have a feeling that as AI, machine learning and neural engines become more powerful, we might see cyber attacks much more serious. At the moment, it predicts what passwords are the easiest to guess to give companies chance to change their weak passwords into a more secure one. But as far as I'm concerned, most websites don't read passwords as plain text like "I<3myhotboss", websites read it hashed like this one "eed4b508e6f5acda3178c880bc490546" and I think there's already an online database containing hashed passwords that are used by hackers to brute force. But then, I can see this being used by legit password managers and they'll notify the user if the password they're using is easy to guess or has been used somewhere else so that they'll notify the user to change for a more secure password. So I'm all for this and I hope this will be implemented to current password managers.
-
Twitter thread about it: https://twitter.com/virginmedia/status/1162756227132198914 Just thought I'd post this here for any UK people that use Virgin Media. Also a massive GDPR violation so... file complaints away?
- 6 replies
-
- virgin media
- gdpr
- (and 4 more)
-
Came across this article today on forbes.com and was recently thinking about signing up for LastPass to actually keep track of my passwords because I'm looking to get away from just having Google Chrome remember all of my passwords for obvious reasons, is there anyway to really keep track of your passwords securely? https://www.forbes.com/sites/kateoflahertyuk/2019/02/20/password-managers-have-a-security-flaw-heres-how-to-avoid-it/#457fd4a54e16 'So major password manager firms will be feeling the heat today after a report from Independent Security Evaluators (ISE) found fundamental flaws that expose user credentials in computer memory while locked. According to the researchers, this renders them “no more secure than saving passwords in a text file”.' 'The ISE evaluated 1Password, Dashlane, KeePass and LastPass, which are used by a total of 60 Million users and 93,000 Businesses globally. It found that all the products failed to provide the security to safeguard a user’s passwords “as advertised”.' 'the researchers found that in some circumstances, the master password was residing in the computer’s memory in a plain text readable format.' The original report by ISE here: https://www.securityevaluators.com/casestudies/password-manager-hacking/
-
A lot of users have been impacted by a data breach affecting two companies. One of which is a password manager. Password managers need to be more secure and better at holding data to avoid these issues. Maybe we need to take a step back and have a talk about people using applications such as KeePass over online storage of passwords. https://threatpost.com/data-leaks-blur-town-of-salem/140529/ Password-manager Blur and role-playing game Town of Salem both disclosed data breaches this week that impacted a combined 10 million.
-
I need help on how to transfer all of my iCloud Keychain passwords to my android, app data and other is not necessary as its not difficult to do so but I am having trouble on how to transfer every single one of my iCloud Keychain passwords to a Samsung Galaxy A20, is there an easy way to do this? I have looked into password managers but I can't seem to find a free one that has more than enough password saves for my liking and the whole process of doing it manually is very cumbersome for me to do as I have a little over 80 passwords saved. Is there an easier way to do this that doesn't involve me having to tinker with anything too difficult? any help would work
-
I really have to get better at keeping myself secure by using different passwords. I know services like lastpass exists, but I would like to achieve my online security without relying on a company. My idea is to start using strong unique password on every single different account and having these password stored on an encrypted USB drive. What are the prose and cons of this?
-
RCN Corporation customer posted on Reddit about his exchange with RCN customer support via phone and later on Twitter. Turns out, RCN stores customer passwords and security phrases in plaintext and does not see any issue with this. In customer's own words: Shocked by this conversation, customer contacted the company's official representative on Twitter @RCNconnects and got the following reply (screenshot on imjur): For those who are not familiar with RCN (like me), RCN Corporation is a large American communications provider (telephone, cable television, and internet) with hundreds of millions in revenue and hundreds of thousands customers. My personal thoughts: It's alarming that such a large infrastructure provider does not understand even the basic principles of hashes and how to use them to store passwords. Clearly, this is not for the lack of resources or something else, their security team (and support team and management) either completely do not care or are basically illiterate in security. Do you personally use their services? If so, what do you plan to do (if anything)? EDIT: Some people mentioned past post that T-Mobile Austria was storing passwords in plaintext as well. Yes, this is the point of this post: to publicize this information in hopes that the public pressure will convince the company (RCN in this case) to fix the issues.
-
So as it turns out, a bug in Twitter's hashing process has led to millions of passwords being released. http://money.cnn.com/2018/05/03/technology/twitter-password-bug/index.html While it's doubted any passwords were stolen, this is still a massive security breach. Thoughts?
-
Welcome to the topic of: "Software Ideas." In this general discussion I wanted to ask if there's any way where -- for example, hypotheticals -- IF my SFF (small form factor) gaming desktop computer (DAN case series models to give you an idea of how small) computer's "lock screen" can be bypassed IF it detects a certain IP address from one of the NICs and in next response it will: 1. Launch the "keystrokes" so that it thinks that I'm typing the password but it is the software that is doing it. or 2. depending on the verification method that is permitted. I.e., PIN, Password, Picture Password, Windows Hello, etc. And add a new verification method called, "IP#" so that if it senses a certain IP address then it will unlock itself to the main desktop. Why do I ask? Because I have an idea where instead of having to pay a lot of money to build an eGPU laptop rig, you can use a desktop as the "Server" and thus it will be portable as a gaming machine on it's own. Thus, with mobility in mind, what you can also do with it is that in case if you were to go somewhere and want to play games in a stationary spot (perse) then you can essentially use the desktop as an "eGPU" so to speak. Why not bring a second screen? I mean, I can't say that it can be done but often times it will for one thing be unnecessary equipment to carry, takes up useful space, and put bluntly: if I were to use this computer's power, why would I use it on an external screen (not the client's screen, an actual standalone monitor)? So, with the way I see it, I could use a "telnet" command if need be, or of course, doing one of the two methods listed above. Still, in case where you can't hookup an external monitor for the desktop, you can still use an "IP Password". Or an IP sensor verification. so, with that said, thank you.
-
https://www.technewsworld.com/story/Standards-Milestone-Could-Mark-Beginning-of-End-for-Passwords-85268.html A Web standards milestone announced Tuesday could point to the end of the road for pesky passwords. The new standard, WebAuthn, has won near-final approval from the World Wide Web Consortium, which establishes Web standards. WebAuthn defines a standard Application Program Interface that can be incorporated into browsers and Web infrastructure. It opens the door for new ways for users to authenticate themselves on the Internet that are more secure and convenient than passwords. "Security on the Web has long been a problem which has interfered with the many positive contributions the Web makes to society," said W3C CEO Jeff Jaffe. "While there are many Web security problems and we can't fix them all, relying on passwords is one of the weakest links," he continued. "With WebAuthn's multifactor solutions, we are eliminating this weak link."
-
Hi was just wondering if anyone could recommend any password managers that the either have experience with or know are well reviewed ? EDIT: have just noticed that keepass2 is recommended int the free and open source sticky has anyone got any experience with it as ive heard last pass is also recommended
-
I was watching How Do Passwords Get Stolen? and I could not help but voice that passwords should never be encrypted on a server for login; as linus said they do. (directly taken from the transcript) (BTW I am not an expert nor that good at web server administation but I have looked into it as a mild interest)
-
KeePass is software that I was introduced to just a few days ago when I was learning more about cyber security and I already love it. It allows you to store all passwords encrypted locally and forces you to enter a master password to get into the software. It lets you avoid keeping all of your passwords on a doc (which you should NEVER do) or on a piece of paper (probably shouldn't do that either). All you have to do is download the software from the link I provided or just look up KeePass. It also allows you to store your username. Whenever you need the password or username there is an option to copy it so you can paste it into the login without even viewing the password. http://keepass.info/download.html
-
Personally, no. I'm starting to hate this even more I agree What do you guys think? Time to break out the tinfoil hat once more? Source: http://www.technewsworld.com/story/Googles-Abacus-May-Count-Out-Passwords-83543.html
-
Hey there, (I hope this is a good place to post this. As this is my first post here. I have been watching LTT for years though!)I was wondering if I could take a few seconds of your time to answer a survey for a school project. It's about passwords; are they still safe, are we good at using them etc. Anyway here it is: http://hpqsurvey.no-ip.org. So far I have gotten around 30 responses from the oneplus forums which is awesome, I will post my findings when I'm done, the survey will remain open for around a month so no rush. I had a few responses on the oneplus forums about the sensitive question matter, I completley understand if you do not want to take part; for those that do, I thank you very much and if any question is to personal, just answer with "I'd prefer not to say. Oh and just to clear up a common question, I do not work for HPQ (HPQ = Higher Project Qualification). As you see by the title, HPQ is a qualification we have here in Britain.Many Thanks.
-
Techno Buffalo: http://www.technobuffalo.com/2016/01/21/most-popular-stolen-passwords-in-2015-are-you-kidding-me/ Opinion: You've got to be hard pressed to find a password to have used one of these passwords; but then again many of us have..
- 53 replies
-
- passwords
- stolen passwords
-
(and 1 more)
Tagged with:
-
Not sure if this feature has been suggested before, or if it has any chance of becoming possible, but is there any way in the future we could have Two-Step authentication for LTT accounts. This would be a super awesome feature.
-
Spotted this tweet from easyCarClub which confirms they decrypt & email out passwords to customers - even I know that's just stupid! #facepalm
-
Jimmy Kimmel decided to test SaveFrom.net just how carefree we are about our digital security. In one of his regular subterfuges, he sent his minions to the streets in an attempt to elicit people's passwords. No one was going to give theirs up so easily, were they? Magic starts @0:35 http://youtu.be/opRMrEfAIiI?t=35s One woman admitted that her password was her dog's name and the year of her graduation from high school. She thought she was clever by not immediately saying what the password was, but just a couple of subtle (not) questions, and there it was. For another woman, it was her cat's name and a random number. Oddly, she was very happy to divulge it with little trouble. Well, this is sharing world.