Announcement

Collapse
No announcement yet.

Article - Four best practices for Web Browser Security on your Linux Workstation

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #31
    Originally posted by oshunluvr View Post
    Sorry to point this out, but if someone breaks into your home and steals your hard drive, your passwords would be the least of your worries, just sayin'
    You're correct about physical theft of the drive. I was thinking more along the line of data theft via poor security configuration of my various software. I don't claim to be an expert and I sure there are holes in my 'net facing systems. So I'd rather not have a file containing my passwords, in one compact bunch, sitting on the drive. Even if they are encrypted...
    Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

    Comment


      #32
      Originally posted by TWPonKubuntu View Post
      You're correct about physical theft of the drive. I was thinking more along the line of data theft via poor security configuration of my various software. I don't claim to be an expert and I sure there are holes in my 'net facing systems. So I'd rather not have a file containing my passwords, in one compact bunch, sitting on the drive. Even if they are encrypted...
      Kind of the same thing though. If somebody has established remote file access on your computer and is able to steal files, they are probably also able to install key loggers and anything else they please. So the end result is essentially the same.

      No password policy you implement is going to be 100% safe. I feel like its better in the end to have super strong passwords for all online accounts and manage them with a password manager than to have easy to remember, relatively weak passwords. I use a keyfile that is never stored in the same physical space as the password file (one is on a usb on my keyring). I feel pretty safe.

      Comment


        #33
        whatthefunk; Ultimately, you're correct. I like the separate physical drive (ie. USB), which limits the time window for an exploit to grab a file. It also makes it portable.

        I think I'll just go back to my abacus, the password is 1101001000 which I can remember every time. Not fast, but pretty reliable
        Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

        Comment


          #34
          An interesting article that speaks to the above discussion:
          If you think Education is expensive, try ignorance.

          The difference between genius and stupidity is genius has limits.

          Comment


            #35
            Originally posted by SpecialEd View Post
            I'd read XKCD daily too if I could... but since it is only published on Mondays, Wednesdays and Fridays, I just haven't been able to figure out how...
            This is another benefit of age, the comic seems new every time I read it.
            Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

            Comment


              #36
              all of the above is crappola.

              get a physical piece of paper to which your kids and your wife or husband or other partner cannot get access,

              Write down your dad's surname, your mothers first name and your dogs name.

              throw it in the trash.

              get another piece of paper.

              write on it the first four letters of the first street that you ever lived upon that you can remember

              like...

              LOCU...for locust

              then write down the two first letters of your first girlfriend or boyfriend

              like...

              MA for "Mary" or "Marshall"...

              then writ down three random numbers...

              5, 9, 5

              then throw that piece of paper away...

              then get a piece of paper and write down your name in any combination that the operating systems want such as...

              WO34dsm93ke

              that was woodsmoke

              and add any three digits to it..

              and throw it away...

              then pick any random word that is the name of any animal that has a letter that has a weird letter on the upper case of the top row of the keyboard

              such as Osprey

              And substitute the dollar sign ( $ ) for the letter S and add the numbers...782 at the end...ONLY those three numbers...

              and put it on a piece of paper...

              get some coffee and come back to the computer and throw the paper in the trash...

              then...

              determine what the "thing" wants you do to... 6 letters, three numbers one non number letter and pick something that YOU CAN Remember

              and add four digits to the end starting with...

              0001

              enter it twice and the whatever will accept it...

              then...

              every week...

              change your password to the same thing only with the next in the four digits...

              0002

              next week change it to

              0003

              and then next week

              0004...

              and so on...

              each following week

              to 00099

              all the pass word stuff is just crappola

              it is all about how FREQUENTLY you change a SIMPLE password that YOU can remember...

              get the hence to kali and download the cd and just TRY to get in...and you...tooo...can help change the world...until then...do the above, forget the crappola and snuggle with your better half.

              wood#$DTGIXCBDH@##hashfifteenmodsevensmmoker

              Comment


                #37
                “This phrase is a good password” is a good password. Unfortunately, most systems do not allow spaces in passwords. So, “This$phrase$is$a$good$password” has to be used instead. [emoji3]
                "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                – John F. Kennedy, February 26, 1962.

                Comment


                  #38
                  Or you could copy paste woodsmoke's posts. Use the more exuberant sentences as a password and replace the spaces with $.

                  Comment


                    #39
                    Originally posted by Bings View Post
                    Or you could copy paste woodsmoke's posts. Use the more exuberant sentences as a password and replace the spaces with $.
                    Ooooo! I like that!
                    Thank you Bings and THANK YOU Woodsmoke!
                    Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

                    Comment


                      #40
                      But seriously...

                      the college has us change passwords every four months...and the password can be pretty much anything... a word with a capital and a number attached...

                      ANOTHER school that I am an anatomy and physiology instructor randomly every couple of weeks or month or so locks all instructors out until the password is change and they could care less what it is..

                      big idea...

                      the hacker has to download "the passwords" which are "hashed" and then use, usually a brute cracker to get at a password. It is not a guy in an interet cafe in Baghdad or Moscow.

                      it takes TIME to go through all that which is on THEIR MACHINE not yours...

                      so they crack a password and then they get into the system and then have to download all THAT data... which again, has passwords...

                      it is a matter of TIME...

                      The college itself says...ideally you should change your password...DAILY to something like...DOOF101

                      because you will change your password before the hacker gets at your previous password...

                      but...that take server space and bandwidth ON THE PART OF the host like the college and they don't want to spend the money...simple as that...

                      I use a simple password like... Arthrop101oda every week or so for EVERYTHING... to...Arthropod203oda not a biggie

                      MY BANK...

                      it has a two step NOT GOOGLE CRAPPOLA TWO STEP password process.

                      a) login by typing in my "password" which has to meet the normal yada yada yada...
                      b) next screen has a box showing eight images, a row of four above a row of four, in which I have chosen "an image".
                      c) i click the image

                      and done...

                      a bot, a hacker, a whatever will not know what image I click
                      i) because it does not have MY EYES looking at a screen
                      ii) it does not have my mouse moving to the picture...

                      this is a marvelous system for people who can see...

                      HOWEVER...

                      apparently the bank has now added a "vibration" call when mousing over an image...

                      a blind person is cued to vibrations and can recognize the vibration for an image...

                      How it is going to actually send the vibration to a "computer" i do not know but it can easily be sent to a cell phone...

                      so do not know...

                      Face recognition... what a joke

                      my TSA prepass...

                      a) I lay the PAPER airplane reservation with the TSA prepass number on it...down on a scanner.
                      b) I put ALL FOUR OF MY DIGITS, not the thumb on the appropriate squares...
                      c) a camera is sending my image to the TSA person

                      they wave me through from ten feet away...

                      because I spent the month or so going through the process
                      because i want to the TSA place and gave them my digital fingerprints and a picture taken during the fingerprinting...

                      Because i have nothing to hide.

                      and if a hacker gets it...duuhhh

                      FINE...TAKE IT...

                      I just go through the PHYSCAL process again...

                      Because you have to do the initial process online...which uses...a password...

                      I...ummm change the password if it is hacked...

                      and then go back to the physical building and enter the password and they check my fingerprints...

                      this whole thing is stupid because it is about
                      a) companies wanting to NOT SPEND MONEY
                      b) lazieness on the part of the LAZY sheeple

                      Hie thyself to Kali and try to get in if you do then...

                      VOLUNTEER...

                      woodweNEEDvolunteerssmoke
                      Last edited by woodsmoke; Apr 19, 2018, 12:05 AM.

                      Comment


                        #41
                        woodsmoke;
                        ARGGGGH!

                        I use a couple of websites which use that Google(r) image selection tool. They do it TWICE each time I log in. High irritation factor...

                        I understand their intent; to make it difficult for bots to slip through the log-in process. I also question some of their choices in "correct" answers. I'm sure many of you have tried the "Street Signs" image selection tool. I absolutely cannot get that one correct. The designers have a different idea of what parts of a sign are actually valid answers... It is the sign itself PLUS the posts which support it, sometimes... Other times the designer won't accept an image which only has a small sliver of the sign itself.

                        So now I "skip" the Street Signs tool and ask for another set of images. Eventually, I'm "allowed" to enter... I feel so "special".

                        I repeat: ARGGGGGH!
                        Kubuntu 24.11 64bit under Kernel 6.11.0, Hp Pavilion, 6MB ram. Stay away from all things Google...

                        Comment


                          #42
                          My bank has a security option of texting a code to the user’s phone (or email) when logging on. Accessing my bank by phone and using a txt msg code doesn’t work because when I switch to the msg app to get the code the bank app logs me out!
                          "A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
                          – John F. Kennedy, February 26, 1962.

                          Comment

                          Working...
                          X