Ok, getting back on my security soapbox.
Feel free to mute #securityHygiene to not hear my random (but informed) security thoughts.
🍿🍿🍿
@0x56 @CoSoGuard
(With proper authorisation) I dumped the hashes at work, supplied a short password list from the internet, and cracked about 70% (~800) in seven seconds.
Follow this advice.
@0x56 @CoSoGuard With that said, how many folks protect their access to CoSo with 2FA? One of the first things I did after joining.
@0x56 @CoSoGuard #cososec
Also non SMS 2Fa or hardware keys (when available) can provide additional security
https://gizmodo.com/google-employees-secret-to-never-getting-phished-is-usi-1827833717
I've said "use a password manager" before, but I'm not sure if I've explained why.
The reason is simple, and related to @CoSoGuard. An email/username/password combination you had once is most certainly out on the web. A criminal might try these combinations against other sites.
Keeping passwords in a manager allows you to keep long, unique pwds for every single one of your accounts.
And those "tricks" like spelling the site name backwards... criminals know about them too.
#securityHygiene