Riffing off @White_Rabbit's post a few minutes ago, my #securityHygiene toot for the day:
Be careful about what you post on social media and keep in mind what you've posted when sites ask you those "password recovery questions" like "What is your favorite movie?" and "What was the make and model of your first car?"
You start reminiscing about how you miss your childhood dog named "Candy," and an attacker may have access to change your password under those forgot password pages.
This is why I have substituted various recovery questions/answers to something completely off-topic:
"What was the name of your first pet" becomes "Were/Why/Who was *******/in ******/at ******."
That way, even if I reminisce or talk about my favorite movies, my comments can't be mined for answers.
@katharsys2012 @White_Rabbit @opie @tyghebright @amarand - but with a good password manager, you don't even need to answer a password recovery question, so just randomly smashing the keyboard would work.
@opie @katharsys2012 @White_Rabbit @tyghebright @amarand - hence the randomly smashing keys.
@0x56 @amarand @tyghebright @opie @White_Rabbit @katharsys2012 I’m not trying to be a smart ass, or disrespectful in any way; isn’t a password manager/keeper just asking for it?! “Here’s my goodies”? If you get hacked, nothing is hack proof. I’ve got a list of cryptic hints. Period. Only my ex could really get anywhere with that. His technical prowess is -100, and that’s being generous.
@Kitty62862 @katharsys2012 @White_Rabbit @opie @tyghebright @amarand - unless your master password is discovered, it cannot be "hacked" well, it could, but it would take thousands of years to do so.
A good password manager is encrypted at such a high level that it's implausible.
Eh... I would put a "it depends" qualifier on that. IIRC there was an issue with that not *that* many years ago where some were vulnerable to attack. LastPass and OneLogin come to mind.
Personally, I use a non-internet based one, using a 256 key that goes through several thousand transforms before unlocking. I sync the DB to my phone about once a week. Trying to (non-quantum) backdoor the DB would take you several thousand years.
@0x56
there are sites that force you to answer security questions when you create your account, not optional...can't remember the last one that did that to me, but it's def happened
// @amarand @tyghebright @White_Rabbit @katharsys2012