Ancestors

Written by Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵] on 2024-12-04 at 16:05

So with the proliferation of deep fakes etc... M and I came up with a "family safe word."

Unfortunate complication: IT IS DEEPLY HILARIOUS AND I CAN'T TELL ANYONE DAMMIT

=> More informations about this toot | More toots from platypus@glammr.us

Written by Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵] on 2024-12-04 at 16:06

this is like when my boss said "my current password is based on you and it's very funny and I can't tell you what it is"

It's been 15 years and I am HAUNTED by this

=> More informations about this toot | More toots from platypus@glammr.us

Toot

Written by Trammell Hudson on 2024-12-04 at 16:32

@platypus my bank used to allow custom security questions, so I set one to "what are you wearing?" and the answer to "that's very inappropriate please transfer me to your manager". the first time an customer service rep encountered it they couldn't stop laughing and had to actually transfer to a coworker to complete the call.

=> More informations about this toot | More toots from th@v.st

Descendants

Written by Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵] on 2024-12-04 at 16:36

@th oh my godddddd 💀💀💀😂😂😂

=> More informations about this toot | More toots from platypus@glammr.us

Written by Dorothea Salo on 2024-12-04 at 21:24

@th @platypus You. You win Mastodon today.

=> More informations about this toot | More toots from dsalo@digipres.club

Written by Dad on 2024-12-04 at 21:38

@th 😂😂😂 You win!

=> More informations about this toot | More toots from GeekAndDad@mastodon.social

Written by Franciscus :verified: on 2024-12-04 at 21:55

@th @platypus

🤣 👍

=> More informations about this toot | More toots from FrankauLux@polyglot.city

Written by ~n on 2024-12-04 at 21:56

@th @platypus I used to have “SAUSAGE SOUP” (Yes, this is a thing in Germany) as “password” for the hotline of a now defunct mobile operator. That quickly answered the question if they can see it or if they have to type it in. It also started every interaction on a lighter note. Especially if spoken with a stern proclaiming tone: “WURSTSUPPE!”.

=> More informations about this toot | More toots from nblr@chaos.social

Written by Robot on 2024-12-06 at 03:04

@nblr @th @platypus ooh this looks good, i might have to try this. (the soup)

=> More informations about this toot | More toots from robot@wetdry.world

Written by ~n on 2024-12-06 at 04:03

@robot @th @platypus Curiously the only other kitchen I know of that has a dedicated sausage soup culture is Korea. For historical reasons that has to do with SPAM. And it’s very worthwhile to explore.

=> More informations about this toot | More toots from nblr@chaos.social

Written by Riku Viitanen on 2024-12-07 at 19:35

@nblr @robot @th @platypus sausage soup (makkarakeitto, nakkikeitto) is a really common food in finland as well.

=> More informations about this toot | More toots from riku@mas.to

Written by bugwitched 🐝🐇🦨 🎃🧙🐸 on 2024-12-11 at 18:35

@nblr @robot agreed but also look into gumbo

=> More informations about this toot | More toots from bug@chitter.xyz

Written by Arina Artemis :nonbinary_flag: on 2024-12-11 at 19:27

@nblr @th @platypus Why are you buying passwords at the SOUP STORE?! /j

=> More informations about this toot | More toots from arina@girlcock.club

Written by petur 🔵😶 on 2024-12-04 at 22:21

@th Our government official communication box here in Belgium allows you to set a custom title, so I set mine to something resembling "yo this ain't no phishing, man" which is how I now know that the mail I get is official and not phishing.

Took a while to convince my wife these mails were really from our government

@platypus

=> More informations about this toot | More toots from peturdainn@mastodon.social

Written by Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵] on 2024-12-04 at 22:55

@peturdainn @th 😂😂

=> More informations about this toot | More toots from platypus@glammr.us

Written by fedops 💙💛 on 2024-12-07 at 12:06

@peturdainn also another use case for per-account email addresses.

If a "government" mail comes to your address registered with your electricity supplier you know it's a scam.

@th @platypus

=> More informations about this toot | More toots from fedops@fosstodon.org

Written by Wilfried Klaebe on 2024-12-07 at 14:18

@fedops The amount of spam I get at the address I used over ten years ago on the Linux Kernel Mailing List (and only there, it contains "lkml") is... well, it's a lot.

@peturdainn @th @platypus

=> More informations about this toot | More toots from wonka@chaos.social

Written by wb x64 on 2024-12-14 at 07:09

@peturdainn @th @platypus you know its real government communication and definitely not a scam email when it's addressed to His Excellency Emeritus Petur Dainn, First of His Name

=> More informations about this toot | More toots from wilbr@glitch.social

Written by petur 🔵😶 on 2024-12-14 at 08:25

@wilbr the fact that it's quite honest about wanting money from me is also a hint 😉

@th @platypus

=> More informations about this toot | More toots from peturdainn@mastodon.social

Written by HTTP 1.1/418 [volts/amps] Teapot on 2024-12-04 at 22:35

@th @platypus @jwz

That is brilliant and delightful.

It is also plausibly a contributing reason they changed away from custom questions. Losing too many customer service reps to giggling.

=> More informations about this toot | More toots from rmd1023@infosec.exchange

Written by UkeBLCatboy on 2024-12-05 at 11:19

@rmd1023 @th @platypus @jwz not losing them, but the jokes and associated laughter take increased average call time by 1.7 seconds, thus reducing efficiency in the worker system by 0.8%, leading to a 0.95% reduction in shareholder value.

Or something like that, I would assume ...

=> More informations about this toot | More toots from UkeBLCatboy@mastodon.social

Written by HTTP 1.1/418 [volts/amps] Teapot on 2024-12-05 at 15:52

@UkeBLCatboy No lie detected.

=> More informations about this toot | More toots from rmd1023@infosec.exchange

Written by Comrade elronxenu on 2024-12-05 at 00:39

@th @platypus Mine was "Do you think I'm sexy?"

=> More informations about this toot | More toots from elronxenu@mastodon.cloud

Written by Jonathan Doughty on 2024-12-05 at 00:40

@th @platypus For United Airlines my security question used to be “What airline's mileage support is the worst?” Sadly they no longer allow user created security questions and answers. Maybe because that one was too predictable.

=> More informations about this toot | More toots from jwd630@mastodon.social

Written by Tom Bortels on 2024-12-05 at 04:53

@platypus @th

Choosing outlandish answers to security questions (I save them in my password manager) is one of the perks of the job.

I managed to get an AWS support person to lose composure reading back the answers a while back, it felt like I won the lottery. A very small lottery, but hey.

=> More informations about this toot | More toots from tbortels@infosec.exchange

Written by Michal Bryxí 🌱 on 2024-12-05 at 05:51

@th @platypus My answers to security answers usually goes: "Did you know that security questions are a big security loophole and you should not give me the access?" irrespective to the question.

Once I had to repeat the same sentence three times, because support required me to fill them all in.

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by UkeBLCatboy on 2024-12-05 at 11:20

@MichalBryxi @th @platypus are they? How? 👀

=> More informations about this toot | More toots from UkeBLCatboy@mastodon.social

Written by Acin ✨ on 2024-12-05 at 13:13

@UkeBLCatboy @MichalBryxi

Your answers to default security questions may be viewable to a large of people. They can leak personal info about you that can be used to break through other systems' security features.

Setting up custom questions with joke answers is better than honestly responding to personal questions like "What is your mother's maiden name?"

=> More informations about this toot | More toots from shadowfals@toot.cat

Written by Amin Hollon 🏳 on 2024-12-07 at 17:21

@shadowfals @UkeBLCatboy @MichalBryxi

Especially since in my case my mother’s maiden name is my middle name. :)

=> More informations about this toot | More toots from amin@alpha.polymaths.social

Written by spooky Ske-lil-ton 🦇 on 2024-12-05 at 13:41

@UkeBLCatboy @MichalBryxi @th @platypus Things like maiden name/name of first pet/etc etc can often be found on Facebook accounts and are very easy to find out with social engineering. And your jealous ex/angry ex-employee who wants to get into your accounts for revenge probably already knows the answers

=> More informations about this toot | More toots from Larymir@chaos.social

Written by Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵] on 2024-12-05 at 13:46

@Larymir @UkeBLCatboy @MichalBryxi @th on occasion it’s hilarious https://en.m.wikipedia.org/wiki/Sarah_Palin_email_hack

=> More informations about this toot | More toots from platypus@glammr.us

Written by UkeBLCatboy on 2024-12-05 at 14:21

@Larymir @MichalBryxi @th @platypus yes, my blind spot was simply not thinking of ever using such obvious ones. But you're right they're often the default.

For me the worry is usually the reverse, I'm always terrified of forgetting them when I lost my password like 3 years later and losing the account!

=> More informations about this toot | More toots from UkeBLCatboy@mastodon.social

Written by Michal Bryxí 🌱 on 2024-12-06 at 07:06

@UkeBLCatboy @Larymir @th @platypus Passwords when stored properly can't be leaked even if an attacker gets direct access to where they are stored.

Security questions and answers on the other hand are always intentionally readable by various people (usually from within the organisation), so even if you select custom question and crazy wicked answer, there will be people that could harvest them if they wish to.

It's not a huge attack vector, but worth considering.

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by Michal Bryxí 🌱 on 2024-12-06 at 07:13

@UkeBLCatboy @Larymir @th @platypus Rule of thumb: Do not listen to what the "security experts" are saying and write all the passwords down.

Ideally, always use a password manager. Personally I'm using #Bitwarden (hello people opposing the idea of storing hashes on 3rd party service), and it contains everything.

Forgetting is probably not going to be our biggest enemy. My accounts that got lost because of corporate fuckery:

• #Amazon: Lost access, because they decided that a phone number that was somewhere attached to the account will be bumped to a role of 2FA. I lost that number years ago.

• #etrade: Their proprietary 2FA app ties it's seed to something physical in your phone. So when you do a full phone backup & restore, you will have seemingly functional app with non valid codes.

• #Windows NTFS(?) encryption. Similar story. Reinstalled OS, left data partition intact. Somehow that fucks up the decryption process and I just have a huge blob of unusable nothing.

• ...

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by Michal Bryxí 🌱 on 2024-12-06 at 07:18

@UkeBLCatboy Oooh and my favourite which bleeds into the area of #IncrementalPasswords: Went for 2 months sabbatical with my previous corporate which is suuuper paranoid about security (not a bad thing, just saying). We were absolutely forbid to write down the primary password that needed to be rotated every couple of months and had to be super complex. So, naturally, after 2 months I had no effing clue how to login to corporate systems and thanks to exponential backoff it took me ~2 hours to get it done.

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by UkeBLCatboy on 2024-12-06 at 09:30

@MichalBryxi Fair points xD

The windows one makes sense to me though. Everyone can make a free windows usb stick to install in 10 minutes with almost 0 knowledge, if that just let you access the encrypted data afterwards, the whole encryption is pointless... right?

=> More informations about this toot | More toots from UkeBLCatboy@mastodon.social

Written by Michal Bryxí 🌱 on 2024-12-06 at 13:33

@UkeBLCatboy Maybe I expressed it wrong: The blob is and should be encrypted no matter the OS. But what is wrong is that it can't be unencrypted even with correct password if I lose the original OS installation.

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by UkeBLCatboy on 2024-12-06 at 13:36

@MichalBryxi oh, yeah, that is weird!

=> More informations about this toot | More toots from UkeBLCatboy@mastodon.social

Written by Rafa10 on 2024-12-05 at 08:46

@th @platypus Congratulations, I laughed like crazy on the floor just due to this post.

=> More informations about this toot | More toots from parsethisthing@infosec.exchange

Written by h3artbl33d :openbsd: :ve: on 2024-12-05 at 10:23

@th @platypus

Hahahahaha :flan_XD: That made my day - thank you!

=> More informations about this toot | More toots from h3artbl33d@exquisite.social

Written by Sisyphus with a Hat on 2024-12-05 at 11:44

@th @platypus Fantastic! When it is only web based security questions, I set them, and the answers, in a language little known outside it's country of origin. Works a treat.

=> More informations about this toot | More toots from louisffourie@c.im

Written by 0xC0DEC0DE07E8 on 2024-12-05 at 13:44

@th @platypus pass phrases that are jokes! It’s genius. Lighten your day and it’s memorable.

=> More informations about this toot | More toots from c0dec0dec0de@hachyderm.io

Written by Instant Arcade on 2024-12-05 at 16:09

@th @platypus

Q > "You're not gonna shoot are you?"

A > "Put all the money in the bag, and no funny business"

=> More informations about this toot | More toots from InstantArcade@leds.social

Written by Gary Parker on 2024-12-05 at 17:26

@th @platypus you utter genius 😂

=> More informations about this toot | More toots from WiteWulf@cyberplace.social

Written by Xantastic on 2024-12-06 at 00:40

@th @platypus Positively brilliant. several gold stars, and cookies of your choice are available for you.

=> More informations about this toot | More toots from cordova5029@dragonscave.space

Written by Mathaetaes on 2024-12-06 at 05:41

@th @platypus I don't even care if this is real or not. It's absolutely brilliant either way.

=> More informations about this toot | More toots from mathaetaes@infosec.exchange

Written by Keri Svendsen on 2024-12-06 at 12:04

@miki @platypus @th I want to use that now. rofl

=> More informations about this toot | More toots from sapphireangel@mastodon.online

Written by Daniel, pined-lizard edition on 2024-12-07 at 12:42

@th That is actually genius!

@platypus

=> More informations about this toot | More toots from daniel@masto.doserver.top

Written by Solace_sorrow on 2024-12-07 at 17:22

@th @Foxy @platypus Considering the digest came across this and couldn’t stop laughing myself, I totally see how that happened. Congratulations, you win the Internet today!

=> More informations about this toot | More toots from Solace_sorrow@kinky.business

Written by hendrikstier on 2024-12-07 at 20:31

@sashag playing the system.

=> More informations about this toot | More toots from hendrikstier@chaos.social

Written by Sasha :verifiedtransbian: on 2024-12-07 at 21:02

@hendrikstier ?!?

=> More informations about this toot | More toots from sashag@anarres.family

Written by AT on 2024-12-11 at 19:18

@th @platypus I put an XSS payload as the name of my yubikey in college and a random engineer reached out to me about it to call me clever.

=> More informations about this toot | More toots from Alphactory@www.librepunk.club

Written by Francis 🏴‍☠️ Gulotta on 2024-12-12 at 03:14

@th @platypus looolol omfg

=> More informations about this toot | More toots from reconbot@toot.cafe

Written by Royce Williams on 2024-12-19 at 17:40

@th You landed on Imgur!

https://imgur.com/gallery/this-sounds-fun-IvC8YqR

=> More informations about this toot | More toots from tychotithonus@infosec.exchange