Ancestors

Written by Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵] on 2024-12-04 at 16:05

So with the proliferation of deep fakes etc... M and I came up with a "family safe word."

Unfortunate complication: IT IS DEEPLY HILARIOUS AND I CAN'T TELL ANYONE DAMMIT

=> More informations about this toot | More toots from platypus@glammr.us

Written by Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵] on 2024-12-04 at 16:06

this is like when my boss said "my current password is based on you and it's very funny and I can't tell you what it is"

It's been 15 years and I am HAUNTED by this

=> More informations about this toot | More toots from platypus@glammr.us

Written by Trammell Hudson on 2024-12-04 at 16:32

@platypus my bank used to allow custom security questions, so I set one to "what are you wearing?" and the answer to "that's very inappropriate please transfer me to your manager". the first time an customer service rep encountered it they couldn't stop laughing and had to actually transfer to a coworker to complete the call.

=> More informations about this toot | More toots from th@v.st

Written by Michal Bryxí 🌱 on 2024-12-05 at 05:51

@th @platypus My answers to security answers usually goes: "Did you know that security questions are a big security loophole and you should not give me the access?" irrespective to the question.

Once I had to repeat the same sentence three times, because support required me to fill them all in.

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by UkeBLCatboy on 2024-12-05 at 11:20

@MichalBryxi @th @platypus are they? How? 👀

=> More informations about this toot | More toots from UkeBLCatboy@mastodon.social

Toot

Written by spooky Ske-lil-ton 🦇 on 2024-12-05 at 13:41

@UkeBLCatboy @MichalBryxi @th @platypus Things like maiden name/name of first pet/etc etc can often be found on Facebook accounts and are very easy to find out with social engineering. And your jealous ex/angry ex-employee who wants to get into your accounts for revenge probably already knows the answers

=> More informations about this toot | More toots from Larymir@chaos.social

Descendants

Written by Ruth [☕️ 👩🏻‍💻📚✍🏻🧵🪡🍵] on 2024-12-05 at 13:46

@Larymir @UkeBLCatboy @MichalBryxi @th on occasion it’s hilarious https://en.m.wikipedia.org/wiki/Sarah_Palin_email_hack

=> More informations about this toot | More toots from platypus@glammr.us

Written by UkeBLCatboy on 2024-12-05 at 14:21

@Larymir @MichalBryxi @th @platypus yes, my blind spot was simply not thinking of ever using such obvious ones. But you're right they're often the default.

For me the worry is usually the reverse, I'm always terrified of forgetting them when I lost my password like 3 years later and losing the account!

=> More informations about this toot | More toots from UkeBLCatboy@mastodon.social

Written by Michal Bryxí 🌱 on 2024-12-06 at 07:06

@UkeBLCatboy @Larymir @th @platypus Passwords when stored properly can't be leaked even if an attacker gets direct access to where they are stored.

Security questions and answers on the other hand are always intentionally readable by various people (usually from within the organisation), so even if you select custom question and crazy wicked answer, there will be people that could harvest them if they wish to.

It's not a huge attack vector, but worth considering.

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by Michal Bryxí 🌱 on 2024-12-06 at 07:13

@UkeBLCatboy @Larymir @th @platypus Rule of thumb: Do not listen to what the "security experts" are saying and write all the passwords down.

Ideally, always use a password manager. Personally I'm using #Bitwarden (hello people opposing the idea of storing hashes on 3rd party service), and it contains everything.

Forgetting is probably not going to be our biggest enemy. My accounts that got lost because of corporate fuckery:

• #Amazon: Lost access, because they decided that a phone number that was somewhere attached to the account will be bumped to a role of 2FA. I lost that number years ago.

• #etrade: Their proprietary 2FA app ties it's seed to something physical in your phone. So when you do a full phone backup & restore, you will have seemingly functional app with non valid codes.

• #Windows NTFS(?) encryption. Similar story. Reinstalled OS, left data partition intact. Somehow that fucks up the decryption process and I just have a huge blob of unusable nothing.

• ...

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by Michal Bryxí 🌱 on 2024-12-06 at 07:18

@UkeBLCatboy Oooh and my favourite which bleeds into the area of #IncrementalPasswords: Went for 2 months sabbatical with my previous corporate which is suuuper paranoid about security (not a bad thing, just saying). We were absolutely forbid to write down the primary password that needed to be rotated every couple of months and had to be super complex. So, naturally, after 2 months I had no effing clue how to login to corporate systems and thanks to exponential backoff it took me ~2 hours to get it done.

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by UkeBLCatboy on 2024-12-06 at 09:30

@MichalBryxi Fair points xD

The windows one makes sense to me though. Everyone can make a free windows usb stick to install in 10 minutes with almost 0 knowledge, if that just let you access the encrypted data afterwards, the whole encryption is pointless... right?

=> More informations about this toot | More toots from UkeBLCatboy@mastodon.social

Written by Michal Bryxí 🌱 on 2024-12-06 at 13:33

@UkeBLCatboy Maybe I expressed it wrong: The blob is and should be encrypted no matter the OS. But what is wrong is that it can't be unencrypted even with correct password if I lose the original OS installation.

=> More informations about this toot | More toots from MichalBryxi@veganism.social

Written by UkeBLCatboy on 2024-12-06 at 13:36

@MichalBryxi oh, yeah, that is weird!

=> More informations about this toot | More toots from UkeBLCatboy@mastodon.social