Stackoverflow has the password to my mail-account
-
@Onyx said in Stackoverflow has the password to my mail-account:
@JBert I have a script on my home machine that watches it (along with some other files) and makes a backup every time the file changes.
inotify
is a beautiful thing ;)Share, please?
-
@anotherusername said in Stackoverflow has the password to my mail-account:
they can always just pop your drive into an enclosure and read all of your files without even booting into the OS
That attack doesn't work against Windows encryption.
-
@Onyx said in Stackoverflow has the password to my mail-account:
a script on my home machine that watches it (along with some other files) and makes a backup every time the file changes
Unless you're copying it to a target that has automatic versioning, that might end up causing more grief than it prevents.
-
@Dreikin said in Stackoverflow has the password to my mail-account:
Share, please?
Can do, once I'm back home.
@flabdablet said in Stackoverflow has the password to my mail-account:
Unless you're copying it to a target that has automatic versioning, that might end up causing more grief than it prevents.
I'm rotating those, just in case. And I do have extra backups on external drives and such I do every once in a while. This is just an extra step I do to combat some of the more silly mistakes I might make, like accidentally deleting the whole thing.
-
@flabdablet said in Stackoverflow has the password to my mail-account:
@Onyx said in Stackoverflow has the password to my mail-account:
a script on my home machine that watches it (along with some other files) and makes a backup every time the file changes
Unless you're copying it to a target that has automatic versioning, that might end up causing more grief than it prevents.
Hm...so make a git plugin that automatically commits any changes and pushes to github and bitbucket?
-
@Dreikin Public or private repositories?
-
@dkf said in Stackoverflow has the password to my mail-account:
@Dreikin Public or private repositories?
Depends whether I'm on the or not.
-
@dkf said in Stackoverflow has the password to my mail-account:
Public or private repositories?
Well, there are a bunch of people who sync their dotfiles via a public Github repository. I wonder how much private information is in there.
-
@asdf They could always sync
/etc
that way as wellโฆ
-
@dkf said in Stackoverflow has the password to my mail-account:
@asdf They could always sync
/etc
that way as wellโฆ
-
@flabdablet Hopefully it doesn't add sshd_host_id_rsa (or whatever it's named)?
-
@JBert said in Stackoverflow has the password to my mail-account:
@Onyx said in Stackoverflow has the password to my mail-account:
@fbmac I just keep my KeePass database in my DropBox directory, along with a portable version of KeePass. That way every time I save changes on any of my devices it's automatically synched, and I just need to know two passwords: for DropBox, and for my KeePass database.
I hope your Keepass makes backups because I had a colleague whose Google-synced database got corrupted.
The DropBox web interface lets you restore recently deleted files, or any previous version of a file from the past month, I believe. So if it gets corrupted, and the corrupted version got synced, he'd just need to sign in to the website and download the last version that was still good.
-
@flabdablet said in Stackoverflow has the password to my mail-account:
@anotherusername said in Stackoverflow has the password to my mail-account:
they can always just pop your drive into an enclosure and read all of your files without even booting into the OS
That attack doesn't work against Windows encryption.
It still doesn't encrypt user profiles by default, does it? So that only applies if you turn it on. And, my OS doesn't have integrated support for it: "EFS is not fully supported on Windows 7 Starter, Windows 7 Home Basic, and Windows 7 Home Premium."
I did also mention TrueCrypt, and that attack doesn't work against it either.
-
@flabdablet Are password hashers acceptable?
-
This post is deleted!
-
@anonymous234 Anything is acceptable. is acceptable. Just don't expect sympathy if you've been and the predictable consequences follow.
That said, I can't see any convenience advantage that Hashapass has over KeePass, so I don't understand why I'd give up so much password entropy to use it. I can be completely confident that the only way a cracker will ever get access to any of the passwords stored in my KeePass database is by stealing the user DB from a service that stores user credentials in plaintext. All my passwords are PRNG-generated which makes rainbow tables useless against them, and long enough that even relatively weak hashes like MD5 can't be feasibly broken by brute force.
Hashapass passwords are generated by taking an eight-byte snippet from a Base64-encoded hash, so they're also susceptible to failing the password "strength" enforcement so commonly implemented by the security-theatre brigade. KeePass-generated passwords suffer no such limitation: there is no algorithmic relationship between a KeePass master password and the stored passwords, any of which can be tweaked as necessary to conform to whatever idiot rules are in place.
-
@flabdablet said in Stackoverflow has the password to my mail-account:
@anotherusername said in Stackoverflow has the password to my mail-account:
they can always just pop your drive into an enclosure and read all of your files without even booting into the OS
That attack doesn't work against Windows encryption.
Or Linux.
-
On the topic of Windows account passwords, Windows 10 allows you to set a PIN and log in with that instead of a password. I'm not sure how the security compares to a regular password.
-
@PJH I've always been a bit leery of LUKS, TrueCrypt and other whole-disk encryption schemes that rely on key-stretching and make overwriting block 0 equivalent to total disk failure.
I keep offsite backups of the school servers on disks in my back office at home, and for those I'm using plain dm-crypt whole-disk encryption with a long, randomly-generated key (which is, naturally, stored in my KeePass in case of emergencies). The server I'm backing up knows the key for my encrypted drives so it can mount them before use; but without access to that server, or to the contents of my KeePass, they're inscrutable.
Unlike LUKS, plain dm-crypt doesn't have a master key block - so in the extremely unlikely event that one of my backup sets is all that remains of our school, and that set suffers from some degree of disk failure, I should still be able to get 99.9999% of it back.
-
@Choonster said in Stackoverflow has the password to my mail-account:
On the topic of Windows account passwords, Windows 10 allows you to set a PIN and log in with that instead of a password. I'm not sure how the security compares to a regular password.
Apparently it's more secure because it's just for your PC, not your whole MS account. If someone gets you with a keylogger they don't get access to whatever else is linked to your account
OTOH, it's a 4 digit number, so max 10000 PINs
-
@Choonster said in Stackoverflow has the password to my mail-account:
Windows 10 allows you to set a PIN and log in with that instead of a password
That's my backup for when my fingerprint reader freaks out on me. I don't know my Microsoft Account password.
-
@Jaloopa It is not restricted to four digits, mine are 11. However, it accepts as soon as enough digits are entered, so you can discover your key space.
-
@anotherusername said in Stackoverflow has the password to my mail-account:
The DropBox web interface lets you restore recently deleted files, or any previous version of a file from the past month, I believe. So if it gets corrupted, and the corrupted version got synced, he'd just need to sign in to the website and download the last version that was still good.
Same goes for Google Drive and for paid OneDrive plans, IIRC.
-
@LB_ said in Stackoverflow has the password to my mail-account:
Same goes for Google Drive
On a side note, what is with the complete and total scabbiness of the Google Drive desktop client? Fucking thing's been out for years and it still can't get folder sync right.
-
@flabdablet said in Stackoverflow has the password to my mail-account:
On a side note, what is with the complete and total scabbiness of the Google Drive desktop client?
Google have no fucking clue at all how to do reliable desktop software, except maybe for the Chrome team. They also know bupkis about user support.
-
@flabdablet What do you mean? It works pretty well for me - in fact all three work pretty much the same in my experience.
-
@LB_ said in Stackoverflow has the password to my mail-account:
It works pretty well for me
It really doesn't like dodgy network connections, and recovers from that situation poorly.
-
@dkf Chrome isn't reliable software. No browser is reliable software.
-
@fbmac said in Stackoverflow has the password to my mail-account:
Chrome
I was talking about the stand-alone Google Drive client.
-
@dkf I was replying to the "except maybe the chrome team" part.
-
@ben_lubar said in Stackoverflow has the password to my mail-account:
all my other passwords are randomly generated gibberish.
Your password is a game of Dwarf Fortress?
-
@Arantor said in Stackoverflow has the password to my mail-account:
22 posts and no
hunter2
? Dissapoint.I tried to make that joke but it just came out as *******
-
@LB_ said in Stackoverflow has the password to my mail-account:
What do you mean? It works pretty well for me - in fact all three work pretty much the same in my experience.
The only time I tried to use it (maybe a month ago?) I ended up with stacks of loose photos in the outermost Google Drive shared folder that would not allow me to move them back into the subfolder they were supposed to be in; GD kept re-downloading them from the cloud into the outermost folder again. Also, using the desktop client to create a subfolder inside the GD outer folder worked, but files dragged and dropped into that subfolder remained unsynchronized to the cloud until I gave up on GD three days later.
At login it would also chew up all available CPU for 15 minutes straight, which wasn't very impressive.
The Dropbox client remains the only commercial desktop sync application I still have reason to retain any confidence in.
-
@fbmac said in Stackoverflow has the password to my mail-account:
I was replying to the "except maybe the chrome team" part.
But at least with that one they actually try; I suspect it's what they use internally so they are really dogfooding there.
The Drive client is more like what comes out of the dog a bit later.
-
@flabdablet Huh, I'm glad that has literally never happened to me.
-
@Lorne-Kates said in Stackoverflow has the password to my mail-account:
@Arantor said in Stackoverflow has the password to my mail-account:
22 posts and no
hunter2
? Dissapoint.I tried to make that joke but it just came out as *******
It only lets you post your password if you put it in
See?
sloosecannonIsAwesome
โโโโโโโโโโโโโโโโโโโโ