I use passwordstore.org/ as my password manager, including for my otp codes. It’s backed by a git repo. I get a backup of it on every device it is cloned to.
- 1 Post
- 15 Comments
Joined 1 year ago
Cake day: June 8th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
13·1 month agoFurther, in terms of safety, having a large display built into your dash showing you navigation is much better than a small device you jerryrig onto a vent or something. It’s easier to see via your peripheral vision, and won’t put you in a situation where you need to go find it off of the floor when it falls off.
The password to my password manager: a few randomly chosen words that will definitely just sound like nonsense dementia-talk probably.
Geocaching is free and usually lots of fun in cities. It’s like a big database of dead drops - people hide small containers with pieces of paper to sign, and post their GPS coordinates online. Frequently they’re hidden near points if interest, as well so you might find some cool shops or bars as a side effect.
I’ll take it over QuickTime
I’ve had it happen on servers where that moderation option is not enabled. My worst experience was trying to join a friend group’s discord via an invite link shared with me. I was prompted to create an account with email, and I did. I was then shown a read-only view of the server: I could see all messages and other folks could see I joined and 👋 to me. I could not send messages myself, however, without verifying with a phone number. Further, I couldn’t use a Google voice number (my primary number) to verify, nor my “real” number which was associated to another account.
Sometimes it depends on discord itself finding you suspicious, for some definition of suspicious. perhaps a user agent whitelist? lack of Google cookie?
it’s awful and I hate it. I generally prefer not to have a shared identity across communities, and there’s no way to create a usable discord identity without a phone number.
12·6 months agoI use Firefox on all my devices and couldn’t be happier with it. I especially love how sync works: there’s options to both pull tabs from other devices, and push to them. Quite frequently I’d be just browsing on my phone and send a tab over to my laptop to deal with/read/act on when I’m sitting down at a bigger screen.
You can disable chrome in it’s app settings!
It might be an attention thing. With an emoji in a post your eyes are drawn towards the cute colorful picture before you l’ve read the content of the post. Emoticons on the other hand don’t stand out as much, but serve a similar purpose: punctuate a thought with an emotion (=
thanks for the recommendation! I just installed it, and can at least add my own list.
Not only do we have password managers now, we also have OIDC. I can see a situation where a service pops up with no offering other than identity management/verification, and forum-like software can accept log-ins from that service.
Not a security scientist, but in my interpretation, it’s the “categories” of the factors that matter. Ideally, you use some two of three of:
the goal then is maintaining the "only"s.
if you tell someone your password, or they see you type it in, or they beat it out of you with a wrench, it’s no longer something “only” you know, and it is compromised.
if you use the same password on two websites, and one website is compromised, the password is compromised.
OTPs from a key fob or yubikey or something are similarly compromised if the device that provides them is left out in public/lost/stolen/beaten out of you with a wrench.
biometrics are again, are compromised if it’s not “only” you with access to them - someone scans you face while you’re asleep, or smashes your finger off with their wrench.
having multiple factors in the same category, like having two passwords, or two otp tokens, or two finger prints, doesn’t significantly improve security. if you give up one thing you remember, it’s likely you’ll give up more. if one fob from your keychain is stolen, the second fob on that keychain is of no additional help.
you can start shifting what categories these things represent though.
if you write down your password in a notebook or a spreadsheet, they become thing you have.
OTPs can become something you know if you remember the secret used to generate them.
knowing many different things is hard, so you can put them in a password vault. the password vault is then something you have, which can be protected by something you know. so although your OTPs and passwords are in one place, you still require two factors to get access to them.
you still need to protect your "only"s though. and don’t put yourself in situations where people with wrenches want your secrets.