blahdeblah | I trust everyone heard about the Ubuntu Forum compromise by now? Make sure you change your password (and any others that matched it), and be on the lookout for phishing scams that ask you to enter your Ubuntu forums user id. | 06:56 |
---|---|---|
bradm | honest, we're working on getting it back up! :) | 07:03 |
jared | blahdeblah & bradm - do eithe rof oyu have thoughts on service slike lastpass? This breach has me considering but I'm not sure enough either way to make a decision | 07:09 |
bradm | jared: I use keepassx myself for some stuff | 07:09 |
jared | I'm smart enough to use 2 factor on everythingi that has it but yeah, to me if I don't use it I don't have strong passwords, if I do use it if they get in they get everything. | 07:10 |
jared | So not quite sure | 07:10 |
bradm | anything that lets you use different passwords everywhere would have to be an improvement | 07:11 |
bradm | I can't comment specifically on lastpass, I don't use it myself | 07:11 |
bradm | but there's no reason you can't store the KeePassX db on, say, UbuntuOne's filesharing.. | 07:12 |
jared | bradm: I'm locked down on my work laptop which I use for Uni daily | 07:12 |
jared | Was considering the yubikey option with lastpass | 07:12 |
bradm | thats probably not a bad way to go | 07:13 |
jared | And then on the phone I just have to use their special browser for "secure" stuff and chrome for all the stuff I don't log in for | 07:13 |
jared | And just make sure I set up the master password as secure as possible | 07:14 |
bradm | pwgen -s with as large a size as you can remember isn't a terrible way to go.. | 07:16 |
jared | Nah the idea is you don't remember your master, you only use it when you change stuff | 07:17 |
jared | Write it on a piece of paper and store it in a safe/drawer | 07:17 |
bradm | uh, so people can access your passwords without authenticating? | 07:18 |
jared | Sounds like I haven't thought this through | 07:19 |
jared | Got myself a bit confused when reading up perhaps I haven't unconfused myself yet | 07:19 |
bradm | with keepass it has a master password you have to enter when you open the db | 07:20 |
bradm | I thought lastpass was similar | 07:20 |
jared | Ah yeah, ignore me | 07:20 |
jared | I was getting a few different services intermingled | 07:21 |
jared | I guess 12 - 16 should be ok | 07:21 |
jared | I find much over that gets difficult | 07:22 |
jared | Handy that the s4 has a numbers row on the main keyboard for this sort of thing | 07:24 |
bradm | yeah, that should be plenty | 07:24 |
jared | Apparently lastpass had one breach 2 years ago but stated as long as the masterpass was secure (not dictionary, etc) then no issues due to the fact they don't get any unencrypted data | 07:25 |
bradm | depends on how its encrypted | 07:26 |
bradm | the forums didn't have passwords in plain text, but that doesn't stop people complaining :) | 07:27 |
jared | I'm not overly concerned about the forum one, but it did make me rethink what the process I use for choosing password | 07:28 |
bradm | I mean, there's encryption, and there's encryption. | 07:28 |
bradm | rot13 could be called encryption, but I'd hardly call it secure | 07:29 |
jared | I'm far from expert but the lastpass stuff is described at https://lastpass.com/whylastpass_technology.php if that helps. The problem I have is that I don't know enough to see if I'm being convinced by crappy advertising arguments | 07:31 |
bradm | AES is pretty much considered secure | 07:33 |
bradm | and 256 bit AES would take a long time to crack | 07:33 |
bradm | thats not to say there won't be some new thing found, but you can say that of anything | 07:34 |
jared | bradm: thanks for letting me pick your brain. I'm thinking a lastpass service might be worth it if it means I can ahve independent strong passwords as compared to the weak stuff I formulate if I have to remember them all | 07:40 |
bradm | jared: no worries, I haven't heard anyone say bad things about lastpass really, I'm sure its a fine choice | 07:40 |
jared | Sometimes as a lay user it's hard to cut through the FUD | 07:42 |
blahdeblah | jared: I use Firefox's password safe with a nice long master password for most things. I use a separate browser for banking. | 08:07 |
blahdeblah | I refuse to bank on any mobile device. :-) | 08:07 |
jared | blahdeblah: fair call :) | 08:08 |
blahdeblah | And i use jpilot's password manager (GNU Keyring integration) for generating random passwords, and keeping important stuff. It's a dead-simple X11 app that doesn't really integrate with anything else, so it's pretty standalone. | 08:09 |
jared | blahdeblah: unfortunately I need something cross platform :/ But nice to know if I ever live the dream on Linux | 10:32 |
blahdeblah | jared: KeePassX is probably a good choice | 10:44 |
jared | blahdeblah: I'll suss that one out, it's come up a few times | 10:46 |
jared | blahdeblah: storing something like that on dropbox with 2 factor auth ruin the security of it all though? | 10:47 |
blahdeblah | I'm not a big fan of dropbox personally, because they keep the private keys themselves | 11:00 |
blahdeblah | But as long as the file is encrypted itself, it's "safe enough" | 11:01 |
jared | I'll have a play with keepassx first and see if that works. | 11:01 |
jared | If I find that doesn't work I guess I'll have a play with lasspass | 11:01 |
blahdeblah | I definitely prefer a local password database to a cloud-based one | 11:02 |
jared | Fair call, I can put it on an SD card for the work laptop | 11:03 |
jared | http://portableapps.com/apps/utilities/keepass_portable | 11:04 |
ilja | Hello, would this be a place to ask a question | 12:57 |
ilja | I have got a thinkpad x230t with a wacom stylus pen. | 13:09 |
ilja | ubuntu 13.04 and everything has been working really good until yesterday.after installing tuxpaint-config | 13:09 |
ilja | and setting tuxpaint on fullscreen, the stylus pen is totally out of wack.It seems to have a matching point on the left hand of the screen.the further I move away from the the larger the mismatch.Calibrating does not work. | 13:09 |
ilja | The interesting thing is that it works perfectly in the login screen and perfectly in other user accounts. | 13:09 |
ilja | So far all my internet research led nowhere. Has anyone an Idea what I could do to correct the problem? | 13:09 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!