| lotuspsychje | good morning | 02:40 |
|---|---|---|
| leftyfb | "Enter a valid password with a max of 12 characters." | 02:51 |
| leftyfb | these places drive me nuts | 02:51 |
| arraybolt3 | Lets them provide reasonable NVIDIA stress-testing services on the side? :P | 02:52 |
| arraybolt3 | "Audit our customers' security and get paid for your compute power!" | 02:52 |
| leftyfb | what gets me more is the banks that have other limitations with passwords | 02:52 |
| leftyfb | you would think they would want MORE secure passwords | 02:52 |
| leftyfb | I've contacted every one of them recently and complained and left feedback | 02:52 |
| arraybolt3 | "Sorry, that PIN is invalid. Please make sure there are exactly 4 digits." >_< | 02:52 |
| oerheks | 4 digit pin code only :-( | 02:52 |
| oerheks | This is so 1999 | 02:53 |
| arraybolt3 | Who knows, maybe this is why people *really* hate COBOL. | 02:53 |
| leftyfb | don't even get me started with the places that still ask for me pin when I use apple pay | 02:53 |
| arraybolt3 | I think one time there was a password dialog box I ran into that *wouldn't* accept symbols. | 02:54 |
| leftyfb | oh, those still exist | 02:55 |
| arraybolt3 | Like what, are you storing this in plaintext in a flat file with a special parser? | 02:55 |
| arraybolt3 | If you're hashing the password, surely the characters in it don't matter. | 02:56 |
| leftyfb | I'm doing this because I've spent the past few weeks moving off of Lastpass | 02:56 |
| JanC | 4-digit PIN codes are pretty safe if you use them for the right things | 02:56 |
| arraybolt3 | :O | 02:56 |
| arraybolt3 | JanC: A bank is not the right thing for that. | 02:57 |
| leftyfb | I think I had about 12 or 1300 passwords stored in it. A lot of duplicates because websites are stupid. I'm down to about 400 or so left to go and 224 stored in the new password manager | 02:57 |
| JanC | they are; most bank cards will block your card after 3 failed attempts | 02:57 |
| arraybolt3 | Think about it - 4 digits, that's exactly 10,000 possible codes. If you get locked out after 3 attempts, that means that one out of every 3334 bank cracking attempts succeeds. | 02:58 |
| leftyfb | I'm going through each site in lastpass, logging in, updating my email address if applicable, updating password, enabling MFS if available, adding it to my new password manager and removing it from last pass. It's going a lot slower than I expected | 02:58 |
| arraybolt3 | So if there's one million attempted PIN guesses, about 300 of them work. | 02:58 |
| JanC | you would usually also be filmed while trying to enter that PIN | 02:59 |
| arraybolt3 | That's easier than winning the lottery. | 02:59 |
| JanC | so your chances of doing that successfully (as in getting away with it) aren't very big | 03:00 |
| arraybolt3 | JanC: Meh, valid point, but I'm sure that doesn't deter everybody. | 03:00 |
| JanC | most money that gets stolen with a card & PIN is where people wrote their PIN down or were forced to give it | 03:01 |
| arraybolt3 | (You could probably narrow down the codes too - 0000, 9999, 1234, etc. probably aren't in use.) | 03:02 |
| JanC | my guess is that those are probably used a lot :P | 03:03 |
| JanC | that and birthdays, etc. | 03:03 |
| arraybolt3 | ...I wish I had the faith in humanity to say that I thought you were wrong XD | 03:03 |
| JanC | the same applies to passwords, of course | 03:04 |
| arraybolt3 | oh my gosh that reminds me of a "lifehack" I read once. | 03:04 |
| arraybolt3 | It was in a book, "Handy Household Hints from Heloise". It had a password creation scheme in it that was horrifically insecure. | 03:04 |
| arraybolt3 | Something like, "Pick four digits, like your birthday, then put the first two at the start, the name of the company in the middle, and the last two at the end." | 03:04 |
| arraybolt3 | I wonder how many compromised accounts that resulted in. | 03:05 |
| JanC | well, that's much better than _some_ alternatives, of course :) | 03:05 |
| arraybolt3 | /msg nickserv identify arraybolt3 Password!123 | 03:06 |
| arraybolt3 | :P (obviously fake) | 03:06 |
| JanC | better than a bare password, and certainly better than "password" | 03:06 |
| JanC | better than a bare *birthday* | 03:06 |
| arraybolt3 | To make this slightly more on-topic, there used to be (might still be) a GNOME Disks bug where it will truncate your LUKS passphrase if you make it too long. | 03:07 |
| JanC | which might or might not be a problem :) | 03:08 |
| JanC | I guess it gets really fun when you try to unlock it in another way | 03:09 |
| arraybolt3 | Oh it's definitely a problem, you give it a passphrase, it "successfully" applies it, and then you can't get back in later :-/ | 03:10 |
| arraybolt3 | (One assumes you eventually figure it out and try successively longer truncated versions of the passphrase until it works.) | 03:10 |
| JanC | wouldn't it still work when you use GNOME Disk to unlock it? | 03:12 |
| JanC | or does it only truncate on creation? | 03:12 |
| arraybolt3 | Not if you've used it to change your main drive's password and it's Plymouth asking you for it. | 03:12 |
| JanC | well, yeah, so depends on how you try to unlock it | 03:13 |
| arraybolt3 | It's probably even more of a problem if you have encrypted /boot and so only get one shot at unlocking the partition before being dropped to a GRUB shell. | 03:14 |
| lotuspsychje | https://haveibeenpwned.com/ | 03:15 |
| arraybolt3 | leftyfb: 12-1300?! How on earth do you have that many accounts? | 03:15 |
| JanC | should be possible to unlock it from a live image (that still has the broken version) | 03:15 |
| lotuspsychje | meanwhile their database grows tons | 03:15 |
| leftyfb | arraybolt3: I've been on the internet since roughly 1993 | 03:16 |
| arraybolt3 | JanC: Hopefully true. It's not impossible to get back in (I hope!), just tricky, | 03:16 |
| arraybolt3 | leftyfb: Hmm. I've only been on for a couple of years, and have a very small list of accounts. | 03:17 |
| arraybolt3 | and most of those are mailing list subscriptions. | 03:17 |
| JanC | mailman will mail you your password anyway :P | 03:17 |
| arraybolt3 | Ubuntu's mailman doesn't seem to do that oddly. | 03:17 |
| JanC | I mean, it will mail you on request | 03:18 |
| arraybolt3 | I have them all in Chrome anyway, so it doesn't really matter. It probably wouldn't matter if I just discarded the password entirely | 03:18 |
| arraybolt3 | JanC: Oh, didn't know that. | 03:18 |
| JanC | the monthly mails are just an option | 03:18 |
| leftyfb | arraybolt3: I'm actually deleting the passwords stored in chrome as well | 03:19 |
| leftyfb | it's not something I can use easily on other devices unless I sign in to the browser with my chrome profile since I encrypted the passwords | 03:20 |
| arraybolt3 | What password manager are you migrating to? | 03:20 |
| leftyfb | and it doesn't always keep in sync with other password managers | 03:20 |
| leftyfb | 1password | 03:20 |
| arraybolt3 | Never heard of them. | 03:20 |
| JanC | arraybolt3: see e.g. https://lists.ubuntu.com/mailman/options/ubuntu-announce → enter your email address & hit the button at the bottom | 03:20 |
| JanC | assuming you are subscribed, of course :) | 03:21 |
| leftyfb | arraybolt3: I didn't care for it at first, but it's grown on me. It does several things better than Lastpass | 03:23 |
| arraybolt3 | leftyfb: For me, all my devices are either Chrome-compatible or don't need my passwords or I can just pull them from a Chrome-enabled device if I really need them elsewhere. | 03:23 |
| leftyfb | arraybolt3: if you encrypt your password store in chrome, you can't access your password remotely using the google password manager | 03:24 |
| arraybolt3 | (As an aside, my suspicion that Chrome was more lightweight than Firefox was confirmed by a Phronix benchmark the other day - it's not just faster at most things, it's sometimes *way* faster.) | 03:24 |
| arraybolt3 | leftyfb: I always just access it from within the browser. | 03:24 |
| leftyfb | with browsers, the grass is always greener. Also, going to a new browser will ALWAYS be faster since you haven't loaded it up with a bunch of addons, plugins, themes, bookmarks, passwords, cookies, cache, etc | 03:25 |
| JanC | lastpass isn't even worth the name "password manager", it's basically a password wide distribution manager | 03:26 |
| arraybolt3 | I've been using Chrome for a good while and it's still noticably faster. | 03:26 |
| arraybolt3 | Also I can access my encrypted passwords from within passwords.google.com. | 03:26 |
| arraybolt3 | Although I don't use on-device encryption, that's probably waht you meant. | 03:26 |
| leftyfb | JanC: I wouldn't go that far. The "breach" wasn't as bad as everyone is making it out to be. My account didn't actually get breached. But this isn't the first time they've had an issue and they handled this very poorly. Even if your backup vault was part of the breach, they still need to get your master password to unlock it | 03:27 |
| JanC | arraybolt3: last time I tried it (now long ago), Chromium got *unuseably* slow once I opened a lot of tabs | 03:28 |
| arraybolt3 | Maybe things got better, or maybe Chromium and Chrome are different. | 03:29 |
| JanC | do you use it with >100 tabs loaded? | 03:30 |
| leftyfb | https://imgur.com/a/772s4y5 | 03:30 |
| arraybolt3 | Hmm, no, I have 45 at the moment. | 03:30 |
| JanC | or did Phoronix test that? | 03:30 |
| leftyfb | arraybolt3: ^ | 03:30 |
| arraybolt3 | Once I get much higher than that though, it gets so hard to find what I'm looking for that I start cleaning them up. | 03:30 |
| leftyfb | JanC: I put tabs into groups these days. I have maybe 20 or so tabs outside of groups at any given moment | 03:31 |
| JanC | TreeStyleTab FTW :P | 03:31 |
| arraybolt3 | Hmm... on-device encryption scares me a bit :P | 03:32 |
| leftyfb | It’s not per device encryption | 03:32 |
| leftyfb | It’s just locked with a pass phrase | 03:32 |
| arraybolt3 | True, but I do change my Google password every so often, and I dread the day I lose all my devices, especially if it happens just after a password change... probably irrational, but still... | 03:33 |
| leftyfb | a proper password manager allows you to share sets of passwords as well and have multiple "vaults" | 03:35 |
| arraybolt3 | I mean I see what you're saying, and for some stuff that makes sense, but I don't know I'd ever bother with actually using that feature. | 03:39 |
| arraybolt3 | Maybe that's a problem with me though :P | 03:39 |
| leftyfb | I do a lot | 03:41 |
| leftyfb | requires a lot of management | 03:41 |
| arraybolt3 | JanC: I suspect the problem with Chromium you were hitting is probably fixed, since Chrome recently started making tabs that you weren't using much go to "sleep" or something similar - basically it has to reload the tab next time you click on it. Probably a good feature, though it does keep stealing free member-only Medium articles from me :P | 03:51 |
| arraybolt3 | (Sometimes you don't want to burn two free articles on one article when you were just looking up how to do something in Python or whatnot.) | 03:52 |
| JanC | I don't want tabs to be unloaded without my permission | 03:52 |
| JanC | Firefox can do that too | 03:52 |
| JanC | some sites will not restore "state" when reloaded | 03:53 |
| arraybolt3 | That makes sense. The day I lose a massive Reddit post or comment will probably be the day I turn that feature off. | 03:53 |
| arraybolt3 | Though hopefully it knows better than to sleep those tabs. | 03:54 |
| JanC | it's mostly old sites (that don't use local storage) that do interactive search results or changes | 03:55 |
| === ledeni_ is now known as ledeni | ||
| === JanC_ is now known as JanC | ||
| === pizzaiolo is now known as pizza | ||
| === Maik6 is now known as Maik | ||
| === leftyfb_ is now known as leftyfb | ||
| lotuspsychj3 | leftyfb: https://www.goto.com/blog/our-response-to-a-recent-security-incident | 17:03 |
| leftyfb | lotuspsychj3: ? | 17:04 |
| leftyfb | I don't use anything by GoTo | 17:04 |
| lotuspsychj3 | just showing on my rss news | 17:05 |
| lotuspsychj3 | lastpass related a bit | 17:05 |
| leftyfb | yeah, if anything, it's just more of the same | 17:05 |
| leftyfb | I'm not more concerned | 17:06 |
| lotuspsychj3 | kk | 17:06 |
| leftyfb | all of my important passwords have been changed. I have about 400 or so to still go through but they're mostly dupes, outdated services or stuff I don't really care about | 17:06 |
| leftyfb | they would still need to get my master password to unlock the vault | 17:07 |
| === pizzaiolo is now known as pizza | ||
| leftyfb | wow, the ubuntu 22.04 installer is REALLY broken if you don't have DHCP | 17:11 |
| ravage | the statement is true in general | 17:19 |
| leftyfb | I don't see how this passed any sort of QA | 17:47 |
| enigma9o7 | What is wrong with this picture? https://itsfoss.com/content/images/wordpress/2013/07/install-gambas-ubuntu-linux.jpg | 21:54 |
| enigma9o7 | from https://itsfoss.com/install-gambas-ubuntu/ | 21:54 |
| daftykins | no T! | 22:05 |
| daftykins | oh they left | 22:05 |
| sarnold | uwu ubunu! | 22:15 |
| arraybolt3 | Attack of the killer lobster? | 22:15 |
| Jeremy31 | sharknado | 22:16 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
