It IS superior. Sorry you're so butt-hurt about it. It's mobile, take it wherever you go, it's secure, it stores passwords OFFLINE, instead of online where a simple keylogger can compromise your entirety of existence...
...it was created by the hackaday community, a community that's regularly steeped in computer security.
Also, you don't need to include a picture of yourself when posting on the internet.
That's because your response was pretty pathetically, obviously, based on emotion rather than actual argument. 3 tenets of security. Something you know, something you have, and something you are. The tool I presented covers 2 of those things and does a better job of it than the software that you need to install on each and every machine you go to. You are not using logic here, you're just angry that someone presented a more secure alternative. My JOB was to break into systems for at least 8-10 years, and SSO apps like KeePass are like leaving everything on the kitchen table and your front door unlocked. Your social security card, drivers license, all laying in a single spot.
Can't fucking hack shit that isn't online. Airgaps are one of the most secure methods of storage. You don't store your bitcoin in fucking Google Drive, you print that shit and store it in a safe...unless you WANT it compromised.
Yes, it's "clunky"...so are TOTP tokens. But they exist for good reason. The mention of that tool was merely presenting other people with alternatives - if they want to be less secure, they can use KeePassX (still more secure than writing your passwords down), and if they want to be a little more secure, they can use my proposed tool. Just presenting people with options, calm down...yeesh.
your response was pretty pathetically, obviously, based on emotion
You are not using logic here, you're just angry that someone presented a more secure alternative.
Gotta say, you may need a filter adjustment. These claims you're making don't match that guys comments...
Your social security card, drivers license, all laying in a single spot.
Yes... but I'm not seeing the connection with the internet here. How is someone going to hack my left drawer through my computer? SS card is actually in the bedroom. So I'm curious to know how a hacker could come through my computer to get to my SS card in the bedroom, and the dl in the kitchen drawer.
And yes, any qualified person can buy the full set of all my info, but you specifically claimed they could come through my computer to find and copy my physical cards. Seems 'unlikely', but maybe I'm just clueless. Fill me in.
You're taking a metaphor as literal interpretation.
You use one master password with KeePassX in order to fill in all your other passwords. Typing that password on a computer keyboard can be easily sniffed by the simplest of keyloggers. That single password, gives attackers ALL OF YOUR OTHER passwords.
Having an offline device, means that master password is never typed into a keyboard that is attached to an OS which might be compromised. It's this separation of input which grants you greater security.
Unfortunately /u/deejf thinks he knows his shit (he even has cryptocurrency listed in his voat sig), but he's showing he obviously knows nothing about computer security.
Okay, I'm thinking they could get my amazon account, but they'd need to supply their own gift card to make a purchase. There's obviously no bank information on my computer, and my Paypal account balance typically stays under $10. I view any information on an electronic device as potentially compromised. More so when it's connected to the internet.
They could take over my banned reddit account. lol Would have to make a new voat account, and maybe a couple others. I do have some steam games, and that might be a pain in the ass, but over all, no huge loss.
Just looked through my saved password list. Steam, Mojang, and google are the only accounts that would be problematic, afaik. There's no cash value in the others, although I suppose they could try to obtain credit with some of them?
Dunno how much this helps with hacking attempts, but on most sites I visit, I only enable the minimum number of scripts and such to get what I want.
view the rest of the comments →
deejf ago
KeePassX. Open source. Platform agnostic. Secure and flexible.
I've been using it for twelve years. :)
kitnaht ago
https://www.themooltipass.com/ -- actually platform agnostic, secure, offline password keeper. If it implements USB, you can use it.
deejf ago
Oh, I see, you're promoting a $79 boondoggle and pretending its superior.
I get it now.
kitnaht ago
It IS superior. Sorry you're so butt-hurt about it. It's mobile, take it wherever you go, it's secure, it stores passwords OFFLINE, instead of online where a simple keylogger can compromise your entirety of existence...
...it was created by the hackaday community, a community that's regularly steeped in computer security.
Also, you don't need to include a picture of yourself when posting on the internet.
deejf ago
Ah, yes, tell me that I'm butt-hurt so that any answer I give can be dismissed as emotion rather than an argument.
It looks clunky and inconvenient as hell. YOU might think it's superior, but, well, if your judgement is anything like your skill at persuasion...
kitnaht ago
That's because your response was pretty pathetically, obviously, based on emotion rather than actual argument. 3 tenets of security. Something you know, something you have, and something you are. The tool I presented covers 2 of those things and does a better job of it than the software that you need to install on each and every machine you go to. You are not using logic here, you're just angry that someone presented a more secure alternative. My JOB was to break into systems for at least 8-10 years, and SSO apps like KeePass are like leaving everything on the kitchen table and your front door unlocked. Your social security card, drivers license, all laying in a single spot.
https://www.theverge.com/2017/3/22/15023062/lastpass-security-flaw-passwords -- That's just in March of this year. There have been many more.
Can't fucking hack shit that isn't online. Airgaps are one of the most secure methods of storage. You don't store your bitcoin in fucking Google Drive, you print that shit and store it in a safe...unless you WANT it compromised.
Yes, it's "clunky"...so are TOTP tokens. But they exist for good reason. The mention of that tool was merely presenting other people with alternatives - if they want to be less secure, they can use KeePassX (still more secure than writing your passwords down), and if they want to be a little more secure, they can use my proposed tool. Just presenting people with options, calm down...yeesh.
Tsilent_Tsunami ago
Gotta say, you may need a filter adjustment. These claims you're making don't match that guys comments...
Yes... but I'm not seeing the connection with the internet here. How is someone going to hack my left drawer through my computer? SS card is actually in the bedroom. So I'm curious to know how a hacker could come through my computer to get to my SS card in the bedroom, and the dl in the kitchen drawer.
And yes, any qualified person can buy the full set of all my info, but you specifically claimed they could come through my computer to find and copy my physical cards. Seems 'unlikely', but maybe I'm just clueless. Fill me in.
kitnaht ago
You're taking a metaphor as literal interpretation.
You use one master password with KeePassX in order to fill in all your other passwords. Typing that password on a computer keyboard can be easily sniffed by the simplest of keyloggers. That single password, gives attackers ALL OF YOUR OTHER passwords.
Having an offline device, means that master password is never typed into a keyboard that is attached to an OS which might be compromised. It's this separation of input which grants you greater security.
Unfortunately /u/deejf thinks he knows his shit (he even has cryptocurrency listed in his voat sig), but he's showing he obviously knows nothing about computer security.
Tsilent_Tsunami ago
Okay, I'm thinking they could get my amazon account, but they'd need to supply their own gift card to make a purchase. There's obviously no bank information on my computer, and my Paypal account balance typically stays under $10. I view any information on an electronic device as potentially compromised. More so when it's connected to the internet.
They could take over my banned reddit account. lol Would have to make a new voat account, and maybe a couple others. I do have some steam games, and that might be a pain in the ass, but over all, no huge loss.
Just looked through my saved password list. Steam, Mojang, and google are the only accounts that would be problematic, afaik. There's no cash value in the others, although I suppose they could try to obtain credit with some of them?
Dunno how much this helps with hacking attempts, but on most sites I visit, I only enable the minimum number of scripts and such to get what I want.
kitnaht ago
Yes, but that's you. The suggestion was being made to a wide audience of people. Others may use this for banking, etc.