Re: compromised passwords
Moved to bitwarden after Matthew G recommended it on this list - haven't looked back - Thomas Scott | mr.thomas.sc...@gmail.com On Thu, Feb 4, 2021 at 8:28 PM Andrew McRobb via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > Wait, you guys don't write your passwords on notepads you leave everywhere? > > In all seriousness, KeePass for the win. My only issue is there isn't a > good way to automatically migrate new passwords from phone to desktop. > > I was thinking of writing my own little password manager using some > GoLang, Postgres and a simple frontend stack that uses something like ngork > to create a tunnel if I use my phone outside of my network just for kicks. > > On Thu, Feb 4, 2021 at 5:25 PM Michael Butash via PLUG-discuss < > plug-discuss@lists.phxlinux.org> wrote: > >> Key folks here recommended KeepassXC after looking at migrating away from >> Lastpass back to something more local/trusted, and it's been pretty good >> for me under linux. I miss the cloud integration of passwords on my phone >> too, but deal with this otherways. Not always ideal, but I really don't >> trust GoToMeeting that owns Lastpass now to be worth a crap, so I'll take >> signal to send myself a password with an expiration occasionally as a "note >> to self" vs. corporate whore with no foundation in reality like >> gotomeeting. They still don't even have a linux meeting client, they can >> die a painful death as I am concerned. >> >> I use keepass with my yubikey, I feel pretty good with this for >> encrypting data for .gov/major orgs local or rest of the world. >> >> -mb >> >> >> On Thu, Feb 4, 2021 at 4:41 PM Ryan Petris via PLUG-discuss < >> plug-discuss@lists.phxlinux.org> wrote: >> >>> I'm surprised no one has mentioned KeePass yet. KeePassXC is open >>> source, stores data locally, is secure, and supports some other things like >>> OTP token generation. You can then sync the database with Nextcloud, >>> dropbox, etc. >>> >>> On February 4, 2021 4:14:33 PM MST, Matthew Crews via PLUG-discuss < >>> plug-discuss@lists.phxlinux.org> wrote: On 2/4/21 2:59 PM, Snyder, Alexander J via PLUG-discuss wrote: > Do you have time to talk about our lord and savior LastPass? > > Also, please don't store passwords in your browser. > I'm more of a BitWarden person myself, but any password manager is better than storing it in your browser. -Matt -- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> --- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
Wait, you guys don't write your passwords on notepads you leave everywhere? In all seriousness, KeePass for the win. My only issue is there isn't a good way to automatically migrate new passwords from phone to desktop. I was thinking of writing my own little password manager using some GoLang, Postgres and a simple frontend stack that uses something like ngork to create a tunnel if I use my phone outside of my network just for kicks. On Thu, Feb 4, 2021 at 5:25 PM Michael Butash via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > Key folks here recommended KeepassXC after looking at migrating away from > Lastpass back to something more local/trusted, and it's been pretty good > for me under linux. I miss the cloud integration of passwords on my phone > too, but deal with this otherways. Not always ideal, but I really don't > trust GoToMeeting that owns Lastpass now to be worth a crap, so I'll take > signal to send myself a password with an expiration occasionally as a "note > to self" vs. corporate whore with no foundation in reality like > gotomeeting. They still don't even have a linux meeting client, they can > die a painful death as I am concerned. > > I use keepass with my yubikey, I feel pretty good with this for encrypting > data for .gov/major orgs local or rest of the world. > > -mb > > > On Thu, Feb 4, 2021 at 4:41 PM Ryan Petris via PLUG-discuss < > plug-discuss@lists.phxlinux.org> wrote: > >> I'm surprised no one has mentioned KeePass yet. KeePassXC is open source, >> stores data locally, is secure, and supports some other things like OTP >> token generation. You can then sync the database with Nextcloud, dropbox, >> etc. >> >> On February 4, 2021 4:14:33 PM MST, Matthew Crews via PLUG-discuss < >> plug-discuss@lists.phxlinux.org> wrote: >>> >>> On 2/4/21 2:59 PM, Snyder, Alexander J via PLUG-discuss wrote: >>> Do you have time to talk about our lord and savior LastPass? Also, please don't store passwords in your browser. >>> >>> I'm more of a BitWarden person myself, but any password manager is >>> better than storing it in your browser. >>> >>> -Matt >>> -- >>> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >>> To subscribe, unsubscribe, or to change your mail settings: >>> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >>> >>> --- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
Key folks here recommended KeepassXC after looking at migrating away from Lastpass back to something more local/trusted, and it's been pretty good for me under linux. I miss the cloud integration of passwords on my phone too, but deal with this otherways. Not always ideal, but I really don't trust GoToMeeting that owns Lastpass now to be worth a crap, so I'll take signal to send myself a password with an expiration occasionally as a "note to self" vs. corporate whore with no foundation in reality like gotomeeting. They still don't even have a linux meeting client, they can die a painful death as I am concerned. I use keepass with my yubikey, I feel pretty good with this for encrypting data for .gov/major orgs local or rest of the world. -mb On Thu, Feb 4, 2021 at 4:41 PM Ryan Petris via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > I'm surprised no one has mentioned KeePass yet. KeePassXC is open source, > stores data locally, is secure, and supports some other things like OTP > token generation. You can then sync the database with Nextcloud, dropbox, > etc. > > On February 4, 2021 4:14:33 PM MST, Matthew Crews via PLUG-discuss < > plug-discuss@lists.phxlinux.org> wrote: >> >> On 2/4/21 2:59 PM, Snyder, Alexander J via PLUG-discuss wrote: >> >>> Do you have time to talk about our lord and savior LastPass? >>> >>> Also, please don't store passwords in your browser. >>> >> >> I'm more of a BitWarden person myself, but any password manager is >> better than storing it in your browser. >> >> -Matt >> -- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss >> >> --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
I'm surprised no one has mentioned KeePass yet. KeePassXC is open source, stores data locally, is secure, and supports some other things like OTP token generation. You can then sync the database with Nextcloud, dropbox, etc. On February 4, 2021 4:14:33 PM MST, Matthew Crews via PLUG-discuss wrote: >On 2/4/21 2:59 PM, Snyder, Alexander J via PLUG-discuss wrote: >> Do you have time to talk about our lord and savior LastPass? >> >> Also, please don't store passwords in your browser. > >I'm more of a BitWarden person myself, but any password manager is >better than storing it in your browser. > >-Matt >--- >PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >To subscribe, unsubscribe, or to change your mail settings: >https://lists.phxlinux.org/mailman/listinfo/plug-discuss--- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
On 2/4/21 2:59 PM, Snyder, Alexander J via PLUG-discuss wrote: > Do you have time to talk about our lord and savior LastPass? > > Also, please don't store passwords in your browser. I'm more of a BitWarden person myself, but any password manager is better than storing it in your browser. -Matt --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
Then I must be an unusual case. I have 307 distinct passwords in my head and because of some of the characters used, they don’t translate to Braille at all. However, what makes my scheme so friendly for me, yet extremely difficult to guess is how I create them. Also, in the last 10 years, I have used passwords with not less than 20 characters in length. Good luck breaking them. One nice thing about my passwords, if a breach happens and one of them does show up, I know immediately which site it was. Since no two are used anywhere else, this makes life easy for me. -Eric > On Feb 4, 2021, at 3:04 PM, Nate Bowman via PLUG-discuss > wrote: > > HaveIBeenPwned is only good for official data breaches which some are just > out of your control like the Exactis breach, its just a good way to get an > idea of what could possibly be out there. > > If you are really worried about your password security, change your > passwords, try out LastPass or Dashlane and export your passwords from google > and import them into an encrypted password manager and then delete your > passwords from Chrome. > > On Thu, Feb 4, 2021 at 1:58 PM sean via PLUG-discuss > mailto:plug-discuss@lists.phxlinux.org>> > wrote: > Google checks your email against a large set of compromised credentials. You > can check yourself at resources like haveibeenpwned.com > <http://haveibeenpwned.com/>, which has 16 records of your email in its > datasets. > 157 sounds like a lot and makes me question Google's data quality, but in any > case this is what they are doing. > Have you tried a different password? Maybe Chrome won't let you save what it > thinks is a known compromised password. > > Sean > > > On Thu, Feb 4, 2021 at 2:28 PM Michael via PLUG-discuss > mailto:plug-discuss@lists.phxlinux.org>> > wrote: > Whenever I try to save a password in chrome a window pops up saying I > have 157 compromised passwords. Then, after I click the inspect button > I am informed I have no saved passwords. How do I get that notice to > stop appearing and passwords to be saved again? Oh, I forgot to say > thay passwords are not being saved. > > -- > :-)~MIKE~(-: > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > <mailto:PLUG-discuss@lists.phxlinux.org> > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss > <https://lists.phxlinux.org/mailman/listinfo/plug-discuss>--- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > <mailto:PLUG-discuss@lists.phxlinux.org> > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss > <https://lists.phxlinux.org/mailman/listinfo/plug-discuss> > > -- > -Nate Bowman > Website Manager / Data Analyst > > Pedder Auto Group > www.pedderautogroup.com <http://www.pedderautogroup.com/> > nbow...@pedderautogroup.com <mailto:nbow...@pedderautogroup.com> > > This e-mail message, including any attachments, is for the sole use of the > intended recipient, and may contain material that is privileged or > confidential and legally protected from disclosure. > > If you are not the intended recipient or have received this message in error, > you are not authorized to copy, distribute, or otherwise use this message or > its attachments. > > Please notify the sender immediately by return e-mail and permanently delete > this message and any attachments. > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
HaveIBeenPwned is only good for official data breaches which some are just out of your control like the Exactis breach, its just a good way to get an idea of what could possibly be out there. If you are really worried about your password security, change your passwords, try out LastPass or Dashlane and export your passwords from google and import them into an encrypted password manager and then delete your passwords from Chrome. On Thu, Feb 4, 2021 at 1:58 PM sean via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > Google checks your email against a large set of compromised credentials. > You can check yourself at resources like haveibeenpwned.com, which has 16 > records of your email in its datasets. > 157 sounds like a lot and makes me question Google's data quality, but in > any case this is what they are doing. > Have you tried a different password? Maybe Chrome won't let you save what > it thinks is a known compromised password. > > Sean > > > On Thu, Feb 4, 2021 at 2:28 PM Michael via PLUG-discuss < > plug-discuss@lists.phxlinux.org> wrote: > >> Whenever I try to save a password in chrome a window pops up saying I >> have 157 compromised passwords. Then, after I click the inspect button >> I am informed I have no saved passwords. How do I get that notice to >> stop appearing and passwords to be saved again? Oh, I forgot to say >> thay passwords are not being saved. >> >> -- >> :-)~MIKE~(-: >> --- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss -- -Nate Bowman Website Manager / Data Analyst Pedder Auto Group *www.pedderautogroup.com <http://www.pedderautogroup.com/>* *nbow...@pedderautogroup.com* This e-mail message, including any attachments, is for the sole use of the intended recipient, and may contain material that is privileged or confidential and legally protected from disclosure. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
Do you have time to talk about our lord and savior LastPass? Also, please don't store passwords in your browser. Thanks, Alexander. Sent from my Samsung S20+ 5G On Thu, Feb 4, 2021, 14:58 sean via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > Google checks your email against a large set of compromised credentials. > You can check yourself at resources like haveibeenpwned.com, which has 16 > records of your email in its datasets. > 157 sounds like a lot and makes me question Google's data quality, but in > any case this is what they are doing. > Have you tried a different password? Maybe Chrome won't let you save what > it thinks is a known compromised password. > > Sean > > > On Thu, Feb 4, 2021 at 2:28 PM Michael via PLUG-discuss < > plug-discuss@lists.phxlinux.org> wrote: > >> Whenever I try to save a password in chrome a window pops up saying I >> have 157 compromised passwords. Then, after I click the inspect button >> I am informed I have no saved passwords. How do I get that notice to >> stop appearing and passwords to be saved again? Oh, I forgot to say >> thay passwords are not being saved. >> >> -- >> :-)~MIKE~(-: >> --- >> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org >> To subscribe, unsubscribe, or to change your mail settings: >> https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
Google checks your email against a large set of compromised credentials. You can check yourself at resources like haveibeenpwned.com, which has 16 records of your email in its datasets. 157 sounds like a lot and makes me question Google's data quality, but in any case this is what they are doing. Have you tried a different password? Maybe Chrome won't let you save what it thinks is a known compromised password. Sean On Thu, Feb 4, 2021 at 2:28 PM Michael via PLUG-discuss < plug-discuss@lists.phxlinux.org> wrote: > Whenever I try to save a password in chrome a window pops up saying I > have 157 compromised passwords. Then, after I click the inspect button > I am informed I have no saved passwords. How do I get that notice to > stop appearing and passwords to be saved again? Oh, I forgot to say > thay passwords are not being saved. > > -- > :-)~MIKE~(-: > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
I wish I could On Thu, Feb 4, 2021 at 4:41 PM Harold Hartley via PLUG-discuss wrote: > > Don’t use chrome. > > On Thu, Feb 4, 2021, at 14:27, Michael via PLUG-discuss wrote: > > Whenever I try to save a password in chrome a window pops up saying I > > have 157 compromised passwords. Then, after I click the inspect button > > I am informed I have no saved passwords. How do I get that notice to > > stop appearing and passwords to be saved again? Oh, I forgot to say > > thay passwords are not being saved. > > > > -- > > :-)~MIKE~(-: > > --- > > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > > To subscribe, unsubscribe, or to change your mail settings: > > https://lists.phxlinux.org/mailman/listinfo/plug-discuss > > -- > Harold Hartley > 17632 N. 5th place > Phoenix, AZ 85022 > wheelie...@ownmail.net > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss -- :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
Re: compromised passwords
Don’t use chrome. On Thu, Feb 4, 2021, at 14:27, Michael via PLUG-discuss wrote: > Whenever I try to save a password in chrome a window pops up saying I > have 157 compromised passwords. Then, after I click the inspect button > I am informed I have no saved passwords. How do I get that notice to > stop appearing and passwords to be saved again? Oh, I forgot to say > thay passwords are not being saved. > > -- > :-)~MIKE~(-: > --- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > https://lists.phxlinux.org/mailman/listinfo/plug-discuss -- Harold Hartley 17632 N. 5th place Phoenix, AZ 85022 wheelie...@ownmail.net --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss
compromised passwords
Whenever I try to save a password in chrome a window pops up saying I have 157 compromised passwords. Then, after I click the inspect button I am informed I have no saved passwords. How do I get that notice to stop appearing and passwords to be saved again? Oh, I forgot to say thay passwords are not being saved. -- :-)~MIKE~(-: --- PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org To subscribe, unsubscribe, or to change your mail settings: https://lists.phxlinux.org/mailman/listinfo/plug-discuss