Re: It has to be said
Re: It has to be said POint though, fido2 does not work with the mobile apps. Windows Hello on the desktop app is a partial remedy, but there's no freaking way I'm weakening the multifactor auth for the sake of mobile compaitibility. Not until fido2 is brought into Electron across the board. URL: https://forum.audiogames.net/post/614488/#p614488 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-10
Thread
AudioGames . net Forum — Site and forum feedback : nidza07 via Audiogames-reflector
Re: It has to be said It is, but it's not inaccessible, just a little more annoying to use. Once you setup autofill properly though, you rarely need to open the actual app. URL: https://forum.audiogames.net/post/614473/#p614473 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-10
Thread
AudioGames . net Forum — Site and forum feedback : GrannyCheeseWheel via Audiogames-reflector
Re: It has to be said My thing with Bitwarden is that the iOS accessibility is really kind of meh. URL: https://forum.audiogames.net/post/614469/#p614469 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
Re: It has to be said Better to get bitwarden. Much more for less money, and the premium plan to get fido2 support is only 10 a year.@Defender: Most newer keys have both usb and nfc built in. Solos refuse to use Bluetooth due to it being a non-security friendly communication channel, but most every new phone has an nfc reader it just needs to be supported.The technology is tried and true, and pretty much unhackable short of someone actually going in and stealing your key, which already drops the probability of getting hacked probably tenfold. Even if there was a breach, you can't do shit if everyone's accounts were protected, only accessible via a key that you must press a physical mechanical button on. At least the solo keys use an actual switch that is not susceptible to any digital trickery. Sites just flatly refuse to support it, either because they don't have the balls to require people carry a second device around with them, or because the sites could stand to make some easy cash off account hacks (paypal in regard to the Twitch incident, looking at you). URL: https://forum.audiogames.net/post/614456/#p614456 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-10
Thread
AudioGames . net Forum — Site and forum feedback : defender via Audiogames-reflector
Re: It has to be said I've heard allot of good things about 1password and Bitwarden. URL: https://forum.audiogames.net/post/614452/#p614452 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-10
Thread
AudioGames . net Forum — Site and forum feedback : MatthewSmithYT via Audiogames-reflector
Re: It has to be said Speaking of passwords and password managers, does anyone know of a good one, iPhone and Windows compatible both?I don't want to have to type passwords in my iPhone keyboard but I really would like to make things more secure. URL: https://forum.audiogames.net/post/614419/#p614419 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
Re: It has to be said @15, not necessarily. You can integrate USB and bluetooth/NFC into one key. URL: https://forum.audiogames.net/post/614406/#p614406 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-10
Thread
AudioGames . net Forum — Site and forum feedback : defender via Audiogames-reflector
Re: It has to be said @ethin"You go to a website that supports it,"And there's your problem. Well, that and to make the key truly universal would require either a ton of adapters or over the air transmission which would make it less secure.But I agree, they are really cool. URL: https://forum.audiogames.net/post/614387/#p614387 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-10
Thread
AudioGames . net Forum — Site and forum feedback : defender via Audiogames-reflector
Re: It has to be said @ethin"You go to a website that supports it,"And there's your problem. URL: https://forum.audiogames.net/post/614387/#p614387 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
Re: It has to be said FIDO2/U2F is something anyone can use. Its ridiculously simple. You buy a U2F-compatible key like the Titan, SoloKey or YubiKey and you can then store GPG keys and authentication credentials on it. You go to a website that supports it, enable it and follow the instructions -- it can't get simpler than that. The problem, as Jack said, is that very few people have adopted it, and so security experts have to force the password requirements down your throats because its the only way to get people to actually take hackers seriously.@12, I'd buy a SoloKey if my YubiKey didn't have like 2 years of data on it that I can't lose. It has my GPG keys on it for example. URL: https://forum.audiogames.net/post/614187/#p614187 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-08
Thread
AudioGames . net Forum — Site and forum feedback : GrannyCheeseWheel via Audiogames-reflector
Re: It has to be said @11 I am speaking of everyone though, not just blind people.In general, I go so far with security, then convenience wins out. I feel like this is most people. Security experts will rant and rave about this, but tech isn't made for them, nor is it made for IT people. It's got to be something everyone can get to grips with. URL: https://forum.audiogames.net/post/613754/#p613754 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
Re: It has to be said The master password situation might be solvable via solo dice keyswhich will allow you to create a permanent cryptographic unguessable key based on a literal roll of dice. No worrying about remembering your master pw then. AS for the dice set? Well, don't lose your security key should become the norm along with don't lose your damn keys in the first place.These guys know what they're doing, especially considering the solo key itself. Open source unlike Ubikey, and excellent security, definitely on the verge of passwordless login - problem? The number of sites actually adopting fido2 is pathetically low. Even Paypal, part of the goddamn fido alliance, does not have fido2 implemented, and they only allow 20 character passwords. If they were to allow it, my password would be 60 characters at least. As such I am relegated to one 3 times less secure (a brute force for a 20 character pasword certainly is no overnight effort, but it can be far easier than a password three times its length. If my Paypal were to get hacked in any way not caused by clicking on a phishing link or anything that I specifically would have triggered, that might be a valid negligence charge 9both on cause and effect and proximate cause principal).Moral of the story? Sites need to get their ass in line nad adopt fido2. Stop trying to spare the feelings of the customers who don't want to spend $20 now to avoid many potential phishing damages down the line. URL: https://forum.audiogames.net/post/613736/#p613736 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-07
Thread
AudioGames . net Forum — Site and forum feedback : defender via Audiogames-reflector
Re: It has to be said @GrannyCheeseWheelMostly agreed, but to be fair you can get around the master password problem by writing it down in braille or recording it on an offline device without context or turning it into what looks like a math formula and writing it down in a weirdly named file with an odd extension or something, at least two different locations.Still, you don't always have fast access to your manager and that blows. URL: https://forum.audiogames.net/post/613542/#p613542 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-06
Thread
AudioGames . net Forum — Site and forum feedback : ignatriay via Audiogames-reflector
Re: It has to be said I for one, do use strong passwords; each one random; by the way; and stored in a password manager; for important stuff, however for games that I only play as a passtime and are unimportant? I always make a bullshit password, maybee easily guessed, or obvious if people know me well enough; but never reuse those passwords. That, plus I always either use temporary email emails on said games and tt, or, just make up a bullshit email like, a...@hotmail.com, or something similar. Just me, though. I used to be one of the people who... didn't really take things like these so, seriously years back, and fortunately I was never hacked, but now? I'm not taking that kind of risk. Although I really get the, oh i'll use the same password because its easy to rember; strategy; I mean, its sorta, appealing, at first glance given one has only to remember one password, a couple at best; this is really; really not a good idea, and its not worth risking one's self over. URL: https://forum.audiogames.net/post/613432/#p613432 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-06
Thread
AudioGames . net Forum — Site and forum feedback : ignatriay via Audiogames-reflector
Re: It has to be said I for one, do use strong passwords; each one random; by the way; and stored in a password manager; for important stuff, however for games that I only play as a passtime and are unimportant? I always make a bullshit password, maybee easily guessed, or obvious if people know me well enough; but never reuse those passwords. That, plus I always either use temporary email emails on said games and tt, or, just make up a bullshit email like, a...@hotmail.com, or something similar. Just me, though. URL: https://forum.audiogames.net/post/613432/#p613432 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-06
Thread
AudioGames . net Forum — Site and forum feedback : SirBadger via Audiogames-reflector
Re: It has to be said why does it have to be said? URL: https://forum.audiogames.net/post/613431/#p613431 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
Re: It has to be said @7, password managers should autofill for you. URL: https://forum.audiogames.net/post/613428/#p613428 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-06
Thread
AudioGames . net Forum — Site and forum feedback : MatthewSmithYT via Audiogames-reflector
Re: It has to be said Yup... And I can tell you right now, my pass on here and other team talk servers is nothing like the password I use on private apps. I use a password generator for games, and for TT servers I probably should do the same... Although I won't because imagine typing all those symbols on iPhone's default screen keyboard URL: https://forum.audiogames.net/post/613406/#p613406 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-06
Thread
AudioGames . net Forum — Site and forum feedback : JayJay via Audiogames-reflector
Re: It has to be said @4, that's true, but don't be stupid. You wouldn't use the password you use everywhere else on say, a teamtalk server owned by someone questionable like Sediment, ahem, ahem, ahem. We know its hard for us to remember everything, especially in these times where we have to remember to do more things, set your alarms, do extra work, meet tighter deadlines, sign the roles, and deal with inaccessible shit, however, again, Don't be stupid with your passwords. Like, recently I've taken to the idea of making my passwords on games something kinda odd, which people won't guess like fuckX and random numbers, while keeping different passwords everywhere else URL: https://forum.audiogames.net/post/613405/#p613405 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
Re: It has to be said @4, there is a better way called WebAuthn for the web at least (for non-web systems, there isn't really a "standard" that I know of). However, WebAuthn will take a long time to adopt, and it undoubtedly won't be supported across all websites. Passwords will still be needed.Also, those password requirements you listed were redacted by NIST in NIST SP 800-63. They were changed significantly to only require a minimum length policy. There are a few other requirements but they aren't relevant here. However, again, that policy will take a while to propagate. URL: https://forum.audiogames.net/post/613399/#p613399 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
Re: It has to be said @4, there is a better way called WebAuthn for the web at least (for non-web systems, there isn't really a "standard" that I know of). However, WebAuthn will take a long time to adopt, and it undoubtedly won't be supported across all websites. Passwords will still be needed.Also, those password requirements you listed were redacted by NIST in NIST SP 800-63. They were changed significantly to only require a minimum length policy. URL: https://forum.audiogames.net/post/613399/#p613399 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-06
Thread
AudioGames . net Forum — Site and forum feedback : GrannyCheeseWheel via Audiogames-reflector
Re: It has to be said Passwords are bullshit though. All the time security experts have been telling people to change them regularly, make them strong, and don't use the same one on multiple sites, they could have spent that time and energy researching a better way. Let me ask y'all this, in what ways in our daily lives are we reinforcing our memory?We don't need oration anymore, we have teleprompters. We don't need to memorize phone numbers, we have a contacts list in our mobile devices. When we study for school, most of us are just aiming to pass, not to hold onto the information forever. Anything we need to remember to do, we have reminders and notes in our mobile phones. So, modern technology has severely affected our ability to commit important things to memory because the tech takes care of it for us. Yet, it expects us to remember passwords?What's in a strong password? Let's see, for starters, most sites / apps enforce an 8-12 character minimum. Some places enforce no sequential digits or patterns. You're encouraged to, and in some cases mandated to use a mix of upper and lower case letters. Most places require at least one number. Some require at least one symbol.Those are the minimums. But really, we shouldn't use things important to us like names of our children, pets, birthdates of people in our lives, etc. We shouldn't use words from the dictionary either.Suffice it to say that the requirements for a strong password are a bit over the top. Now, the expectation is that your common every day person who has never had a reason to train their memory in their entire life should now come up with a password and find a way to remember it without writing it down. Well, they just can't. This is especially true when a password is generated for them.The next step is to throw a password manager in the mix, and let it generate all your passwords, except this compounds the problem. If you have 50 passwords, you damn well want to have a strong master password. There is no recovering without your master password, so it better be good, right? Well, if they can't manage a 10 character password with all those requirements I listed above, how will they manager a 16 or so character password.Of course they could do the bare minimum of whatever their password manager allows. They'd just have to hope no one ever got hold of it or they'd be screwed. All of this ties together to make the point that people are not used to using their memory, so making them remember shit that they don't even consider to be all that important just ain't gonna fly.There's got to be a better way, and I think it's coming, but I feel like it could have been realized a long time ago if we didn't readily accept passwords into our lives. How many support tickets do you all think get opened across the globe every day for password related issues? I bet it's a staggering number.One last thing, if you're the type of person who is generally good at math, and you can generate passwords in your head by following a formula or something, you are such a minor percentage of the population that this really isn't addressed to you. So when people like that come out of the woodwork and start saying how it's not that big of a deal, yadda yadda, you're missing the entire point of this discussion. URL: https://forum.audiogames.net/post/613383/#p613383 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
2021-02-06
Thread
AudioGames . net Forum — Site and forum feedback : Vulcan via Audiogames-reflector
Re: It has to be said Nah even if everyone was hacked, most most likely wouldn't change their passwords URL: https://forum.audiogames.net/post/613355/#p613355 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
Re: It has to be said
Re: It has to be said Sadly, security experts have been telling people to do this for decades and still hardly anyone listens. I guess everyone will need to be hacked before people go "Oh hey we should probably start doing this". URL: https://forum.audiogames.net/post/613344/#p613344 -- Audiogames-reflector mailing list Audiogames-reflector@sabahattin-gucukoglu.com https://sabahattin-gucukoglu.com/cgi-bin/mailman/listinfo/audiogames-reflector
