33Backpack33 | 4 years ago | on: Ask HN: Why should I trust password managers?
For the average person it's best they use a cloud password manager as they're not responsible enough to do their own backups of a local password manager.
33Backpack33's comments
33Backpack33 | 4 years ago | on: Ask HN: Why should I trust password managers?
You could do that salt and pepper thing found here: https://passwordbits.com/salting-passwords/
This way you don't store your full password in your password manager.
33Backpack33 | 4 years ago | on: Password Managers
As far as I can tell Bitwarden doesn't inject any scripts. I know people complain it doesn't have that overlay like LastPass has but Bitwarden not having might be a plus now.
33Backpack33 | 5 years ago | on: Can We Stop Pretending SMS Is Secure Now?
The original VICE article said it was $16 and they can take as many accounts as they want. It seems worth it to me.
33Backpack33 | 5 years ago | on: Can We Stop Pretending SMS Is Secure Now?
You do know uber and doordash accounts are hacked all the time because of password reuse? There is a huge black market for hacked accounts from doordash and the like.
33Backpack33 | 5 years ago | on: Can We Stop Pretending SMS Is Secure Now?
Not when script kiddies already have free tools like this https://vimeo.com/308709275
33Backpack33 | 5 years ago | on: Can We Stop Pretending SMS Is Secure Now?
If we all agree it's not secure then why do we keep using it?
I rather have a unique password then rely on SMS anything especially if that account allows you to reset your password by SMS.
33Backpack33 | 5 years ago | on: Can We Stop Pretending SMS Is Secure Now?
username + unique password would be better than all the other options listed.
Adding SMS seems to add new points of attack that either hurt the user or just delays the hurting.
33Backpack33 | 5 years ago | on: Can We Stop Pretending SMS Is Secure Now?
When you consider SMS 2FA is often used to fix the poor or reused password problem we see it's not helping much at all but only delaying the problem.
33Backpack33 | 5 years ago | on: You don’t need SMS-2FA
It doesn't stop it but delays it. The attacker seeing a SMS 2FA screen doesn't mean they give up, it just means the user is now more valuable. This explains it https://passwordbits.com/dont-need-sms-2fa/
33Backpack33 | 5 years ago | on: You don’t need SMS-2FA
This article goes more in depth and answers the questions you bring up https://passwordbits.com/dont-need-sms-2fa/
33Backpack33 | 5 years ago | on: You don’t need SMS-2FA
This article does a better job of explaining how SMS 2FA doesn't solve the credential stuffing problem. https://passwordbits.com/dont-need-sms-2fa/
33Backpack33 | 5 years ago | on: You don’t need SMS-2FA
Nothing more lazy than doing something like generate a password for the user. The way most browsers work you have to go out of your way to not let it save and fill passwords.
If you create the password for the user they can't reuse it and thus no credential stuffing problems.
33Backpack33 | 5 years ago | on: You don’t need SMS-2FA
If they made it that far to get your password why do they need to log into your account? Having multiple locks on your door don't matter if they got in through a window.
33Backpack33 | 6 years ago | on: SMS is not 2FA-secure
The paper also said, "websites should eliminate SMS based MFA altogether".
33Backpack33 | 6 years ago | on: SMS is not 2FA-secure
If it's nothing new then why do people keep saying it's better to have SMS 2FA then to not have it. The research says "websites should eliminate SMS based MFA altogether".
33Backpack33 | 6 years ago | on: SMS is not 2FA-secure
So can we finally stop saying it's better to have SMS 2FA then to not have it?!
33Backpack33 | 6 years ago | on: Toddler Password – Get a secure password generated by a toddler
Report for child labor!
33Backpack33 | 6 years ago | on: LastPass Extension slows Chrome's responsiveness by up to 50%
I find a password manager is more than just for passwords. I store PIN codes, Code, security questions, important notes, and so many other things.
33Backpack33 | 6 years ago | on: LastPass Extension slows Chrome's responsiveness by up to 50%
It's too expensive for what it does and don't trust it mostly from its auto password changer does it on their servers.
page 1