I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?
It used to be, I used it in the days before I had a smartphone or data plan. I doubt it's nearly as common now but it wouldn't surprise me that it's still a thing.
I've never once heard of tweet by SMS. Is that really something that is done as often as they claim?
It was the original technical reason for Twitter and the source of the character limits and stuff. Back in the dark ages before every phone always had an internet connection it made sense.
SIM swapping is apparently ludicrously easy to do and one of the primary reasons you are better off using a password manager and a 2 factor app that uses decaying tokens instead of SMS for verification.
SW-4158-3990-6116
Let's play Mario Kart or something...
I’ve had repeated struggles with authentication apps where when I change devices I have to basically redo everything and nothing I do seems to allow me to transfer information over. It is extremely frustrating when you have a near endless amount of accounts you want to keep as secure as possible but the methods to do that are understandably difficult to set up repeatedly.
0
Options
21stCenturyCall me Pixel, or Pix for short![They/Them]Registered Userregular
edited September 2019
EDIT: Wrong tab and it took me way too long to catch that. sorry.
I’ve had repeated struggles with authentication apps where when I change devices I have to basically redo everything and nothing I do seems to allow me to transfer information over. It is extremely frustrating when you have a near endless amount of accounts you want to keep as secure as possible but the methods to do that are understandably difficult to set up repeatedly.
Ever since my Xbox Live account got hacked in 2011-2012, I've been using a solution devised by a friend and mentor of mine.
KeePass 2.0 file, encrypted with a passphrase that has some meaning to me
The file is stored on Dropbox.
The dropbox login is stored in the password safe.
I use it at work, at home, on my phone... it does lead to some inconvenience, but so far it seems to work well. In my friend's case, he also has a hard-copy stored in a safety deposit box in case something ever happened to him and his family needed access.
You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.
You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.
Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.
You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.
Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.
You can do all you like with personal security, no-one's ever going to hack you, they will hack the websites. It's a lot easier to hack Yahoo than every yahoo on Yahoo.
Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.
Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.
Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.
This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.
Jebus314 on
"The world is a mess, and I just need to rule it" - Dr Horrible
Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.
This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.
it might be using a good password hashing algorithm, those are kinda, like somewhat, expensive to make rainbow tables for.
It's also published by Google, who lot's of folks allowed to do stuff like store and sync actual passwords. Shrug.
Google made a Chrome Extension that will check your login info when you enter it with a database of known compromised account/passwords. I'd imagine other browsers got something similar.
This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.
Nah.
If it's any good, it would just check your password hash against the list of password hashes on the online database.
I believe that's what haveibeenpwned does (not that you should submit a password to a website, but that also have a list of password hashes you can download to compare offline).
And that should be reasonably secure.
Or it just stores rockyou.txt locally and compares it.
But that's not exactly rigorous.
Like, ideally account creation and new password forms would do the same thing, and force users to pick a password that isn't in a Pastebin password list somewhere by comparing hashes.
Like, ideally account creation and new password forms would do the same thing, and force users to pick a password that isn't in a Pastebin password list somewhere by comparing hashes.
This and overly strict password requirements always struck as a way to long-term simplify password brute force. You're decreasing the number of valid passwords.
Like, ideally account creation and new password forms would do the same thing, and force users to pick a password that isn't in a Pastebin password list somewhere by comparing hashes.
This and overly strict password requirements always struck as a way to long-term simplify password brute force. You're decreasing the number of valid passwords.
Use long alphanumeric passwords with special characters, which don't use common patterns doesn't really do that. Like, yeah, you eliminate all the 1-13 character passwords, by forcing the user to select from a set of passwords that is 40 times larger than all of those put together. You let them use common patterns to fight against dictionary attacks, which are thousands of times faster than brute forcing.
what these things do is make it harder for users to select easily memorable passwords, so they end up reusing good passwords sometimes with small modifications, and when those get compromised the result is significantly worse.
edit: unless you're talking about "you can't use character !@%#^& </'" or whatever, which is normally caused by incompetent programing.
If Nite Team 4 has taught me anything, it's that with enough details known about a target, running the dictionary attack is only going to take a couple minutes at most so you might as well attempt it before going the social engineering route.
If Nite Team 4 has taught me anything, it's that with enough details known about a target, running the dictionary attack is only going to take a couple minutes at most so you might as well attempt it before going the social engineering route.
That's why all my passwords are
"Repetitive strain injury is the longest word in the dictionary, but would someone use it in a dictionary attack? I doubt it. This is my [account] password, btw"
Does anyone actually use dictionary attacks? Every time I've been hacked it's been because something like Yahoo loses all their passwords.
Of course, I don't use dictionary words for my passwords, but I don't use gore'hgor'hgo!!horse%
So yahoo gets their passwords stolen in the form of hashes. They get cracked using a variety of different attacks, normally starting with lists of common passwords, then lists of leaked passwords, then hybrid dictionary attacks(like automatically trying p4$$w0rd!), and lastly brute force.
most places will notice if you try to actually authenticate with even tens of different passwords.
"Simple, real stupidity beats artificial intelligence every time." -Mustrum Ridcully in Terry Pratchett's Hogfather p. 142 (HarperPrism 1996)
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
I realize this is the Twitter thread, but this Facebook news is extremely close to similar behavior we've seen out of Twitter (and we don't have a general social media thread)*.
Facebook this week finally put into writing what users—especially politically powerful users—have known for years: its community "standards" do not, in fact, apply across the whole community. Speech from politicians is officially exempt from the platform's fact checking and decency standards, the company has clarified, with a few exceptions.
...
Clegg's update says that Facebook by default "will treat speech from politicians as newsworthy content that should, as a general rule, be seen and heard." Nor will it be subject to fact-checking, as the company does not believe that it is appropriate for it to "referee political debates" or prevent a polician's speech from both reaching its intended audience and "being subject to public debate and scrutiny."
This is essential what Twitter does, and what Facebook has been doing, forever.
Anything to keep those clicks coming.
*(If this is the wrong place for this, I will be happy to redact this post)
Democratic presidential hopeful Kamala Harris called on Twitter's CEO on Tuesday to consider suspending President Donald Trump's account, saying his tweets violate the site's anti-bullying policy.
In a letter to Twitter's Jack Dorsey, the senator from California pointed to a series of tweets from the president referring to the whistleblower who filed a complaint about Trump's July 25 call with the president of Ukraine. Harris said Trump's tweets were an attempt to "target, harass" and "out" the whistleblower.
Harris also pointed to Trump's tweet that "a Civil War" could break out if Democrats successfully remove the president from office. She said the tweet suggests "that violence could be incited should Congress issue formal articles of impeachment against him."
I think the position of Twitter/Facebook/etc on these things has been made pretty clear - politicians are quite literally allowed to break the rules, purportedly because it's important for the public to see that they broke the rules. It'll take more than a little political pressure to make them change their minds on that.
I think the position of Twitter/Facebook/etc on these things has been made pretty clear - politicians are quite literally allowed to break the rules, purportedly because it's important for the public to see that they broke the rules. It'll take more than a little political pressure to make them change their minds on that.
Does that count for people like the Grand Wizard of the Ku Klux Klan? That's a political position, too. Or the head of ISIS.
0
Options
MortiousThe Nightmare BeginsMove to New ZealandRegistered Userregular
I think the position of Twitter/Facebook/etc on these things has been made pretty clear - politicians are quite literally allowed to break the rules, purportedly because it's important for the public to see that they broke the rules. It'll take more than a little political pressure to make them change their minds on that.
Does that count for people like the Grand Wizard of the Ku Klux Klan? That's a political position, too. Or the head of ISIS.
First one yes, second one no. We've seen more than enough examples on how Twitter enforces their rules.
Posts
It used to be, I used it in the days before I had a smartphone or data plan. I doubt it's nearly as common now but it wouldn't surprise me that it's still a thing.
Steam | XBL
That was like the original way twitter was done
It's literally why they had the 140 character limit, too.
Steam | XBL
It was the original technical reason for Twitter and the source of the character limits and stuff. Back in the dark ages before every phone always had an internet connection it made sense.
Rock Band DLC | GW:OttW - arrcd | WLD - Thortar
Back when I Twittered, I used to tweet via SMS because I didn't have a smartphone. It was definitely A Thing for a little while.
https://gimletmedia.com/shows/reply-all/v4he6k/130-the-snapchat-thief
SIM swapping is apparently ludicrously easy to do and one of the primary reasons you are better off using a password manager and a 2 factor app that uses decaying tokens instead of SMS for verification.
Let's play Mario Kart or something...
Check out my site, the Bismuth Heart | My Twitter
Ever since my Xbox Live account got hacked in 2011-2012, I've been using a solution devised by a friend and mentor of mine.
KeePass 2.0 file, encrypted with a passphrase that has some meaning to me
The file is stored on Dropbox.
The dropbox login is stored in the password safe.
I use it at work, at home, on my phone... it does lead to some inconvenience, but so far it seems to work well. In my friend's case, he also has a hard-copy stored in a safety deposit box in case something ever happened to him and his family needed access.
Yeah, but good personal security means that Yahoo getting hacked doesn't immediately compromise every other account you have.
Just use a different password for each site.
But how will I remember it if it's not 12345?
... I have legit started doing this with a couple of sites that I seem inexplicably incapable of getting the correct login for.
It's cathartic when it works, and highly baffling when I forget that I've done it, and it still works.
Or just check your spam folder to see if you get some porn blackmail spam with your leaked passwords in the subject.
https://haveibeenpwned.com/
This seems like you will get 100% positive testing that your password is compromised. Because even if it wasn't before, after you typed it into some random app, that is specifically aware of black market password databases, and told it specifically that this is a password you use, it's definitely compromised now.
it might be using a good password hashing algorithm, those are kinda, like somewhat, expensive to make rainbow tables for.
It's also published by Google, who lot's of folks allowed to do stuff like store and sync actual passwords. Shrug.
I would not use it.
Nah.
If it's any good, it would just check your password hash against the list of password hashes on the online database.
I believe that's what haveibeenpwned does (not that you should submit a password to a website, but that also have a list of password hashes you can download to compare offline).
And that should be reasonably secure.
Or it just stores rockyou.txt locally and compares it.
But that's not exactly rigorous.
This and overly strict password requirements always struck as a way to long-term simplify password brute force. You're decreasing the number of valid passwords.
Use long alphanumeric passwords with special characters, which don't use common patterns doesn't really do that. Like, yeah, you eliminate all the 1-13 character passwords, by forcing the user to select from a set of passwords that is 40 times larger than all of those put together. You let them use common patterns to fight against dictionary attacks, which are thousands of times faster than brute forcing.
what these things do is make it harder for users to select easily memorable passwords, so they end up reusing good passwords sometimes with small modifications, and when those get compromised the result is significantly worse.
edit: unless you're talking about "you can't use character !@%#^& </'" or whatever, which is normally caused by incompetent programing.
Of course, I don't use dictionary words for my passwords, but I don't use gore'hgor'hgo!!horse%
They're mainly useful when someone loses a database of hashed passwords. But social engineering and such is easier.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
Rock Band DLC | GW:OttW - arrcd | WLD - Thortar
"Repetitive strain injury is the longest word in the dictionary, but would someone use it in a dictionary attack? I doubt it. This is my [account] password, btw"
It's tough on the thumbs, but it's worth it.
So yahoo gets their passwords stolen in the form of hashes. They get cracked using a variety of different attacks, normally starting with lists of common passwords, then lists of leaked passwords, then hybrid dictionary attacks(like automatically trying p4$$w0rd!), and lastly brute force.
most places will notice if you try to actually authenticate with even tens of different passwords.
But basically, Politicians are allowed to violate the rules and guidelines of the site, including being exempt from fact-checking and hate speech rules.
This is essential what Twitter does, and what Facebook has been doing, forever.
Anything to keep those clicks coming.
*(If this is the wrong place for this, I will be happy to redact this post)
Silicon Valley, of course, always chooses the easy and cowardly answer.
Does that count for people like the Grand Wizard of the Ku Klux Klan? That's a political position, too. Or the head of ISIS.
First one yes, second one no. We've seen more than enough examples on how Twitter enforces their rules.
It’s not a very important country most of the time
http://steamcommunity.com/id/mortious