#password
This dumb password rule is from College Board.
Password must be 9-30 characters with at least one upper case letter, one lower case letter, one number and one special character (no spaces) and be different than your username.
https://dumbpasswordrules.com/sites/college-board/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Il #malware ZenRAT si diffonde sfruttando siti fasulli di Bitwarden per rubare #password: i dettagli https://www.cybersecurity360.it/news/il-malware-zenrat-si-diffonde-sfruttando-siti-fasulli-di-bitwarden-per-rubare-password-i-dettagli/
Passbolt password manager for everyone: the ultimate guide #passbolt #password
https://androides.nl/passbolt-password-manager/
For those using Microsoft Edge on Windows 11, iOS & other devices, their saved passwords are now appearing as long strings, similar to a Globally Unique Identifier. It seems to be more of a bug than a safety feature. #microsoft #edge #windows11 #password
This dumb password rule is from BDO.
Please nominate a password which contains UPPERCASE, lowercase, numbers and symbols.
Password should not be the same as the user ID.
Avoid using consecutive characters such (ex. abc, DEF, 678) and invalid characters such as [!#$%^&';"].
https://dumbpasswordrules.com/sites/bdo/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Zurich.
Password must be EXACTLY 8 characters long.
Alpha numeric characters ONLY.
The first character must be alphabetic.
NO spaces.
The new Password cannot be the same as the last 32 passwords you have used. (they actually store your last 32 passwords)
https://dumbpasswordrules.com/sites/zurich/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Domainname.shop.
domainname.shop operates under several domains, domene.shop (Norway), domän.shop (Sweeden), domæne.shop (Denmark).
The following characters are allowed: A-Z, a-z, 0-9 and + - * / ! ? . , : ; = # @ $ % & ( ) < >, password length 10-79 chars
https://dumbpasswordrules.com/sites/domainname-shop/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Raiffeisen Bank Serbia.
There are a couple of password limitations when creating a new account (and
changing existing password) on Raiffeisen Bank Serbia on-line banking portal.
Password length is limited to minimum 8 and maximum 32 characters. Also, minimum
uppercase letters 1, minimum lowercase letter 1, minimum digit...
https://dumbpasswordrules.com/sites/raiffeisen-bank-serbia/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
I'm looking for other password manager. Thinking to install Secrets from apps gnome circle. Anyone using it? Has 2fa codes too?
Thanks!
This dumb password rule is from BMO Bank of Montreal.
Password requires at least one special character but disallows backtick ```, backslash `\`, vertical bar `|`, and underscore `_`.
https://dumbpasswordrules.com/sites/bmo-bank-of-montreal/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Domainname.shop.
domainname.shop operates under several domains, domene.shop (Norway), domän.shop (Sweeden), domæne.shop (Denmark).
The following characters are allowed: A-Z, a-z, 0-9 and + - * / ! ? . , : ; = # @ $ % & ( ) < >, password length 10-79 chars
https://dumbpasswordrules.com/sites/domainname-shop/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Nice page to generate a quick passphrase.
https://www.useapassphrase.com/
With the update that is rolling out to Windows 11, Microsoft is fully embracing the passwordless future the company so desires. #microsoft #windows11 #passkeys #password
This dumb password rule is from LCL.
You have to enter your 6-digit password using this Frenchy keypad.
https://dumbpasswordrules.com/sites/lcl/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Configured two factor authentication, but not able to connect to node,it is asking for password 3 times,entered the codes, showing Permission denied #networking #server #permissions #password #twofactorauthentication
This dumb password rule is from Sprint.
Sprint "upgraded" their security and disallow special characters.
https://dumbpasswordrules.com/sites/sprint/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Getin Bank.
The new password should contain at least 10 and a maximum of 20 characters.
The password must contain at least one upper case letter, one lower case
letter and one number. The password cannot contain non-ASCII Polish alphabet
characters, special characters `&<'"` or spaces.
https://dumbpasswordrules.com/sites/getin-bank/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
I still hear some echoes from LastPass hack. Maybe it means that we should focus more on offline password managers like KeePassXC?
This dumb password rule is from Delta.
It's a good thing they don't store personal information such as your passport number... oh wait.
https://dumbpasswordrules.com/sites/delta/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
No more passwords! and the login UX is so much better too!
This dumb password rule is from Banco Mercantil.
8 to 15 chars. No special chars allowed but requires special chars. Also
requires lowercase, uppercase, and numbers. Consecutive chars are
prohibited. Did I mention the page hangs while you type? That eye icon
tho.
https://dumbpasswordrules.com/sites/banco-mercantil/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from ME Bank.
- Must be all numerals.
- Be 7 to 20 digits.
- Cannot have the same number three times in a row.
- Cannot have four ascending or descending numbers.
- Cannot have the same number appear more than five times.
- Cannot have pairs next to each other if the second pair is one number higher.
- Cannot ...
https://dumbpasswordrules.com/sites/me-bank/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Canadian Imperial Bank of Commerce.
Letters and numbers only, no symbols. Also an undocumented maximum of 12 characters!
https://dumbpasswordrules.com/sites/canadian-imperial-bank-of-commerce/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Seur.
Password must be between 8 and 12 characters...
Also no symbols are allowed. But this isn't displayed.
https://dumbpasswordrules.com/sites/seur/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Donald Trump Jr’s hacked Twitter account announces his father has died https://grahamcluley.com/donald-trump-jrs-hacked-twitter-account-announces-his-father-has-died/ #Hackedcelebrities #DonaldTrumpJr #DonaldTrump #Phishing #password #Twitter
Donald Trump Jr’s hacked Twitter account announces his father has died https://grahamcluley.com/donald-trump-jrs-hacked-twitter-account-announces-his-father-has-died/ #Hackedcelebrities #DonaldTrumpJr #DonaldTrump #password #Twitter
Donald Trump Jr’s hacked Twitter account announces his father has died.
That'll be his dad who previously chose Twitter passwords like "yourefired" and "MAGA2020!"
https://grahamcluley.com/donald-trump-jrs-hacked-twitter-account-announces-his-father-has-died/
This dumb password rule is from Parnassus Investments.
A site responsible for protecting your investments limiting you to a
four character range with a bunch of other stupid rules? Shocking.
https://dumbpasswordrules.com/sites/parnassus-investments/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
I am finally planning on doing the whole password-manager and two-factor thing.
My plan:
Step 1: Get a @nitrokey
…
Step n: I plug it into my computer on boot and enter a single password. All the rest happens automatically.
Is there a good write-up of the steps between 1 and n?
Is there a reason to pick something other than a Nitrokey?
This dumb password rule is from Bloomingdale's.
16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.
https://dumbpasswordrules.com/sites/bloomingdales/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
1password has launched support for passkeys. Bitwarden’s original plan was to add support during the summer, but it has got postponed to October.
Budgie Desktop keeps asking for password every time I open an app #password #ubuntubudgie
This dumb password rule is from NetworkRail Open Data Feeds.
Does require special characters but limits password length to 20.
https://dumbpasswordrules.com/sites/networkrail-open-data-feeds/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Given all the breaches I'm hearing and reading of, I think that every day of the year should be #password awareness day
not able to type password #password #passwordrecovery
This dumb password rule is from NVV (Nordhessische VerkehrsVerbund).
Password length must be 4 to 10 characters with only a few special characters allowed.
https://dumbpasswordrules.com/sites/nvv-nordhessische-verkehrsverbund/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
#DailyBloggingChallenge (55/100)
The rule of thumb is that the more secure it is the less convenient it becomes and vice versa.
Though there are plenty of examples where this is not the case like #PasswordManager s. It is true that some are more convenient than others, thus we will stick with the concept.Good security practices state that one should have an unique #password for each account.
Doing this by hand is not that difficult, just choose a special character, use it as glue between two, at least, five letter words and append a counter.
This method is fine with a couple accounts. Now, if one has 100+ accounts, knowing if account X had counter Y or counter Z is not that straight forward.
With a password manager this task becomes trivial.
There are manual ways to export passwords from your Active Directory and cross-reference them against publicly available lists of breached passwords. However, using a third party tool is far quicker and easier. https://tchlp.com/3Ph0RLq #password #security
This dumb password rule is from Combank Digital.
Only a staggering 8-12 characters allowed with prescribed selection of special characters.
https://dumbpasswordrules.com/sites/combank-digital/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
I had a super obvious idea. Why don't password managers guard against spoofing by checking whether the hostname they have saved matches the site you are trying to enter the credentials into? I was spoofed a month ago and have been thinking about it since. Does anyone know if that's ever been proposed to a browser?
It's so obvious I assume I'm not the first person to think of it, but I cannot find anything online. Links appreciated.
#1password #security #it #chrome #firefox #webdev #programming #password #sec
This dumb password rule is from Intel.
https://dumbpasswordrules.com/sites/intel/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
@alternativeto After update, the behavior was different: Tapping a token, copies to the clipboard & minimizes the app. But this can be configured, now it works as expected (like before). I 'm convinced 2FA should be "located" on a different device. Copying makes little sense to me. But how nice, that it is individually configurable - opinions and preferences differ :)
#aegis #foss #2fa #secondfactor #password #itsec #itsecurity #safety #account #protection #foss #opensource
3 steps crypto investors can take to avoid hacks by the Lazarus Group - The Lazarus Group has mastered the art of stealing crypto investo... - https://cointelegraph.com/news/lazarus-group-safeguard-cryptocurrency-steps #lazarusgroup #northkorea #password #markets #protect #coinex #stake #ronin #scam #mint
#1password unlocking a #passwordManager without a #password nice recording: https://mkt-lnk.1password.co/n/MzIyLUJXWC05MzYAAAGOMzQsmNRu19SAgSLWfrG-XOYQT8KPYwRlVFHsc5fzPc6Da6qN9ArNzzXJUeig-W3FIfiRhfK-hi9HoOU=
This dumb password rule is from E-Trade.
Causes:
* Your two-factor authentication code must be appended to the end of the password
* Passwords have a limit of 32 characters
Effect:
If your account has a 32-character password and has two-factor authentication,
their system appears to cut off the token, making it impossible to login.
Yo...
https://dumbpasswordrules.com/sites/e-trade/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
#xkcd compatible one-line #Python #password generator:
import secrets; "-".join(secrets.choice(open("/usr/share/dict/words").read().split()) for i in range(4))
My new password is "thoracoacromial-subapprobation-pyritohedral-autoconverter" and none of y'all will ever guess it.
Not sure how I'm going to come up with a mnemonic though...
I am aware my sites are down, which are pthree.org and ae7.st. This in turn affects my kickass #ZFS administration guide and my kickass #password generator.
It's hosted in an ATX case with a single PSU in a datacenter in SLC. I cannot get to it this week due to our annual SOC-2 audit. I should be able to get to it next week however.
Sorry for the inconvenience.
This dumb password rule is from United Parcel Service of America.
Your password must:
- Be between 7 and 26 characters long
- Contain at least 1 lowercase character
- Contain at least 1 uppercase character
- Contain at least 1 number character
- Contain one special character (!@#$%*)
- NOT contain first or last name
- NOT contain UPS user ID
- NOT contain email...
https://dumbpasswordrules.com/sites/united-parcel-service-of-america/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Was scheinbar viele nicht wissen (und das wundert mich):
Man sollte für die in #thunderbird gespeicherten Postfach-Logindaten ein Hauptpasswort vergeben, sonst lassen sich, mindestens bei geöffnetem Programm, die #Passwörter im Klartext ausgeben.
Aber das Passwort gut merken!
#itsec #privacy #security #passwort #password #privatssphäre #datenschutz
Most Americans still rely on #password memorization or handwritten notes, a practice criticized by many #cybersecurity experts.
#passwordmanager #datasecurity #infosec
The recent anniversary of passbolt’s first public release has the team reliving the old days. 💾 And it’s incredible to see how far passbolt has come since its humble beginnings in 2011. 😌
📜 Check out the first installation of passbolt lore – a series of articles sharing its journey. Part one covers an idea and the first iteration: https://www.passbolt.com/blog/the-genesis-of-passbolt
Smashing Security podcast #339: Bitcoin boo-boo, deepfakes for good, and time to say goodbye to usernames? https://grahamcluley.com/smashing-security-podcast-339/ #SmashingSecurity #Securitythreats #cryptocurrency #Blockchain #deepfake #password #username #Podcast #bitcoin
This dumb password rule is from American Express.
Sometimes I forget that caps-lock is on, glad it doesn't matter.
https://dumbpasswordrules.com/sites/american-express/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
People who were using #LastPass are now losing also Millions of Crypto-Dollars:
https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/
No pity from my side for using #cloud-based #password services in the first place. Sorry, it's your own fault when you prioritize convenience over #security. Security experts were warning you before and you ignored it. 🤷
1Password recovery process: A reddit comment from a 1Password security team member about the security of their special process to get access to an account via recovery
https://www.reddit.com/r/1Password/comments/see0y1/comment/hujsf4k/?context=3
#socialengineering #1password #security #password #2fa #+
This dumb password rule is from Sprint.
Sprint "upgraded" their security and disallow special characters.
https://dumbpasswordrules.com/sites/sprint/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Tomorrow Update participates in #Kulturnatten (Culture Night) #Uppsala!
Programme:
15:00–22:00: See our #retrocomputing collection and explore our exhibition on #homecomputers. Play on the #C64 and try the #arcade game #Asteroids!
19:00: Lecture "Passwords, please." by Francisco Blas Izquierdo Riera (Chalmers)
#password #security
More info: https://wiki.dfupdate.se/projekt:updateringar
See you at Svartbäcksgatan 65!
This dumb password rule is from MobileIron MDM.
You can't make this up - no dictionary words, no more than 2 repeating
characters, no alphabetic sequences, no whitespace, 3 character sets,
maximum of 32 characters.
https://dumbpasswordrules.com/sites/mobileiron-mdm/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Do not trust anyone to store your passwords safely.
https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/
Use password hashers instead:
Firefox: https://addons.mozilla.org/en-US/firefox/addon/quantum-hasher/
Chrome: https://chrome.google.com/webstore/detail/pawhash/adgekjfphhgngpdoklolpjenmgneobfg
Blocking paste in a #password field is a crime.
Not allowing users to see what they type counts in aggravation of sentencing.
Blocking paste, making us type in blind and then HAVING A TIMEOUT AFTER WRONG ATTEMPTS should be grounds for whipping the entire dev team and everyone above the in the org chart.
»Chrome extensions can steal plaintext passwords from websites« 🤷♂️🙄
https://www.bleepingcomputer.com/news/security/chrome-extensions-can-steal-plaintext-passwords-from-websites/
--
#google #password #fail #chrome #steal #plaintext #web #website #unsecure #cleantext #security #itsecurity
@scottjenson Jef Raskin advocated solving all this by having sites simply give you your password when you create your account. And this "key" would also be your ID (so just one thing to keep secret, no username/password pair). Works for houses. #password #infosec #IANAL
Trying my luck again.. 🙃
I’m the dev behind @buttercup, the open source password manager available for all major platforms. For some time it’s been a one person show, but I’d really like it not to be.
We get the odd contribution from the community but Buttercup would really benefit from having another founding member or two that want to help push the project forward into its next phase.
It’s all #OSS right now, with mixed licenses of MIT and GPL. We want to put out some SaaS so there’ll be some closed source in the future, which will hopefully support a small business, but the #FOSS side is one we want front and centre at all times. It’s what made us and we’re passionate about it.
It’s all #javascript and #typescript, with #react, #reactnative, #electron, #browserextensions etc. that make up the majority of the software.
We have some few thousand users, many hundreds of which are daily active.
We’re interested in adding a lot of new functionality: #webauthn, #Passkeys, #fido #fido2, #yubikey, #selfhosted and sharing.
If any of this sounds interesting to you, please give me a shout! We’re looking for someone that’d be interested in sharing ownership.
I’ve got some busy days ahead of me so if I don’t respond immediately I will as soon as I can. Here’s some places to react me:
- here 😎
- Keybase: keybase.io/perrymitchell
- @buttercup
#passwordmanager #passwordmanagement #password #passwords #vault #passwordvault #founder #LookingForHelp #desktop #mobile #software #programming
Four common #password mistakes #hackers love to exploit
Your solution:
Use complex (numbers, common symbols, non-common symbols, randomized words) passwords.
Use long(er) passwords - 20+ characters. Ideally, you'd use a passphrase. Even above passphrases, you'd use passkeys.
Stop reusing passwords.
Use a password manager.
Additionally, whether your password is strong, weak, or somewhere in between, you should enable multifactor authentication #MFA.
This dumb password rule is from CenturyLink.
So many bad ideas: a low maximum length, requiring six specific character types while not accepting common symbols,
plus a weird restriction that makes random generation harder.
https://dumbpasswordrules.com/sites/centurylink/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from Nevada DMV.
- Password length must be exactly 8 characters in length
- Password must contain at least one letter (any position)
- Password must contain at least one number (any position)
- Password must contain one of the following special characters: @ # $
- Password is not case sensitive
https://dumbpasswordrules.com/sites/nevada-dmv/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
How to encrypt and #password protect your Excel files
From @protonmail
Scammers vs Impossible Password Game
💦Data leak confirmed for discord.io : more than 760k accounts are on sale 💰
⚠️ change your password if you’re concern.
ℹ️ Password are hashed with Bcrypt
#Leak #data #databreach #discord #cybersecurity #infosec #password
This dumb password rule is from Mobi Bike Share.
Your PIN (which is the password you use to login, which lets you, say, buy hundreds of dollars worth of bike-share subscriptions off the saved credit card) must be four numeric digits. Helpfully, they even give you an example of a PIN: *1234*.
https://dumbpasswordrules.com/sites/mobi-bike-share/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
scenario:
A #remote #Windows #computer needs to have a software package installed. The local user has a non-admin account and does not know (nor should know) the #admin account #password. Thus they are unable to install the required software package or a remote access application.
What do you do? (assuming travel to the remote location is not possible)
This dumb password rule is from GoDaddy SFTP.
Max 14 characters for the most important password in your shared hosting environment.
https://dumbpasswordrules.com/sites/godaddy-sftp/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
.@protonmail just released an open-sourced password manager called Proton Pass!
#password #passwordmanager #bitwarden #lastpass #1password #proton #protonmail #protonvpn #protonpass
Do you reuse passwords on multiple sites? 85% of survey respondents said yes. Check out this blog for a deeper dive into global #password statistics: https://bitwarden.com/blog/a-closer-look-at-password-statistics/
#cybersecurity #passwordsecurity #passwordmanager #passwordmanagement
While it's interesting research, I asked myself, how often I type passwords during a video conference.
With good #password hygiene, the only passwords you should ever type are those to unlock the local machines. (And maybe your password manager if it isn't linked to your login password.)
With password managers, key-based authentication (ssh keys, #Fido2, #PassKeys, …) and local biometrics, typing remote passwords is obsolete. And dangerous.
https://arstechnica.com/gadgets/2023/08/type-softly-researchers-can-guess-keystrokes-by-sound-with-93-accuracy/
This dumb password rule is from Wells Fargo.
Your password must be between 8-32 characters long and inexplicably doesn't accept `-` but does seemingly accept other special characters.
https://dumbpasswordrules.com/sites/wells-fargo/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
This dumb password rule is from American Express.
Sometimes I forget that caps-lock is on, glad it doesn't matter.
https://dumbpasswordrules.com/sites/american-express/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Canon warns of Wi-Fi #security risks when discarding inkjet printers
Many many models and submodels of Canon printers retain Wi-Fi settings, which contains data such as:
- IP address assigned
- SSID name (Wi-Fi name)
- Wi-Fi #password
- Network type
- Network profile
This information could allow a threat actor access to a user's Wi-Fi network.
Canon recommends wiping the Wi-Fi settings of the printer prior to letting a third-party access it - such as for repairs, when selling, trading in, warranty RMA, etc.
This dumb password rule is from Advanzia.
- Requires at least 6 to a maximum of 12 characters [sic!]
- Allows only digits and letters without umlauts
- Allows only specific special characters: ? ! $ \u20AC% & * _ = - +. ,:; / () {} [] ~ @ #
- Allows no spaces"
https://dumbpasswordrules.com/sites/advanzia/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
I wonder what this password I've put into a text editor was for. No other notes about it. Bitwarden doesn't have it stored.
Great #password management skills buddy.
Sigh. Seems like a #Monday thing, but it's #Wednesday.
Avoid The Hack:17 #Free and Easy-to-Use Tools to Improve Your Privacy
Free is not free - especially on the internet. Often, the adage "if it's free, you're the product," holds true.
However, one big sticking point commonly brought up in the greater #privacy community is the cost of paying for various tools that respect your privacy as a user or enhance it. Admittedly, it can add up - #private email, #password managers, #VPNs.
Fortunately, many privacy-friendly tools are #opensource or have ethical freemium models, which should meet privacy needs for many users out there!
This dumb password rule is from Copart.
Copart: "The security of our members is extremely important to us."
Also Copart: "We're gonna need you to keep your password between 5-10 characters."
https://dumbpasswordrules.com/sites/copart/
#password #passwords #infosec #cybersecurity #dumbpasswordrules
Proton Pass is #opensource and audited for #security
Audited by Cure53. Overview:
8 Vulnerabilities (3 low, 4 medium, 1 high), 2 misc issues
All vulnerabilities and misc issues have been remedied.
#ios , #android , the browser extension, and the web and backend #API were all tested.
ICYMI: Proton Pass is a #password manager and the newest addition to Proton's suite of products.
Death to every web developer who thinks that preventing copy and paste into web forms is a security feature.