• Activity
  • Votes
  • Comments
  • New
  • All activity
  • Showing only topics in ~talk with the tag "security". Back to normal view / Search all groups
    1. Passwords

      This will probably be controversial, but I disagree with the current password policy. Checking against a list of known broken passwords sounds like a good idea, but that list is only ever going to...

      This will probably be controversial, but I disagree with the current password policy. Checking against a list of known broken passwords sounds like a good idea, but that list is only ever going to get bigger. The human factor has to be taken into account. People are going to reuse passwords. So whenever their reused password gets hacked from a less secure site, it's going to add to that list.

      Ideally, a password would be unique. Ideally, users should maybe ever use a password manager that generates garbage as a password that no one could hack. An ideal world is different from reality. Specific requirements are going to lead to people needing to write things down. In the past, that was on paper, like Wargames. Now, it's going to lead to people pasting their username and login into text documents for easy reference. That's probably what i'm going to have to do. Was my previous method of reusing passwords safe? No. Will my new method of remembering passwords be safe? Probably not either.

      I'm not entirely sure what all the account security is about, either. For my bank, sure, a complex password. I have a lot to lose there. For an account on a glorified message board? There's better ways to establish legitimacy. 4chan, of all places, dealt with this (nod to 2chan), by having users enter a password after their username that got encoded and displayed as part of their username to verify that they were, in fact, the same user.

      So the topic for discussion would be, what's the endgame here? Where is the line drawn between usability and security? I may well be on the wrong side of this, but I think it's worth discussing.

      Edit: I think there may be some good reasons, evidenced in this reply. I think it was a good discussion none the less, since it wasn't obvious to me and perhaps not to other people.

      Edit 2: I'm going to hop off, but I think there's been some good discussion about the matter. As I said in the original post "I may well be on the wrong side of this". I may well be, but I hope I have addressed people well in the comments. Some of my comments may be "worst case" or "devil's advocate" though. I understand the reason for security, as evidenced above, but i'm unsure about the means.

      17 votes
    2. What steps do you take to secure your online use and privacy?

      I do the following: Use a VPN (NordVPN) Use Firefox with a tweaked about:config and the following security extensions: uBlock Origin NoScript HTTPS Everywhere Privacy Badger Decentraleyes Cookie...

      I do the following:

      • Use a VPN (NordVPN)
      • Use Firefox with a tweaked about:config and the following security extensions:
        • uBlock Origin
        • NoScript
        • HTTPS Everywhere
        • Privacy Badger
        • Decentraleyes
        • Cookie Autodelete
        • Skip Redirect
        • CanvasBlocker
      • Run Linux Mint (I know, Ubuntu-based distros aren't ideal but I'm a Linux beginner)
      • Don't have any social media as of a year ago
      • Don't use any Google services, including YouTube, Google Search, or Gmail
      • Use a password manager (KeePassXC)

      The next step would be for me to switch from iPhone to Android running Lineage OS, but money is a bit tight right now. As for day-to-day lifestyle choices, I try to use cash whenever possible and never sign up for things like store rewards programs.

      What's your setup? Do you consider yourself a privacy-minded individual? Are you more concerned with protecting yourself from corporate or government entities?

      46 votes