-
11 votes
-
Is there an app for this? Help me fix my terrible security
I thought I've been looking for a good password manager, but I'm not sure that's what I really need. Here's my use case: I currently have a Google Sheet in my Google Drive that contains all my...
I thought I've been looking for a good password manager, but I'm not sure that's what I really need.
Here's my use case:
- I currently have a Google Sheet in my Google Drive that contains all my ID/passwords for everything
- In addition I have personal info in there like SSNs and Credit Cards #s
- I want to be able to have instant access to all of the info from my ancient iPhone and my laptop
Things I've tried:
- I messed around with Last Pass a bit and found it couldn't actually fill in the passwords in the apps I was using so I'd have to manually type them, which is a deal breaker for me.
- I've been using FireFox's LockBox and it's a bit better on that front but doesn't actually remember what the password goes to the app so I have to look it up each time, but it does populate them in the appropriate fields.
- Password-protecting a Google Sheet is apparently impossible but was a solution I was after for some time (Excel and Libre can do this..so +1 for software)
Other info:
- I am currently using an iPhone 5 but I plan to "upgrade" to a Samsung Galaxy S7 sometime in the near future. Perhaps that's why the functionality of these password managers seem so inconvenient for me? Would they work better on a modern phone?
What I'm after is perhaps two solutions:
-
A password manager that crosses the bridge from desktop FireFox to the apps on my phone, and fills in the password for me automatically. That would allow me to feel like I could move to more random passwords for things.
-
Some encrypted, password-protected site/app that could store plain text notes for sensitive things like SSNs and Credit Card #s that would stay in sync between a laptop and a smartphone.
Go ahead and mock me for my terrible security and ancient phone. I deserve it! But when you're done, I'd appreciate some guidance.
EDIT: Sounds like first priority should be to update my phone. Then there appear to be plenty of options to try. Thanks everyone so much!
18 votes -
“Get off my lawn” goes digital: Home surveillance apps and community social networks aren't making anyone safer. They're allowing paranoid jerks to harass their neighbors.
12 votes -
The trade secret - Firms that promised high-tech ransomware solutions almost always just pay the hackers
9 votes -
Why WhatsApp will never be secure
16 votes -
WhatsApp voice calls contained a buffer-overflow vulnerability that was used to install spyware [CVE-2019-3568]
11 votes -
Car hackers say that if you want to keep your autonomous vehicles secure, you have to create realistic threat models
4 votes -
Vodafone denies Huawei Italy security risk
8 votes -
Invisible malware is here and your security software can't catch it
6 votes -
Marcus “MalwareTech” Hutchins pleads guilty to writing, selling banking malware
6 votes -
Facebook has updated their blog post about storing unencrypted passwords - they found more log files, and there are now millions of Instagram users impacted, not thousands as stated originally
28 votes -
Compromised credentials for a Microsoft support agent enabled outside access to non-enterprise Hotmail, Outlook, and MSN emails for months
9 votes -
VPN - A Very Precarious Narrative
9 votes -
How to get developers to do things your way
5 votes -
[SOLVED] I might switch my PC media player from VLC to something else due to potential data leaks. What other media player should I choose if I do so?
edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the...
edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the actual problem i had with Spyhunter, not VLC.
Spyhunter 5 has been bothering me about potential data leaks from vlc media player. The vulnerability is generally based on publicly available information.
It would be a shame if i have to switch, been using vlc for as long as i remember. It is probably the best media player out there, but i hate sharing my personal data in any way or form.Spyhunter msg:
- Severity: Medium, VLC media player (Version 3.0.4)
- The CAF demuxer in modules/demux/cad.c in VideoLan media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in Caf files, because a ReadKukiChunk() cast converts a return value to an unsigned int, even if that value is negative. This could result in a denial of service and/or potential infoleak.
Is this even anything to care about? I have updated VLC including removing cashe and still get the alert. Is a rollback another option perhaps?
5 votes - Severity: Medium, VLC media player (Version 3.0.4)
-
Laptops to stay in bags as TSA brings new technology to airports
11 votes -
Security alert: pipdig [popular WordPress theme provider] insecure, DDoSing competitors
6 votes -
Facebook stored hundreds of millions of user passwords in plain text for years
27 votes -
What would be a good security setup for me?
So: I keep all my passwords in my password manager (Bitwarden) All my 2FA codes are generated by AndOTP on my phone. My 2FA backup codes are also in Bitwarden, which I think is a bad idea, because...
So:
- I keep all my passwords in my password manager (Bitwarden)
- All my 2FA codes are generated by AndOTP on my phone.
- My 2FA backup codes are also in Bitwarden, which I think is a bad idea, because that defeats the purpose of 2FA. So where should I put those?
- I have my Bitwarden 2FA backup code in my wallet and in a safe at my house. Is that a good idea for the other backup codes?
- Is there anything I'm forgetting here?
8 votes -
How secure and private is Firefox?
I was browsing r/privacy today and I came across this guy going on about how Mozilla was just pretending to be privacy focused. Here's his comment. Now I don't really know what to think of this,...
I was browsing r/privacy today and I came across this guy going on about how Mozilla was just pretending to be privacy focused. Here's his comment. Now I don't really know what to think of this, and frankly, I'm getting really exhausted of hearing about how all the things I'm using aren't actually trustworthy. So can so someone put my mind to rest? Does this guy's claims have any truth to them? Thanks.
20 votes -
Hated and hunted - The perilous life of the computer virus cracker making powerful enemies online
9 votes -
Five cybersecurity mistakes companies keep making
4 votes -
The Morris worm at thirty
4 votes -
Triton is the world’s most murderous malware, and it’s spreading
16 votes -
The prototype iPhones that hackers use to research Apple’s most sensitive code
7 votes -
Why 'ji32k7au4a83' is a remarkably common password
57 votes -
Chrome update on March 1 fixed a serious zero-day RCE vulnerability that was being actively exploited
10 votes -
All Intel chips open to new Spoiler non-Spectre attack: Don't expect a quick fix
23 votes -
EFF announces "Fix It Already" campaign to demand fixes for specific issues from nine major tech companies and platforms
42 votes -
Android is helping kill passwords on billions of devices
11 votes -
The microphones that may be hidden in your home
23 votes -
FastMail loses customers, faces calls to move over anti-encryption laws
15 votes -
Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information
10 votes -
What are the essential dos and don'ts of digital security for the average person?
Thanks to all of you who gave me guidance in the thread about password managers. It got me thinking I should expand the question to overall best practices regarding security, just in case I have...
Thanks to all of you who gave me guidance in the thread about password managers. It got me thinking I should expand the question to overall best practices regarding security, just in case I have any other important blind spots.
What are the essential do's and don'ts of digital security for the average person?
35 votes -
Is a password manager essential?
I feel like it's impossible to remember passwords that are long, random, and unique for every service. I have too many accounts. On the other hand, I don't like the idea of giving up control of my...
I feel like it's impossible to remember passwords that are long, random, and unique for every service. I have too many accounts.
On the other hand, I don't like the idea of giving up control of my passwords to a password manager and using the ones it generates and stores. It feels weird that I wouldn't "know" my passwords.
Is this a hangup I should just get past? What do I do if I need to login somewhere but cannot access my password manager?
30 votes -
Managing my passwords with KeePassXC and friends
13 votes -
Facebook charged with misleading users on health data visibility
8 votes -
A deep dive on the recent widespread DNS hijacking attacks
8 votes -
Future of personal security and privacy, upcoming trends.
A few years ago I got into improving my knowledgebase of personal security - theory and tools - but it didn't go much farther than reinforcing everything with 2FA and setting up a password...
A few years ago I got into improving my knowledgebase of personal security - theory and tools - but it didn't go much farther than reinforcing everything with 2FA and setting up a password manager, plus setting up a VPN and full disk encryption.
It seems like we're amidst a rising tide of data breaches due to, IMHO, laziness and cheapness on the part of many companies storing personal data.
So, recently I've embarked on my second journey to improve my own security via habits and software and teaching myself. Privacytools has been a super helpful resource. My main lesson this time is to take ownership/responsibility for my own data. To that end, I have switched to KeyPass with yubikey 2FA (still trying to figure out how to get 2FA with yubi on my android without NFC), moved over to Joplin for my note taking (away from Google and Evernote) and also switched to NextCloud for all of my data storage and synchronization. I'm also de-Googling myself, current due-date is end of March when Inbox is shut down.
So my question / discussion topic here, is, what are everyone's thoughts on the future of practical personal security and privacy? More decentralization and self-hosting? That's what it looks like to me. Blockchain tech would be cool for public objects like news articles, images etc. but from what I understand that has zero implication for anything personal. The other newish tech is PGP signatures, which I'm still having trouble implementing/finding use for, but surely that will change.
There is this topic but that ended up just being about encryption which I think is a no-brainer at this point. I'm more so looking for the leading edge trends.
17 votes -
There's no good reason to trust blockchain technology
10 votes -
Sentry mode: Guarding your Tesla
5 votes -
Russia to disconnect from the internet as part of a planned cyberwar test
33 votes -
Vulnerability in Android allows remote code execution by viewing a malicious PNG image
16 votes -
How all-knowing smartphones could become the Pentagon’s employee access cards
9 votes -
A profile of Alex Stamos, former security chief at Yahoo and Facebook who was at ground zero of major cyberattacks and Russian election interference
6 votes -
Securing and improving privacy on macOS
13 votes -
The Google Chrome team is developing tools, heuristics and warnings to help protect against deceptive URLs
11 votes -
What I learned from the hacker who spied on me
7 votes -
Is Huawei a friend or foe in the battle for 5G dominance?
4 votes -
New Japanese law lets government hack IOT devices and warn owners they're vulnerable
8 votes