[WO] Reminder: Use a password manager. (And stop giving bad advice!)
⭐ Merited by JayJuanGee (1)
Reminder: don't trust password managers...
This is bad security advice. You hereby win the award for the worst security advice that I have yet seen in 2021; that is quite an achievement, given the popularity of truly horrid security advice by total idiots. STOP GIVING BAD ADVICE.
One of the most important actions that users can take to secure their online accounts is to use a password manager. Use a password manager. Use a password manager.
Backdoored password manager stole data
Quote
As many as 29,000 users of the Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server. Bad actors compromised its upgrade mechanism and used it to install a malicious file on user computers.
Will you next so fallaciously abuse particularized examples of insecure or malicious wallets, fake Electrum downloads, etc. as generalized evidence that Bitcoin is insecure? “Reminder: don’t trust Bitcoin. Bitcoin is hacked. Bitcoin was hacked through its update system.”
Note: Some people lost their life savings due to the above-referenced hack. Solution: Check PGP signatures to verify downloads!
Stop the ill-informed FUD. See the PTIO list that I advised SwayStar123 to use, and use a password manager so that you can safely use long random passwords that are different for every site (= security), without accidentally losing your passwords and locking yourself out of everything (= availability):
Did you find out why your account was hacked in the first place ? Did you used an easy password or you told your password to any friend etc ?
Keep a strong password and hopefully no one will be able to hack your account.
Keep a strong password and hopefully no one will be able to hack your account.
reused password
Here is a selection (onion) of secure password managers for you. Bitwarden may be easiest, if you are accustomed to being dependent on cloud stuff like all of the cool kids who obdurately refuse to end sentences with periods. Bonus: It is open-source; and if you want, you can run your own server instead of depending on theirs!
If you have reused passwords, then you should register at have I been pwned? (not a typo). What you thus discover should properly scare you into never, ever reusing passwords again.
<blink>:emoji: Never reuse passwords! :emoji: :emoji: :emoji:</blink>
P.S., protip for hackers: Phil_S probably either reuses passwords, or uses weak passwords, or both. Please go find some incompetently run site that he also uses, steal its password database, use Hashcat to recover his password, and then use the Phil_S account to post porn in the Wall Observer. Thanks!
Also: antivirus software is useless. What a surprise.
Quote
First-stage payloads uploaded to VirusTotal here and here showed that at the time this post was going live, none of the 68 tracked endpoint protection programs detected the malware. Researchers so far have been unable to obtain samples of the follow-on payload.
Antivirus software has always been a scam. No wonder McAfee got rich off of it.
Solution: Don’t run executable code from unknown sources. This means, among other things: Disable Javascript!
Reminder: don't trust password managers...
A txt file, in a vera(true-)crypt archive is probably more secure, especially if it only contains a cryptic description or hint of the passwords. (still wouldn't use it for btc stuff)That is such bad advice that I honestly can’t tell if you are trolling. Stop it before someone gets hurt. Do you also generate an ad hoc Bitcoin keypool with dice rolls and store the private key WIFs in a text file, so that you can avoid installing wallet software that may be backdoored? Rube Goldberg wants his security systems back.