Steven Zekowski<p><span class="h-card" translate="no"><a href="https://mastodon.thenewoil.org/@thenewoil" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thenewoil</span></a></span> <br>I use <a href="https://freeradical.zone/tags/diceware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>diceware</span></a> random words and have never used as few as 3 so this doesn’t surprise me. The author advocates for using <a href="https://freeradical.zone/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a> but I have so far resisted that advice from him and others. Using a <a href="https://freeradical.zone/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> mgr with a browser extension, passkeys seem to be only a small increase in utility. Also don’t like the “black box” aspect of passkeys: what are they, where are they locally, how secure is this system. Happy to hear how I am wrong to be a passkey skeptic.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.
Administered by:
Server stats:
214active users
eupolicy.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#diceware
0 posts · 0 participants · 0 posts today
Aaron Toponce ⚛️:debian:<p>8,192 French <a href="https://fosstodon.org/tags/Diceware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Diceware</span></a> word list for use with computers.</p><p><a href="https://fosstodon.org/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://fosstodon.org/tags/passphrases" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passphrases</span></a></p><p><a href="https://theworld.com/~reinhold/wordlist_fr_8192.txt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">theworld.com/~reinhold/wordlis</span><span class="invisible">t_fr_8192.txt</span></a></p>
Alper<p><span class="h-card" translate="no"><a href="https://social.mailbox.org/@mailbox_org" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mailbox_org</span></a></span> Sorry Mailbox but after being your customer for 6 years I have to say something honestly and directly. </p><p>Your security understanding sucks!<br>You don't allow me to use TOTP, U2F with my own Yubikey.<br>And don't accept my 8 word bzillion bit <a href="https://mas.to/tags/diceware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>diceware</span></a> password because it does not have special, capital letters and numbers.</p><p>This is not how you should be doing, not at the end of the 21st century's first quarter is about to end!</p>
cz hk (๑˃̵ᴗ˂̵)و 🇦🇲🇺🇦🇵🇸<p><span class="h-card" translate="no"><a href="https://botsin.space/@lovinggrace" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lovinggrace</span></a></span> change your passwords, everyone <a href="https://mastodon.social/tags/diceware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>diceware</span></a></p>
Jeremi M Gosney :verified:<p>Happy <a href="https://infosec.exchange/tags/WorldPasswordDay" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WorldPasswordDay</span></a>!</p><p>I've cracked billions of <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> from tens of thousands of <a href="https://infosec.exchange/tags/data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>data</span></a> <a href="https://infosec.exchange/tags/breaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>breaches</span></a> in the past 12+ years, and because of this, I likely know at least one <a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> for 90% of people on the Internet. And I'm not alone! While I primarily crack breached passwords for research purposes and the thrill of the sport, others are selling your breached passwords to criminals who leverage them in <a href="https://infosec.exchange/tags/AccountTakeover" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AccountTakeover</span></a> and <a href="https://infosec.exchange/tags/CredentialStuffing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CredentialStuffing</span></a> attacks. </p><p>How can you keep your accounts safe?</p><p>- Use a <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManager</span></a>! I recommend <span class="h-card" translate="no"><a href="https://fosstodon.org/@bitwarden" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bitwarden</span></a></span> and <span class="h-card" translate="no"><a href="https://1password.social/@1password" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>1password</span></a></span> </p><p>- Use a <a href="https://infosec.exchange/tags/Diceware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Diceware</span></a> style <a href="https://infosec.exchange/tags/passphrase" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passphrase</span></a> - four or more words selected at random - for passwords you have to commit to memory, like your master password!</p><p>- Enable MFA for important online accounts, including cloud-based password managers!</p><p>- Harden your master password by tweaking your password manager's KDF settings! For <a href="https://infosec.exchange/tags/Bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bitwarden</span></a>, use Argon2id with 64MB memory, 3 iterations, 4 parallelism. For <a href="https://infosec.exchange/tags/1Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>1Password</span></a> and other PBKDF2 based password managers, set the iteration count to at least 600,000. </p><p>- Use unique, randomly generated passwords for all your accounts! Use your password manager to generate random 14-16 character passwords for everything. Modern password cracking is heavily optimized for human-generated passwords, because humans are highly predictable. Randomness defeats this and forces attackers to resort to incremental brute force! There's no trick you can do to make a secure, uncrackable password on your own - your meat glob will only betray you.</p><p>- Use an ad blocker like <a href="https://infosec.exchange/tags/uBlock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uBlock</span></a> Origin to keep you safe from password-stealing <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a> and other browser based threats!</p><p>- Don't fall for <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> attacks and other social engineering attacks! Browser-based password managers help defend against phishing attacks because they'll never autofill your passwords on fake login pages. Think before you click, and never give your passwords to anyone, not even if they offer you chocolate or weed.</p><p>- <a href="https://infosec.exchange/tags/Enterprises" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Enterprises</span></a>: require ad blockers, invest in an enterprise password management solution, audit password manager logs to ensure employes aren't sharing passwords outside the org, implement a Fine Grained Password Policy that requires a minimum of 20 characters to encourage the use of long passphrases, implement a password filter to block commonly used password patterns and compromised passwords, disable <a href="https://infosec.exchange/tags/NTLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NTLM</span></a> authentication and disable RC4 for <a href="https://infosec.exchange/tags/Kerberos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kerberos</span></a>, disable legacy broadcast protocols like LLMNR and NBT-NS, require mandatory <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SMB</span></a> signing, use Group Managed Service Accounts instead of shared passwords, monitor public data breaches for employee credentials, and crack your own passwords to audit the effectiveness of your password policy and user training!</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload