Attached: Untitled.png (919x542, 33K)
What are some security practices falsely assumed to work?
Bentley Harris
Austin Adams
Antivirus, password manager
Noah Hill
Human being part of the system.
Chase Flores
>antivirus
true if you're not retarded.
>password manager
Wrong. It's a good security practice to use long password with combination of upper+lower case characters, numbers and symbols. You should also use different password for websites. It doesn't matter if you use handwritten notes, hardware keys or a FREE password manager software, it isn't something that is falsely assumed to work.
Jose Thomas
>Antivirus
yeah
>password manager
if your master password is hard enough there's nothing wrong with using password manager
Luke Young
>Wrong
It's not wrong. Unless you're talking about using LessPass on an offline android device and manually type passwords. In which case it's just a convenience. A password manager on a network computer is yet another attack vector.
Master passwords are irrelevant when there have been several proven ways of easily fetching your master password from RAM or other passwords from clipboards by simply using JavaScript or a malicious executable.
Brayden Powell
>Master passwords are irrelevant when there have been several proven ways of easily fetching your master password from RAM or other passwords from clipboards by simply using JavaScript or a malicious executable.
Wow you're going to fetch encrypted passwords with a patched vulnerability?
Aiden Russell
>encrypted
>implying
Hudson Jenkins
If your computer is owned by some hacker who can see and modify your RAM, then he can acquire all your passwords directly from the keyboard as you type them.
Any good password manager (including Firefox's) will encrypt all passwords. Even fucking LastPass got hacked and no real passwords were leaked from there.
Also, all GNU distros come with a keyring. All modern OSes save several passwords, including the one to log in to a user and WiFi passwords. If obtaining passwords from a computer was as trivial as you say, all computers in the world would be vulnerable.
Nicholas Scott
Whoa is that what a hack looks like
Brayden Howard
>Forced complexity requirements beyond minimum length and a comparison against a cracked password list.
>Password expiration.
>The use of biometrics as authentication (biometrics are an identifier, not a key).
Clientside validation without serverside confirmation.
>"Security" questions of any kind.
>The use of a personalized "security" picture.
>Encryption without authentication.
>SMS or a phone call as a two factor mechanism.
>MAC filtering, or any kind of filtering without proof of identity.
>Executable signatures in the same distribution channel as the executable.
Holy shit I could go on. People tend to treat security like it's black magic, and 95% of the people in the "security business" are charlatans.
Tyler Diaz
>>SMS or a phone call as a two factor mechanism.
Oh no, someone might be standing under my terrace with 10 kilogram spying equipment.
Andrew Walker
No, but someone else may phish your phone provider to get a SIM card with your number, that's why it's dumb. Lurk more.
Matthew Lewis
A single point of failure for all your passwords is a bad idea and you can't convince me otherwise.
Ethan Reyes
It's better than your homebrew alternative of making passphrases by yourself and storing them in some "clever" way
Henry Gutierrez
You know if I know your mobile number I can just call your phone provider, get your puk code and clone your sim card.
Hunter Cruz
Illegal in the EU.
Angel Bennett
That will surely stop the criminals
Aiden Baker
What, like learning them and storing them in my brain?
You zoomers never learned the ability to memorize anything.
Robert Sanders
>If obtaining passwords from a computer was as trivial as you say, all computers in the world would be vulnerable.
>he doesn't know
John Lopez
today's b8 bread?
Easton Scott
Good luck memorizing over 50 randomly generated passphrases. I hope you don't reuse passwords either.
>You zoomers
epic
Alexander Morgan
People have literally been pwned through compromising SMS based two factor. Literally all it takes is some social engineering. It's really stupid to use this when TOTP and U2F exists. Fuck, they're actually more convenient, since you can use them even when you're out of service.
Thomas Bennett
>
Jeremiah Davis
>his solution can't even whitstand torture
Bad alternative. It can be defeated by the simplest of attacks.