What are some security practices falsely assumed to work?

Attached: Untitled.png (919x542, 33K)

Antivirus, password manager

Human being part of the system.

>antivirus
true if you're not retarded.
>password manager
Wrong. It's a good security practice to use long password with combination of upper+lower case characters, numbers and symbols. You should also use different password for websites. It doesn't matter if you use handwritten notes, hardware keys or a FREE password manager software, it isn't something that is falsely assumed to work.

>Antivirus
yeah
>password manager
if your master password is hard enough there's nothing wrong with using password manager

>Wrong
It's not wrong. Unless you're talking about using LessPass on an offline android device and manually type passwords. In which case it's just a convenience. A password manager on a network computer is yet another attack vector.

Master passwords are irrelevant when there have been several proven ways of easily fetching your master password from RAM or other passwords from clipboards by simply using JavaScript or a malicious executable.

>Master passwords are irrelevant when there have been several proven ways of easily fetching your master password from RAM or other passwords from clipboards by simply using JavaScript or a malicious executable.
Wow you're going to fetch encrypted passwords with a patched vulnerability?

>encrypted
>implying

If your computer is owned by some hacker who can see and modify your RAM, then he can acquire all your passwords directly from the keyboard as you type them.

Any good password manager (including Firefox's) will encrypt all passwords. Even fucking LastPass got hacked and no real passwords were leaked from there.

Also, all GNU distros come with a keyring. All modern OSes save several passwords, including the one to log in to a user and WiFi passwords. If obtaining passwords from a computer was as trivial as you say, all computers in the world would be vulnerable.

Whoa is that what a hack looks like

>Forced complexity requirements beyond minimum length and a comparison against a cracked password list.
>Password expiration.
>The use of biometrics as authentication (biometrics are an identifier, not a key).
Clientside validation without serverside confirmation.
>"Security" questions of any kind.
>The use of a personalized "security" picture.
>Encryption without authentication.
>SMS or a phone call as a two factor mechanism.
>MAC filtering, or any kind of filtering without proof of identity.
>Executable signatures in the same distribution channel as the executable.
Holy shit I could go on. People tend to treat security like it's black magic, and 95% of the people in the "security business" are charlatans.

>>SMS or a phone call as a two factor mechanism.
Oh no, someone might be standing under my terrace with 10 kilogram spying equipment.

No, but someone else may phish your phone provider to get a SIM card with your number, that's why it's dumb. Lurk more.

A single point of failure for all your passwords is a bad idea and you can't convince me otherwise.

It's better than your homebrew alternative of making passphrases by yourself and storing them in some "clever" way

You know if I know your mobile number I can just call your phone provider, get your puk code and clone your sim card.

Illegal in the EU.

That will surely stop the criminals

What, like learning them and storing them in my brain?

You zoomers never learned the ability to memorize anything.

>If obtaining passwords from a computer was as trivial as you say, all computers in the world would be vulnerable.
>he doesn't know

Attached: a64b69c3-acd3-4201-80a0-b6082cc03cda.jpg (880x377, 57K)

today's b8 bread?

Attached: 1566213257066.png (394x454, 58K)

Good luck memorizing over 50 randomly generated passphrases. I hope you don't reuse passwords either.
>You zoomers
epic

People have literally been pwned through compromising SMS based two factor. Literally all it takes is some social engineering. It's really stupid to use this when TOTP and U2F exists. Fuck, they're actually more convenient, since you can use them even when you're out of service.

>

>his solution can't even whitstand torture
Bad alternative. It can be defeated by the simplest of attacks.