Miscellaneous Tech News

DustinB3403

@Dashrender no one said it was a stepped improvement. They also have biometrics (face, fingerprint) as well as pin options.

They are working to remove the password complexity requirement and put something else in place of it.

https://imgs.xkcd.com/comics/password_strength.png

DustinB3403

Which ideally if they could come up with a Correct Horse Shoe Battery Staple algorithm and generate random passwords based on dictionary words they likely would be better off.

But how can one trust that the computer and ISO isn't compromised at installation time or to make sure that algorithm hasn't been cracked. . .

JaredBusch

@DustinB3403 said in Miscellaneous Tech News:

Which ideally if they could come up with a Correct Horse Shoe Battery Staple algorithm and generate random passwords based on dictionary words they likely would be better off.

But how can one trust that the computer and ISO isn't compromised at installation time or to make sure that algorithm hasn't been cracked. . .

Secure boot and hash verification.

DustinB3403

@JaredBusch said in Miscellaneous Tech News:

@DustinB3403 said in Miscellaneous Tech News:

Which ideally if they could come up with a Correct Horse Shoe Battery Staple algorithm and generate random passwords based on dictionary words they likely would be better off.

But how can one trust that the computer and ISO isn't compromised at installation time or to make sure that algorithm hasn't been cracked. . .

Secure boot and hash verification.

That was my point, the solution already exists. But no one has implemented said algorithm in their systems.

Dashrender

People don't want to use generated passwords if they can avoid it.

The push OTP is an awesome idea - my only criticism was they pushing to SMS, and not the app.

DustinB3403

@Dashrender said in Miscellaneous Tech News:

People don't want to use generated passwords if they can avoid it.

The push OTP is an awesome idea - my only criticism was they pushing to SMS, and not the app.

Well the issue is that a password generated by a person generally just sucks. If the process of passwords were to be changed, one such option would be to use randomly generated passwords like CHSBS.

Dashrender

@DustinB3403 said in Miscellaneous Tech News:

@Dashrender said in Miscellaneous Tech News:

People don't want to use generated passwords if they can avoid it.

The push OTP is an awesome idea - my only criticism was they pushing to SMS, and not the app.

Well the issue is that a password generated by a person generally just sucks. If the process of passwords were to be changed, one such option would be to use randomly generated passwords like CHSBS.

That's great - I suppose you could force people to use the passwords that systems make for them - not allowing them to change them to something that the user themself's want. That just means they'll write it down and potentially write it directly on the computer - I guess the hackers can't read it at least.

DustinB3403

@Dashrender and to that same point, how many times has a user changed their password only to forget it and need it changed again. Or write it down when they change it and have arbitrary requirements like in the CHSBS example?

Dashrender

@DustinB3403 said in Miscellaneous Tech News:

@Dashrender and to that same point, how many times has a user changed their password only to forget it and need it changed again. Or write it down when they change it and have arbitrary requirements like in the CHSBS example?

I'm all for getting rid of passwords - just don't use SMS as a part of the fix.

Obsolesce

@Dashrender said in Miscellaneous Tech News:

@DustinB3403 said in Miscellaneous Tech News:

@Dashrender and to that same point, how many times has a user changed their password only to forget it and need it changed again. Or write it down when they change it and have arbitrary requirements like in the CHSBS example?

I'm all for getting rid of passwords - just don't use SMS as a part of the fix.

I like using Chrome's built-in password manager and generator. So long as you can use Chrome, you don't need to know the password. If you need to know it, you can always go in and check.

Donahue

I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.

Dashrender

@Donahue said in Miscellaneous Tech News:

I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.

As far as I know, nothing works for computers logins - at least regarding an automated way to enter the information.

Pulling the info out of Lastpass is generally easy enough though - I get it on my phone when I'm not at my own computer.

DustinB3403

@Donahue said in Miscellaneous Tech News:

I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.

I use KeePass for personal stuff and LastPass at work. For work, it's fine and has functionality which is great for work. But personally I couldn't use it as it's solely accessible from a browser.

KeePass I can access from my phone, desktop, laptop tablet and pretty much everything else.

Dashrender

@DustinB3403 said in Miscellaneous Tech News:

@Donahue said in Miscellaneous Tech News:

I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.

I use KeePass for personal stuff and LastPass at work. For work, it's fine and has functionality which is great for work. But personally I couldn't use it as it's solely accessible from a browser.

KeePass I can access from my phone, desktop, laptop tablet and pretty much everything else.

I use Lastpass from my phone - there's an app.

Assuming you're in a GUI on your desktop - what do you care if you're using the browser or a native app?

DustinB3403

@Dashrender said in Miscellaneous Tech News:

@DustinB3403 said in Miscellaneous Tech News:

@Donahue said in Miscellaneous Tech News:

I use lastpass for almost everything. It's nice for things like websites, but it would be a pain for things like computer logins.

I use KeePass for personal stuff and LastPass at work. For work, it's fine and has functionality which is great for work. But personally I couldn't use it as it's solely accessible from a browser.

KeePass I can access from my phone, desktop, laptop tablet and pretty much everything else.

I use Lastpass from my phone - there's an app.

Assuming you're in a GUI on your desktop - what do you care if you're using the browser or a native app?

Just functionality wise it feels like it's lacking.

Donahue

I also use the lastpass app on my phone, I can use my fingerprint to open it so I dont have to type in my super long master password.

bnrstnr

@Dashrender said in Miscellaneous Tech News:

As far as I know, nothing works for computers logins - at least regarding an automated way to enter the information.

I believe automated logins are becoming more popular with the Windows Hello feature. I think Yubikey's can log you into Windows now.

Have Yubikey's ever come up here? I don't recall reading much about them.

mlnews

Samsung sticks Nvidia RTX 2080 GPU inside new Odyssey gaming notebook

Yet another competitor for Acer, Alienware, Razer, and others to watch.

Samsung is making news at CES 2019—but not for an obvious reason. The Korean manufacturer announced its first new gaming laptop in quite some time: the Samsung Notebook Odyssey. While Samsung has made gaming devices with the Odyssey name, this new notebook appears to compete with similarly powerful and portable gaming PCs from the likes of Acer, Alienware, and Razer.

scottalanmiller

@mlnews wow, that's a nice card!

mlnews

TIL: Firefox has a little-known feature to spare your blushes on the new-tab page

Open source browser tries to avoid publicizing your dirtier computing habits.

For many of us, our browsers' new-tab pages are something of a liability. Whichever browser you use, they all follow a fairly similar style: a bunch of boxes linking to the sites that we use and visit regularly. This is great when your regular sites are Ars, Gmail, and Twitter. But all too often, sites of a less salubrious nature find their way onto our new-tab pages, disclosing to the world our dirty habits when nobody's watching. While we can, of course, clean up our new-tab pages by Xing out the buttons for the offending sites, a moment of inattention can all too easily expose our pornographic predilections to the world.