mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,5 Tsd.
aktive Profile

#passwords

6 Beiträge6 Beteiligte0 Beiträge heute
Jabbercracky!<p>Password Village has teamed up with In.security to organise a DEFCON Jabbercracky!</p><p>This is a 48-hr event running from 8th Aug at 12:00 noon until Sunday 10th at noon.</p><p>There will be 2 lists, an easier and a harder one. All players (whether solo or team) can take on and submit both if they want. All details are on the site.</p><p>It can be played remotely and you can register now in advance!</p><p>An event channel will also be available on the Jabbercracky discord at <a href="https://discord.gg/eABKrn2d6q" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">discord.gg/eABKrn2d6q</span><span class="invisible"></span></a></p><p>We are very excited about this opportunity, and again, thank you to the community for all the support. The site went live this January, and since then we have received so much community support. The project really is a community collaboration, and we hope we can continue to share our passions with the community. Stop by and see what we are all about :). </p><p><a href="https://defcon.jabbercracky.com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">defcon.jabbercracky.com/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/jabbercracky" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jabbercracky</span></a> <a href="https://infosec.exchange/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon</span></a> <a href="https://infosec.exchange/tags/defcon33" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon33</span></a> <a href="https://infosec.exchange/tags/ctf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ctf</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cryptography</span></a> <a href="https://infosec.exchange/tags/game" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>game</span></a></p>
Jabbercracky!<p>The monthly casual event for July will start this Friday! </p><p>1 hash list will be created with 250k hashes based on a hidden theme. The competition portion will last 7 days and the write-up will be prepared and released shortly after.</p><p><a href="https://infosec.exchange/tags/jabbercracky" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jabbercracky</span></a> <a href="https://infosec.exchange/tags/ctf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ctf</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/passwordcracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordcracking</span></a> <a href="https://infosec.exchange/tags/cracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cracking</span></a></p>
Alan Lewis<p>MICROSOFT ELIMINATING PASSWORDS<br>Mastodon Post</p><p>Microsoft Is Eliminating Passwords in August: Here's What You Need to Do to Prepare</p><p>Microsoft Authenticator has already stopped autofilling passwords, but the biggest change comes next month. </p><p><a href="https://www.cnet.com/tech/microsoft-is-erasing-your-passwords-next-month-do-this-asap/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cnet.com/tech/microsoft-is-era</span><span class="invisible">sing-your-passwords-next-month-do-this-asap/</span></a></p><p>I have been with Windows since pretty much the beginning. My first Windows computer, at work, was Windows 2. The guy across the hall had Windows 1, which I sometimes used. These days, Microsoft and Dell keep prompting me to upgrade to Windows 11, an OS that is about to take a first step toward becoming obsolete. I'm giving very serious thought to upgrading to something other than Windows.</p><p>Windows once was cool and the Windows team was a bunch of cool people. Those days are dead and gone. At some point Windows staff got in touch with their inner NAZI. This is a small example. Microsoft is eliminating passwords because customers don't use passwords THEIR way - CORPORATE orientation. Their updates are a form of inexplicable mania and their use of OneDrive is equally insane. It is getting harder and harder to use my computer MY way because of Microsoft's extreme and growing CORPORATE orientation and their pretty nearly nonexistent CUSTOMER orientation.</p><p>Microsoft thinks its judgment prevails on fantastically too much, it thinks its ways of doing things prevail, and I, for one, am getting fed up.</p><p>The Hitchhiker's Guide to the Galaxy says, People keep getting technology when what they really want is just stuff that works. Microsoft management needs someone to explain that to them.</p><p>: <a href="https://c.im/tags/computers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>computers</span></a> <a href="https://c.im/tags/corporateorientation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>corporateorientation</span></a> <a href="https://c.im/tags/customerorientation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>customerorientation</span></a> <a href="https://c.im/tags/dell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dell</span></a> <a href="https://c.im/tags/dellcomputer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dellcomputer</span></a> <a href="https://c.im/tags/dellcomputers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dellcomputers</span></a> <a href="https://c.im/tags/marketing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>marketing</span></a> <a href="https://c.im/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoft</span></a> <a href="https://c.im/tags/passwordauthenticator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordauthenticator</span></a> <a href="https://c.im/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://c.im/tags/pins" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pins</span></a> <a href="https://c.im/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://c.im/tags/windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>windows</span></a> :</p>
Yes, But ⁉️<p>Just use a <a href="https://mstdn.social/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordManager</span></a> (like <span class="h-card" translate="no"><a href="https://fosstodon.org/@bitwarden" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bitwarden</span></a></span>)<br><a href="https://mstdn.social/tags/Account" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Account</span></a> <a href="https://mstdn.social/tags/Accounts" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Accounts</span></a> <a href="https://mstdn.social/tags/AccountCreation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AccountCreation</span></a> <a href="https://mstdn.social/tags/Register" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Register</span></a> <a href="https://mstdn.social/tags/Registration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Registration</span></a> <a href="https://mstdn.social/tags/Password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Password</span></a> <a href="https://mstdn.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://mstdn.social/tags/StrongPassword" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StrongPassword</span></a> <a href="https://mstdn.social/tags/StrongPasswords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StrongPasswords</span></a> <a href="https://mstdn.social/tags/ForgotPassword" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ForgotPassword</span></a> <a href="https://mstdn.social/tags/ForgotternPassword" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ForgotternPassword</span></a></p><p><a href="https://mstdn.social/tags/YesBut" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>YesBut</span></a> <a href="https://mstdn.social/tags/Comic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Comic</span></a> <a href="https://mstdn.social/tags/Comics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Comics</span></a> <a href="https://mstdn.social/tags/Meme" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Meme</span></a> <a href="https://mstdn.social/tags/Memes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Memes</span></a></p>
Hacker News<p>Microsoft Will Delete Your Passwords in One Month</p><p><a href="https://www.cnet.com/tech/microsoft-will-delete-your-passwords-in-one-month-do-this-asap/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cnet.com/tech/microsoft-will-d</span><span class="invisible">elete-your-passwords-in-one-month-do-this-asap/</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://mastodon.social/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/TechNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechNews</span></a> <a href="https://mastodon.social/tags/CNET" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CNET</span></a></p>
Erik van Straten<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@relishthecracker" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>relishthecracker</span></a></span> : that's make belief.</p><p>"Wow, asymmetric encryption, even quantum-computer-proof", "military-grade", etcetera.</p><p>Right after logging in using a passkey with an unbreakably protected private key, the website sends a session cookie (or similar) to the browser - which is NOT protected like private keys. If a website (like most of them) does not log you out if your IP-address changes, such a cookie is nearly as bad as a password. And fully if the cookie never expires.</p><p>Therefore:</p><p>1️⃣ Even if attackers cannot copy private keys: if the user device is sufficiently compromised (i.e. on Android, running an accessibility service), they can take over all of the user's accounts;</p><p>2️⃣ If the user's browser is compromised, attackers can copy session cookies and use them to obtain access to accounts the user logs in to;</p><p>3️⃣ An AitM (Attacker in the Middle) using a malicious website can copy/steal authentication cookies. Such AitM-attacks are possible in at least the following cases if either:</p><p>• A malicious third party website manages to obtain a fraudulently issued certificate (examples: <a href="https://infosec.exchange/@ErikvanStraten/112914050216821746" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.exchange/@ErikvanStrat</span><span class="invisible">en/112914050216821746</span></a>);</p><p>• An attacker obtains unauthorised write access to the website's DNS record;</p><p>• An attacker manages to obtain access to a server where a "dangling" (forgotten) subdomain name points to, *AND* the real authenticating server (RP) does not carefully check for allowed subdomains (see <a href="https://github.com/w3ctag/design-reviews/issues/97#issuecomment-175766580" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/w3ctag/design-revie</span><span class="invisible">ws/issues/97#issuecomment-175766580</span></a>);</p><p>4️⃣ The server is compromised or has a rogue admin: the attacker can add their passkey's public key to your account, or replace your public key with theirs (note that passkey pubkeys are not encapsulated by certificates issued by trusted issuers, stating who owns the public key).</p><p>Phishing using fake websites is probably the number one problem on the internet. *THE* major advantage of passkeys is that they make phishing attacks VERY HARD.</p><p>Indeed, if your device is sufficiently compromised, the risk of all of your passwords being stolen if you use a password manager is BIG.</p><p>However, as I wrote, if your device is sufficiently compromised, an attacker does not need access to your private keys in order to obtain access to your accounts.</p><p><span class="h-card" translate="no"><a href="https://sigmoid.social/@oliversampson" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>oliversampson</span></a></span> <span class="h-card" translate="no"><a href="https://cathode.church/@kaye" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kaye</span></a></span> </p><p><a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PasswordManagers</span></a> <a href="https://infosec.exchange/tags/DomainNames" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DomainNames</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Phishing</span></a> <a href="https://infosec.exchange/tags/AitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AitM</span></a> <a href="https://infosec.exchange/tags/MitM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MitM</span></a> <a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptography</span></a> <a href="https://infosec.exchange/tags/MilitaryGrade" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MilitaryGrade</span></a> <a href="https://infosec.exchange/tags/Authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Authentication</span></a> <a href="https://infosec.exchange/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> <a href="https://infosec.exchange/tags/FakeWebsites" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FakeWebsites</span></a> <a href="https://infosec.exchange/tags/ATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ATO</span></a> <a href="https://infosec.exchange/tags/AccountTakeOver" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AccountTakeOver</span></a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwords</span></a> <a href="https://infosec.exchange/tags/SharedSecrets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharedSecrets</span></a> <a href="https://infosec.exchange/tags/AsymmetricCryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AsymmetricCryptography</span></a> <a href="https://infosec.exchange/tags/SubDomains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SubDomains</span></a> <a href="https://infosec.exchange/tags/DanglingSubDomains" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DanglingSubDomains</span></a></p>
Dumb Password Rules<p>This dumb password rule is from UniSuper.</p><p>Passwords need:<br>- a lower case letter<br>- a number<br>- a capital letter<br>- at least 8 characters</p><p>In the 'Change password' form,<br>passwords are now restricted to a `maxlength` of 18.</p><p>If your current password is longer than 18 characters,<br>you won't be able to change your password.<br>When I contacted them...</p><p><a href="https://dumbpasswordrules.com/sites/unisuper/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/un</span><span class="invisible">isuper/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Liyah Mackenzie Writes<p>Password generators: because nothing says “security” like trusting your entire digital life to a string that looks like a cat walked across the keyboard mid-seizure.</p><p><a href="https://toot.io/tags/joke" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>joke</span></a> <a href="https://toot.io/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://toot.io/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://toot.io/tags/cats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cats</span></a></p>
Brian<p>On the Desk of Brian podcast</p><p>Episode 004: AI in Classrooms, Financial Lessons for Kids, and Suns Trade Talk</p><p><a href="https://mastodon.cloud/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://mastodon.cloud/tags/education" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>education</span></a> <a href="https://mastodon.cloud/tags/economics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>economics</span></a> <a href="https://mastodon.cloud/tags/phoenixsuns" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>phoenixsuns</span></a> <a href="https://mastodon.cloud/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apple</span></a> <a href="https://mastodon.cloud/tags/iOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iOS</span></a> <a href="https://mastodon.cloud/tags/Reminder" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Reminder</span></a> <a href="https://mastodon.cloud/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.cloud/tags/fridaynightbaseball" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fridaynightbaseball</span></a> <a href="https://mastodon.cloud/tags/sharktank" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sharktank</span></a> <a href="https://mastodon.cloud/tags/AMD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AMD</span></a> <a href="https://mastodon.cloud/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> <a href="https://mastodon.cloud/tags/Xbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Xbox</span></a></p><p><a href="https://podcasts.apple.com/us/podcast/on-the-desk-of-brian/id1816798825?i=1000712571375" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">podcasts.apple.com/us/podcast/</span><span class="invisible">on-the-desk-of-brian/id1816798825?i=1000712571375</span></a></p><p><a href="https://open.spotify.com/episode/6NJGHYxXh1PrmJ780mltJJ?si=-d7IF8sJSrGUz02RNqoVIQ" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">open.spotify.com/episode/6NJGH</span><span class="invisible">YxXh1PrmJ780mltJJ?si=-d7IF8sJSrGUz02RNqoVIQ</span></a></p>
Dumb Password Rules<p>This dumb password rule is from EON.</p><p>By the time I'd finished reading the rules I've forgotten all of them.</p><p><a href="https://dumbpasswordrules.com/sites/eon/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/eo</span><span class="invisible">n/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dumbpasswordrules</span></a></p>
Liyah Mackenzie Writes<p>Everybody gangsta until the Wi‑Fi asks for a password they forgot six years ago.</p><p><a href="https://toot.io/tags/joke" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>joke</span></a> <a href="https://toot.io/tags/gangasta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gangasta</span></a> <a href="https://toot.io/tags/wifi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wifi</span></a> <a href="https://toot.io/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://toot.io/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwords</span></a></p>

This dumb password rule is from Techcombank.

Your password must:
- Be between 6 and 8 characters long
- Contains at least 1 number character
- Contains at least 1 lowercase character
- Contains at least 1 uppercase character
- Neither space nor unicode character is allowed. In fact,
NO special characters is allowed
- Must be changed every 9...

dumbpasswordrules.com/sites/te

dumbpasswordrules.comTechcombank - Dumb Password RulesYour password must: - Be between 6 and 8 characters long - Contains at least 1 number character - Contains at least 1 lowercase character - Contains at least 1 uppercase character - Neither space nor unicode character is allowed. In fact, NO special characters is allowed - Must be changed every 90 days
#password#passwords#infosec

So, another day, another data breach. This one is the motherload. 16 Billion, with a B, credentials, ie usernames and passwords. Almost all of the data is new, there’s about 200 million records that were known breaches. The breach stretches across providers, operating systems and vendors. It is not from a singular attack, but a compilation of a long exfiltration of data via infostealers and similar.

What does that mean for you? Go change your important passwords, again. Use a password manager. Passkeys are becoming more common, but I haven’t researched them so have no opinion. The ones I’ve seen use biometrics, and my work systems don’t have cameras.

This is a big deal, and you should pay attention to it.

#infosec #passwords #hack #darkweb #16billionrecords

cybernews.com/security/billion

theguardian.com/technology/202

Updates/additional-coverage from an earlier story

16-billion usernames & passwords have been compromised, the data was only available briefly, but people are being advised to change their passwords for important services imediately.

Due to the sheer volume of the data, it will take time to figure out exactly what services & users were affected, so best to take precautions now.

Change your passwords, and enable some form of 2FA.

The Guardian · Internet users advised to change passwords after 16bn logins exposedVon Dan Milmo

Like a good netizen, I duly spent a hour this morning changing my passwords as recommended following this large breach. In my experience, it's best to approach this task slowly and deliberately ensuring all new passwords are duly recorded in your password manager.

Google and Apple were reasonably straight forward, but oh my god, the process required to change my Instagram account was something else. So many steps and clicks, I am surprised anyone would bother. Deliberate of course because so many settings are consciously hidden and obfuscated by Meta. (I only have Instagram because a beloved family member uses it. I don't have the app on my phone and only access it in a Facebook container in a seperate Librewolf profile.)

#passwords #security

cybernews.com/security/billion