mastouille.fr @admin

Peter V. Tretter ✅ 🇨🇦<a href="https://fosstodon.org/@bitwarden" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bitwarden</a> <a href="https://ottawa.place/@srgower" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@srgower</a> <a href="https://1password.social/@1password" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@1password</a> too bad you don't have any servers in <a href="https://mastodon.social/tags/Canada" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Canada</a>. <a href="https://mastodon.social/tags/TradeWar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TradeWar</a> <a href="https://mastodon.social/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a>

Micah Ilbery :sloth_coffee:The bitwarden android app is great, the browser extension is fine for the most part, but the desktop client is such an awful experience. It honestly makes me want to move to something like keepass where I can get a native client no matter the platform. But keeping keepass synced across devices I've heard is not a great experience as it wasn't designed with synchronization in mind. I wish there were more 3rd-party bitwarden clients for every platform because with mobile I'm pretty happy but on my laptop it's super frustrating. <a href="https://slothsneed.coffee/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfHosting</a> <a href="https://slothsneed.coffee/tags/bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bitwarden</a> <a href="https://slothsneed.coffee/tags/vaultwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Vaultwarden</a> <a href="https://slothsneed.coffee/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Android</a> <a href="https://slothsneed.coffee/tags/gnome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GNOME</a> <a href="https://slothsneed.coffee/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> <a href="https://slothsneed.coffee/tags/keepass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KeePass</a> <a href="https://slothsneed.coffee/tags/passwordmanagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a>

🆘Bill Cole 🇺🇦6. Small developer in UK. Not clear where the "StrongBox Pro Sync" service lives, but it is not required for synch because you can use any file in the (local or remote-mounted) filesystem, SFTP or WebDAV to wherever, or multiple commercial cloud storage tools. <a href="https://toad.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwords</a> <a href="https://toad.social/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a> <a href="https://toad.social/tags/Strongbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Strongbox</a> (3/3)

🆘Bill Cole 🇺🇦1. Native KeePass 2 vault format, so other programs can use the encrypted vault files. Each device has a complete copy of each vault, which can be opened offline if you have the passphrase, key file, or physical security key used to encrypt it. 2. Includes multiple peer-to-peer (ish) and cloud-based synch options including SFTP & WebDAV. Works with Syncthing/MobiusSync if you want to be truly masterless. Has bespoke synch service of their own. (1/3) <a href="https://toad.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwords</a> <a href="https://toad.social/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a> <a href="https://toad.social/tags/Strongbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Strongbox</a>

🆘Bill Cole 🇺🇦3. Runs on macOS and iOS, licensed per-platform not per-device. License is shareable across 6 devices via Apple Family Sharing. Vaults can be shared freely amongst any number of KeePass-compatible programs on any platform. 4. SBP itself only runs on iOS and macOS, but its vault files are usable by any KeePass-compatible tool. 5. Exports as CSV or KeePass. Imports from KeePass, 1Pass, LastPass, iCloud Keychain (via exported CSV) and others. (2/3)<a href="https://toad.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwords</a> <a href="https://toad.social/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a> <a href="https://toad.social/tags/Strongbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Strongbox</a>

🆘Bill Cole 🇺🇦I don't have a solution for all of those precise specifics but I've seen so many similar queries that I had to get the urge to answer out of my system... A 🧵about <a href="https://toad.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passwords</a> <a href="https://toad.social/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a> <a href="https://toad.social/tags/Strongbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Strongbox</a>If one is mostly on Apple devices trying to avoid storing your secrets on other people's storage while sharing them between your own and maybe other devices, the StrongboxPro password manager provides answers for me: <a href="https://mk.absturztau.be/notes/a6gnynjjzuda01zb" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mk.absturztau.be/notes/a6gnynjjzuda01zb</a>

TutaThe <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://mastodon.social/tags/Trinity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Trinity</a> - spotted at <a href="https://fosstodon.org/@bitwarden" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bitwarden</a> explains how to secure your accounts with 2FA:👉 <a href="https://bitwarden.com/resources/presentations/the-triangle-of-security-success/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://bitwarden.com/resources/presentations/the-triangle-of-security-success/</a>And rightly so: Because <a href="https://mastodon.social/tags/encrypted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#encrypted</a> email get even more secure with <a href="https://mastodon.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> and <a href="https://mastodon.social/tags/passwordmanagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordmanagers</a> 💪Check out our top 3: <a href="https://tuta.com/blog/best-password-manager" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://tuta.com/blog/best-password-manager</a>

Bob Carver<a href="https://thehackernews.com/2025/01/farewell-to-fallen-cybersecurity-stars.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thehackernews.com/2025/01/farewell-to-fallen-cybersecurity-stars.html</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> <a href="https://infosec.exchange/tags/Antivirus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Antivirus</a> <a href="https://infosec.exchange/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VPN</a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a>

Erik van Straten<a href="https://fosstodon.org/@lil5" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@lil5</a> : passwords *do* prevent phishing on Android and iOS/iPadOS if you set up autofill for your password manager and know what to be aware of.Details: <a href="https://infosec.exchange/@ErikvanStraten/113022180851761038" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113022180851761038</a>With Android screenshot: <a href="https://infosec.exchange/@ErikvanStraten/113549056619471557" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113549056619471557</a>BTW passkeys suck: <a href="https://infosec.exchange/@ErikvanStraten/113730072998238596" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.exchange/@ErikvanStraten/113730072998238596</a><a href="https://hex.st/@robin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@robin</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/Autofill" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Autofill</a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a> <a href="https://infosec.exchange/tags/DomainName" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DomainName</a> <a href="https://infosec.exchange/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> <a href="https://infosec.exchange/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WebAuthn</a> <a href="https://infosec.exchange/tags/Keepassium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Keepassium</a> <a href="https://infosec.exchange/tags/KeePassDX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KeePassDX</a> <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManager</a>

GillingerCan anyone please recommend to me a good free password manager for Android? I was using Bitwarden but it's a bit clunky. Thanks.<a href="https://mas.to/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://mas.to/tags/passwordmanagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordmanagers</a> <a href="https://mas.to/tags/android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#android</a>

frankie (auto-rebootable)<a href="https://fosstodon.org/@Nujtag" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Nujtag</a> as promised, a comparison/review of proton pass and bitwarden :blobcatgiggle: <ul><li>Bitwarden is well-established with extensive features, while Proton Pass a newer player offers a polished user experience within the Proton ecosystem.</li><li>Proton Pass has a more refined UI/UX, whereas Bitwarden focuses on functionality.</li><li>Bitwarden offers more organizational tools (folders, multiple organizations), while Proton Pass allows multiple vaults.</li><li>Bitwarden provides more versatile password generation options and password history.</li><li>Both offer secure sharing, but Bitwarden has more free options.</li><li>Both support 2FA, passkeys, and maintain high security standards.</li><li>Proton Pass offers unique features like email aliases and AI-powered security (paid).</li><li>Bitwarden is more affordable, while Proton Pass integrates well with other Proton services.</li></ul>my conclusion is that for a basic user, bitwarden is well and good. a lot of proton pass's features are paywalled. but if you're already into the proton ecosystem, you might as well use it 🤷 <a href="https://infosec.exchange/tags/Bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bitwarden</a> <a href="https://infosec.exchange/tags/ProtonPass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ProtonPass</a> <a href="https://infosec.exchange/tags/Proton" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Proton</a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://infosec.exchange/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a> <a href="https://infosec.exchange/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FOSS</a>

wilhelmCan't say I am surprised, but seems <a href="https://fedia.social/tags/Bitwarden" rel="nofollow noopener noreferrer" target="_blank">#Bitwarden</a> is moving away from <a href="https://fedia.social/tags/OpenSource" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> as per <a href="https://github.com/bitwarden/clients/issues/11611" rel="nofollow noopener noreferrer" target="_blank">github.com/bitwarden/clients/issues/11611</a> Glad I never jumped that train and went with <a href="https://fosstodon.org/@keepassxc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@keepassxc</a> instead, when leaving the <a href="https://fedia.social/tags/1Password" rel="nofollow noopener noreferrer" target="_blank">#1Password</a> enshittification train, with which I am very happy. Any project with <a href="https://fedia.social/tags/VentureCapital" rel="nofollow noopener noreferrer" target="_blank">#VentureCapital</a> involved is a warning flag. I have seen so many nice software projects go down the <a href="https://fedia.social/tags/enshittification" rel="nofollow noopener noreferrer" target="_blank">#enshittification</a> path, it's not even funny. <a href="https://fedia.social/tags/passwordmanager" rel="nofollow noopener noreferrer" target="_blank">#passwordmanager</a> <a href="https://fedia.social/tags/passwordmanagers" rel="nofollow noopener noreferrer" target="_blank">#passwordmanagers</a> <a href="https://fedia.social/tags/keepass" rel="nofollow noopener noreferrer" target="_blank">#keepass</a> <a href="https://fedia.social/tags/keepassxc" rel="nofollow noopener noreferrer" target="_blank">#keepassxc</a>

Marcus "MajorLinux" SummersFinally I can merge all my keys!You'll soon be able to safely and easily move your passkeys between password managers <a href="https://www.engadget.com/cybersecurity/youll-soon-be-able-to-safely-and-easily-move-your-passkeys-between-password-managers-161025573.html?src=rss" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.engadget.com/cybersecurity/youll-soon-be-able-to-safely-and-easily-move-your-passkeys-between-password-managers-161025573.html?src=rss</a><a href="https://toot.majorshouse.com/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Passkeys</a> <a href="https://toot.majorshouse.com/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://toot.majorshouse.com/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://toot.majorshouse.com/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tech</a>

GÉANTYour email can be used to both reset and recover access to all other services, so it's extremely important to use a strong and memorable <a href="https://mstdn.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> for it.David Heed ( <a href="https://social.sunet.se/@sunet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@sunet</a> ) joins our <a href="https://mstdn.social/tags/CyberSecMonth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecMonth</a> campaign, sharing some tips about <a href="https://mstdn.social/tags/PasswordSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordSecurity</a>.🔗 <a href="https://connect.geant.org/csm24" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://connect.geant.org/csm24</a><a href="https://mastodon.social/@nordunet" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nordunet</a> <a href="https://mstdn.social/tags/CSM24" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CSM24</a> <a href="https://mstdn.social/tags/CyberSecurityAwareness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityAwareness</a> <a href="https://mstdn.social/tags/Research" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Research</a> <a href="https://mstdn.social/tags/Education" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Education</a> <a href="https://mstdn.social/tags/NRENs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NRENs</a> <a href="https://mstdn.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://mstdn.social/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManagers</a>

Victoria (K8VSY) (she/her)What does your password manager set up look like?<a href="https://mastodon.radio/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://mastodon.radio/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwords</a> <a href="https://mastodon.radio/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.radio/tags/passwordmanager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordmanager</a> <a href="https://mastodon.radio/tags/passwordsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordsecurity</a> <a href="https://mastodon.radio/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passkey</a> <a href="https://mastodon.radio/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> <a href="https://mastodon.radio/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MFA</a> <a href="https://mastodon.radio/tags/passwordmanagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordmanagers</a> <a href="https://mastodon.radio/tags/passwordless" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordless</a> <a href="https://mastodon.radio/tags/Lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lastpass</a> <a href="https://mastodon.radio/tags/Keepass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Keepass</a> <a href="https://mastodon.radio/tags/KeepassXC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KeepassXC</a> <a href="https://mastodon.radio/tags/ProtonPass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ProtonPass</a> <a href="https://mastodon.radio/tags/1password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#1password</a> <a href="https://mastodon.radio/tags/bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bitwarden</a> <a href="https://mastodon.radio/tags/secure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secure</a> <a href="https://mastodon.radio/tags/securityawareness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityawareness</a> <a href="https://mastodon.radio/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloud</a> <a href="https://mastodon.radio/tags/cloudstorage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudstorage</a>

A répondu dans un fil de discussion

**Erik van Straten** @ErikvanStraten@infosec.exchange · 25 août 2024

25 août 2024

Erik van Straten @ErikvanStraten@infosec.exchange

W.r.t. password managers (pw mgrs):

1) Make sure that you *NEVER* forget your master password.

2) Make an *OFFLINE* backup of the (encrypted) pw database after each modification. For example, rotate between multiple USB storage media.

3) Use a pw mgr that can generate strong (random, long, unguessable) passwords. Use that functionality to generate a unique pw for each account.

LAST BUT NOT LEAST
4) At least on mobile devices, configure the OS and pw mgr to locate your credentials *automatically* based on the domain name of the website you're visiting (using "autofill", which lets the OS pass the domain name –as used by the browser– to the pw mgr).

EXAMPLE WHY
If you receive an email (with SPF, DKIM and DMARC all fine) from:

whomever@circle-ci.com

that instructs you to revalidate your 2FA settings in, e.g.:

https:⧸⧸circle-ci.com/revalidate

Then a properly configured pw mgr will not come up with ANYTHING - because the record is for (without the dash):

https:⧸⧸circleci.com

The deja vu after the 2022 attack (https://github.blog/news-insights/company-news/security-alert-new-phishing-campaign-targets-github-users/), described in https://discuss.circleci.com/t/circleci-security-alert-warning-fraudulent-website-impersonating-circleci/50899, is still alive and kicking since March this year (see https://crt.sh/?q=circle-ci.com and https://www.virustotal.com/gui/domain/circle-ci.com/detection). The fake site even looks better than the original one (I don't know whether it is actually malicious, or will just warn users who attempt to log in).

NOTE: if your pw mgr does not find a matching record in the pw mgr database, do NOT manually locate the "circleci.com" record. If you do: do NOT autofill or copy/paste your credentials for https:⧸⧸circleci.com to https:⧸⧸circle-ci.com! Using those creds, the fake site may immediately log in to the authentic website AS YOU - pwning your account.

WHAT I'M USING
I'm using KeePassium on iOS and KeePassDX on Android; they work just fine (disclaimer: I'm not in any way related to their authors, and do no warrant their reliability).

@steelefortress

The GitHub Blog · 21 sept. 2022Security alert: new phishing campaign targets GitHub usersOn September 16, GitHub Security learned that threat actors were targeting GitHub users with a phishing campaign by impersonating CircleCI to harvest user credentials and two-factor codes. While GitHub itself was not affected, the campaign has impacted many victim organizations.

#Passwords #PasswordManagers #PasswordManager