For me it’s the paranoia surrounding webcams. People outright refuse to own one and I understand, until they go on and on about how they’re being spied. Here’s the secret - unplug the damn thing when you think you won’t use it or haven’t used it in a while.

They, whoever it is, can’t really spy on you on something that’s already off and unplugged!

  • superkret@feddit.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 months ago

    Rebooting your PC really does fix a lot of issues.

    But in Windows, you have to go to a sub-sub-sub-menu of the old control panel, click on a button called “choose what closing the lid does”, then on “change settings that are currently unavailable” and then disable “fast startup (recommended)”, just to get your pc to reboot properly.

    • seaQueue@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Here’s an even easier hack than all of that :effort:

      Just hold the power button down for about 10 seconds, ez-pz

      • tehmics@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        I prefer yanking the cord out while furmark, prime95 and a full delete 0 write on the spinning disks is going.

      • DokPsy@infosec.pub
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        I like to call that the “putting a pillow over its face” method of rebooting. Reserved for when even a shutdown /r /t 0 doesn’t work

    • blandfordforever@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Hold shift while you click start and shutdown (or reboot) when necessary. This will have windows do a full shutdown instead of a hybrid shutdown.

  • averyminya@beehaw.org
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    SFTP file transfers, I’m guilty of forgetting about it myself sometimes.

    Whether it’s Syncthing for keeping device data synced and backed up, or just wanting to get a file from point A to point B and using your preferred SFTP client like FileZilla, it can be really easy to forget just how easy these are.

    • Elise@beehaw.org
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      I’m currently trying sync thing. It gets the job done but it confuses me a lot. Like you say sftp is just so much more straight forward.

      And you can probably hook that up into your file system, making it super convenient.

      • averyminya@beehaw.org
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        I can try and help a bit with Syncthing, it’s got a couple idiosyncrasies that I feel like I’ve come to understand.

        Which aspect of it is troubling?

        • Elise@beehaw.org
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          Well, one device says it’s syncing, but the other doesn’t. Or it just doesn’t detect changes even after restarting it. In the end it somehow works but the UI feels finicky.

          If I use USB, scp or sftp or something it just feels straight forward. I say x and it does x or I get an error. With syncthing all that is hidden and it’s confusing.

          I also once had an error on a specific folder. I tried deleting and adding it again, but it was still broken. I searched online and it might be because I deleted a hidden folder. I occasionally delete stuff I don’t know. And it wasn’t able to recover from that or provide a proper error message.

          All in all I think I’ll keep using it and banging my head against the wall until it works for me. It could definitely use some UI/UX touchups.

          • averyminya@beehaw.org
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            That sounds similar to the issue I ran into, Syncthing will create a .st-ignore text file (can’t remember the actual name) that links the device folders together. When I’ve deleted that I’ve encountered similar confusion and problems trying to get new folders running.

            If you have Android clients, I’ve found Syncthing-Fork to be slightly better for the initial setup.

            What I’ll tend to do when I have problems is remove each folder I’ve set up in Syncthing from both devices, then I’ll usually create a new folder path for my purposes. If I’ve already set up when I’m trying to accomplish then I will either rename it (sometimes it helps) or just try from the beginning again.

            For example, I want my tablet to get videos from my phone and my PC, and I want these files backed up in general. So on my phone I create /Send-to-PC and on my tablet I create /Receive-from-PC. Either the host or the client can initiate the synced connection for the first time setup, so it’s just a matter of naming the Syncthing Label (such as a comment descriptor about the folder, like Media), setting the folder path within the client device (on android this might be /storage/SD-Card-ID/MediaFolder) and then choosing which devices will be connected to this label (usually via a tick-box with the Host or Client name). This is usually it, but you do have the option to set Folder Type for whether you only want to send, only receive, or send and receive, as well as Watch for Changes.

            These last two may also be part of what you are noticing too. For example, if you have Watch for Changes disables, you’d have to wait for the scheduled upload, which can save phone battery by not having it sync constantly, but can also prevent syncing quickly when you want it. Or, more likely what you may run into, Send & Receive being the default can result in some odd quirks when you the Host removes an uploaded file to the client. All of the sudden your project file is vanished! This happens to me from time to time, as I’ll upload a video I want to edit on my tablet, then I’ll move/delete it since I’m in the process of editing, only to remember that Send & Receive makes it so that the client also moves it from the shared folder.

            Anyway this probably isn’t very helpful, but hopefully seeing a tired rundown of how someone else uses it gives you an idea of what may be happening on your end!

            • Elise@beehaw.org
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              3 months ago

              😵‍💫

              I’ll probably end up configuring a virtual file system instead

  • nerdschleife@lemm.ee
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    Wires:

    • Ethernet over WiFi for non portable desktops
    • Audio gear : wired will sound better. Bluetooth headphones have batteries that almost certainly aren’t repairable.
    • Peripherals, in the sane vein. I just don’t get having to charge a keyboard or mouse that sits on my desk all day.
    • maxprime@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      I agree with everything except a wireless mouse. I have a magnetic usb “nub” that plugs into the mouse so when I need to charge it every couple of weeks it’s as simple as moving the mouse near enough the magnetic cable and it pops into place.

      For me, the benefits of a wireless mouse far outweigh the imperceptible-to-me lag from the 2.4ghz dongle 10cm away in clear view. The only downside I can see is the weight of the battery, but I’m not a competitive FPS player so I’m good.

      • tehmics@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        I like wireless for my laptop, but I’ve never understood the point on my desktop. It’s never going beyond the cable’s length, and the cable has never gotten in the way unless I’m doing extreme motions with a very low sensitivity. And in that case, I am playing competitive fps.

        • subtext@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          I just hate the dragging of the wire on anything that might be in the way. I go wireless for keyboard and mouse whenever possible.

      • Crotaro@beehaw.org
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        But what are the benefits of a wireless mouse? You don’t have to string the cable from the back of your PC to the mousepad, sure, but that’s something you do once a blue moon (unless you often go to LAN partys (which, in itself, are probably not a thing anymore)). At work, okay, I sometimes get up off my chair and have my company-provided wireless mouse on my leg to keep scrolling while I read through legal documents, but that’s a rare use case, too, no?

        • maxprime@lemmy.ml
          link
          fedilink
          arrow-up
          0
          ·
          2 months ago

          I don’t like the feeling of the cable dragging on the desk. Or the cable snagging on the monitor stand, or anything else on the desk.

          I also prefer the aesthetics of a wireless mouse. One less cable to manage. The charge cable is tucked away and only comes out every week or so to charge overnight.

          Yeah, my keyboard has a cable but my keyboard doesn’t move, and it’s a pretty sexy (and heavy) cable so it’s different than a mouse cable.

          As for latency, from what I understand in many cases a wireless mouse can have less latency than some wired mice. So that’s nice too.

          I guess the main downside is weight but that has never bothered me. That said, I’m not a competitive fps player, but even so some wireless mice are quite light.

          • Crotaro@beehaw.org
            link
            fedilink
            arrow-up
            0
            ·
            2 months ago

            Fair points you’re making there!

            I guess it never bothered me enough to have even crossed my mind.

            I need to look into the latency thing. From my limited knowledge it makes no sense that a wireless mouse could have better latency than a wired one. Unless the wire is made of something barely conductive to electricity and the wireless works with stupidly fast transmission tech, I guess o.o

            • maxprime@lemmy.ml
              link
              fedilink
              arrow-up
              0
              ·
              2 months ago

              https://youtu.be/yy0xmcBg_IY

              Great review of several high end mice, wired and wireless. He found no correlation between wires and latency. Ultimately, he concludes that the most important properties of the mouse are weight and feel.

    • ChaoticNeutralCzech@feddit.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      3 months ago

      I have Bluetooth earbuds that crack open when they hit a hard surface (have surviveed so far) and the battery is a little Li-Ion pouch on soldered wires. They probably don’t last as long as sealed ones of the same size but it’s very easy to find and install a replacement battery. Just check disassembly guides before buying.

    • EveryMuffinIsNowEncrypted@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      3 months ago

      The fuck is “Ethernet over WiFi”. Isn’t ethernet by definition wired? If it’s x over WiFi, isn’t that just WiFi with extra steps?

       


      Edit: I see from other comments they mean “preferable compared to”, not “used atop of”.

      • azuth@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Ethernet over WiFi is WiFi. Ethernet is a protocol not the cables and its used with wired networks and WiFi.

          • azuth@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            0
            ·
            3 months ago

            It appears I either misunderstood or misremembered what I read.

            It probably referred to MAC addresses being reused on WiFi. However the frames used are not Ethernet frames.

            Ethernet however is not restricted to twisted pair cat cables it’s on fiber and originally was on co-axial.

    • Ep1cFac3pa1m@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      I second all of your statements. I don’t care if my Apple TV is on WiFi, but my gaming desktop is most definitely hooked to an Ethernet cable. I also use a wired keyboard and mouse on it, but I’ll admit I have a cheap wireless keyboard and mouse for my work laptop because I didn’t want to deal with another set of cables on the same desk, and I can’t think of a good solution for both machines to share the same keyboard and mouse without having to switch the cables between them all the time.

        • Ep1cFac3pa1m@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          KVM switch looks like it could work, since I don’t want to switch a USB switch and then still have to switch monitor input. Just need to find one with both an HDMI input and a DP input.

      • curbstickle@lemmy.dbzer0.com
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        Windows? Mouse without borders

        Linux/Mac/mix of that and windows? Barrier.

        If, of course, you can install things on your work laptop.

    • davel@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      Ethernet over WiFi for non portable desktops

      Wi-Fi basically is wireless Ethernet, so I don’t know what “Ethernet over WiFi” is supposed to mean, and I don’t know what problem is being solved nor what solution is being proposed.

    • Sonori@beehaw.org
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      While I’ve only used one or two types of bluetooth headphones, i’ve never hand any trouble replacing the battery with them. The cups just snap out and then you unplug the lithium cell and plug a new one it, at least in my experience, so that may just have been a thing with the model you got.

  • darvit@lemmy.darvit.nl
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    An ad blocker, on desktop and phone.

    It blocks annoying ads and also protects you against malware (malvertisement).

    • PlexSheep@infosec.pub
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      And please just enable blocking cookies and annoyances in unlock origin. It has filters that can be enabled, and you’ll never see a cookie banner again.

  • Elise@beehaw.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 months ago

    You don’t need a fancy computer. There’s endless amazing games and they run on a potato. I was just starting Bayonetta and my machine doesn’t even spin up. But it does when I open Firefox or my note taking program 🤷🏻‍♀️

    Just keep it away from unsafe networks cuz it’ll have vulnerabilities.

      • slacktoid@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Awk is a helps you do any kind of processing of semi structured text data.

        Sed is a stream editor which lets you edit a file using commands. Which is tedious until you need to replace something in a bunch if files or make very specific edits across a large number of files.

        Grep is just find pattern in text file.

    • OneMeaningManyNames@lemmy.ml
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      You might have a different type of person in mind than other commenters. Most commenters had such people in mind who won’t install a password manager or an ad-blocker, or won’t hard reboot their Windows unless supervised. Having said that, I don’t think that even if you had technical people in mind this fits the question. They tend to take substantial more effort to learn and use effectively than the scope set by the original question. I thought this question was for little things that have a quick, lasting, and substantial effect. Learning awk and sed is a different thing entirely, I think of those more as productivity tools you can invest in mastering, and pay off in the long run.

  • spizzat2@lemm.ee
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 months ago

    That assumes you can unplug it. Most devices I own have the camera built right into the device, and it can sometimes be hard to find an option that doesn’t include it. I have a Webcam cover on my desktop and laptop.

    I haven’t seen one that would work for my phone, but if someone has hacked my phone, I probably have bigger issues.

    • EveryMuffinIsNowEncrypted@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      Is it a monitor provided by your workplace? If not, well, it’s not that hard to find a monitor without a built-in camera. I found one easily enough for my gaming desktop… Unless the monitor market has dramatically changed since 2019-ish…

    • Moonguide@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      That, and most people don’t know how to disable the device from their device manager.

  • kamen@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Saving a picture and posting it somewhere.

    I see people making screenshots of their whole phone’s screen and posting them just to show a picture. In reality, maybe 90% of the time, if you see a picture on the screen of your phone, you can save that picture, with no pointless information around it, no black bars and so on. Even if that’s not possible, Android for example has been doing something from the recent apps screen that lets you extract a picture from an app’s screen - and that’s arguably even easier than doing a screenshot.

  • Hexagon@feddit.it
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    Password managers. People will use anything but that: paper, notes app (without any security), using the same password everywhere…

    • ClassifiedPancake@discuss.tchncs.de
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      I keep trying to convince my parents. Then they say but what if I forget the master password? I say they won’t with a passphrase but they don’t believe me.

      Also I don’t have experience with PW managers other than 1Password, Bitwarden and Roboform. I personally didn’t like Bitwarden. I think it’s UI is janky and oldschool. Roboform is so bad I don’t even know where to start complaining. So I keep using 1Password even though the UI has been getting worse but it still works for me because of the good integration into the Apple ecosystem. But it’s rather expensive for managing the 20 something passwords my parents have. I read about breaches on other PWMs sometimes so I don’t really know what to trust and recommend.

      • pr06lefs@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        Keepassxc works fairly well for me, with a few quirks. Don’t know how it is on apple though.

      • hanabatake@lemmy.ml
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        Show them you can export the passwords and print them. It will help them to make the switch to know they cannot lose everything because it is on paper. It is what helped my parents

      • scarilog@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        Set my family up with Bitwarden. Had them think up good passwords, told them not to tell me, etc. etc. they went and promptly forgot it.

        One of these days I’m going to set them up again but this time I’m going to have to save their master passwords on my account.

    • jonwyattphillips@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      Eh, I don’t trust any 3rd party enough to give them all my passwords and I don’t trust myself enough to secure a server for self hosting a password manager.

      I know all my passwords, can’t forget em, no paper or notes, no repeat passwords.

      • Grunt4019@lemm.ee
        link
        fedilink
        arrow-up
        0
        ·
        3 months ago

        If you know all your passwords and can’t forget them, I’m assuming your using some sort of pattern to remember them in which case you have a major issue in case of data breaches as your other passwords can be guessed.

        • bitfucker@programming.dev
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          Just as a heads up, sometimes the pattern is not that easy for computer to brute force. As an example, my old password contains a birth date but with an alternating shift making them a combination of digit and symbol.

          • cynar@lemmy.world
            link
            fedilink
            English
            arrow-up
            0
            ·
            3 months ago

            The issue is if you are a) targeted, and b)involved in multiple breaches. If they can get the pattern, they potentially get everything.

            Is it worth it? That depends. Are you willing to risk it NOT being worth it to a random guy in Africa earning a few $ a day?

      • EveryMuffinIsNowEncrypted@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        0
        ·
        edit-2
        3 months ago

        Fucking THANK YOU.

        A very good friend of mine doesn’t use any password manager. I’ve often in the past told them why don’t they? They argue that then all their passwords would be gone if they forget that one master password. Okay, I say, how the fuck is having to remember 1 password harder than having to remember 20 passwords?

        • subtext@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          Any good password manager nowadays also has an account takeover feature if you opt in. Basically your spouse / child / parent can take over your account to recover it for you if you can’t get in.

        • halfapage@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          3 months ago

          Yes, and personally I use syncthing to sync newest file to all devices when they connect to my home network.

        • HelixDab2@lemm.ee
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          Technically you could use PGP to encrypt a .txt file with all your passwords in it. Which would be more or less the same thing with a lot less polish to it.

            • HelixDab2@lemm.ee
              link
              fedilink
              arrow-up
              0
              ·
              3 months ago

              PGP is ‘pretty good privacy’; it’s an encryption standard. It’s not the best, but it’s fairly easy to use, and it going to resist decryption pretty well, for most use-cases. The idea is that you have a public key, and a private key. The public key allows messages to be encrypted, while your private key allows decryption.

          • communism@lemmy.ml
            link
            fedilink
            arrow-up
            0
            ·
            3 months ago

            I looked it up for you; you can export your Proton Pass database as a .csv file and then import it into KeePass. Not sure about KeePassDX but on XC, there’s a csv import option. There’s also a json import option but it says BitWarden for that so I’m not sure if the json Proton Pass exports is in the same structure as KeePassXC expects.

            • Wild Bill@midwest.social
              link
              fedilink
              arrow-up
              0
              ·
              3 months ago

              Thanks for the answer! Another question: does saving the data on KeepassDX keep all the passwords and such for me to import to other apps if needed? Or what does the file include?

              • communism@lemmy.ml
                link
                fedilink
                arrow-up
                0
                ·
                3 months ago

                You can export as csv, html, xml from KeePassXC. Dunno about DX but you can just try it on your desktop if it’s not an option on mobile.

                You know I’m looking up all these answers right? I don’t mean to be rude but you can and should just look these up yourself. You can check import and export options by opening keepassxc/keepassdx and checking for yourself

                • Wild Bill@midwest.social
                  link
                  fedilink
                  arrow-up
                  0
                  ·
                  3 months ago

                  Yeah, you’re right. Sorry, I definitely have a tendency to treat Lemmy as a search engine sometimes. Nonetheless I appreciate you answering me!

    • absGeekNZ@lemmy.nz
      link
      fedilink
      English
      arrow-up
      0
      ·
      3 months ago

      Came to say this exact thing.

      FFS I have 100’s of passwords saved in my keepass DB, they are all different.

      Passwords will only autofill on the correct site, so look alike sites are captured by that simple bit of security.

    • amelia@feddit.org
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      I keep telling myself I need to start using a password manager but I’m worried I won’t be able to log into things on my phone or other devices like my work computer when I need to because I don’t know the password. Is that a legitimate worry or is there a solution for this? How do you sync passwords between computer and phone?

      • WhyJiffie@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Which does not solve the webcam’s mic, which (to me) is a bigger issue because it does not only record who’s in the from of the machine, but also the whole surrounding area.

  • ssm@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    3 months ago

    I call this one forbidden knowledge because I see it so little in public, but I’m sure it’s well known in privacy communities: A password like “I have this really secure password that I type into computers sometimes” is a much stronger and easier to memorize password than “aB69$@m”. It seems more often than not I find networks where the SSID is a better password than the WPA key.

    • cmfhsu@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      3 months ago

      I agree - I do use passphrases in some critical cases which I don’t want to store in a password manager.

      However, I believe passphrases are theoretically more susceptible to sophisticated dictionary type attacks, but you can easily mitigate it by using some less-common 1337speak character replacements.

      Highly recommend a password manager though - it’s much easier to remember one or two complex master keyring passwords & the random generated passwords will easily satisfy any application’s complexity requirements.

      • Random Dent@lemmy.ml
        link
        fedilink
        English
        arrow-up
        0
        ·
        3 months ago

        Yeah that’s basically what I do, I know the passphrase to decrypt my drive, and the one to open Bitwarden and then I basically let that just handle everything else.

        Oh and the sudo one I guess.

    • kambusha@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      I agree but I think the problem is that some apps/sites have strict password requirements, which usually includes adding upper-case, symbols, numbers, and then limits the length even sometimes…

      • Don_alForno@feddit.org
        link
        fedilink
        Deutsch
        arrow-up
        0
        ·
        3 months ago

        Which is funny because those strict rules reduce the number of combinations an attacker has to guess from, thereby reducing security.

        • cmfhsu@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          3 months ago

          Provably false. That’s only true if the rules specify some really wacky requirements which I haven’t seen anywhere except in that one game about making a password.

          Think about it this way. If you have a password of maximum length two which only accepts lowercase letters, you have 26 choices for the first character & 26 for the next. Each of the 26 characters in the first spot can be combined with any of the 26 characters in the second spot, so 26 * 26 = 676 possible passwords.

          By adding uppercase letters (for a total of 52 characters to choose from), you get 52 * 52 = 2704 possible passwords. It increases significantly if you increase the length beyond two or can have more than just upper & lowercase letters.

          Computers have gotten so efficient at generating & validating passwords that you can try tens of thousands of passwords in a minute, exhausting every possible two-letter password in seconds starting with aa and ending with ZZ.

          The only way you would decrease the number of possible passwords is if you specified that the character in a particular spot had to be uppercase, but I’ve never seen a password picker say “your fourth character must be a lowercase letter”.

          • Don_alForno@feddit.org
            link
            fedilink
            Deutsch
            arrow-up
            0
            ·
            edit-2
            3 months ago

            By adding uppercase letters (for a total of 52 characters to choose from), you get 52 * 52 = 2704 possible passwords.

            You don’t add them, you enforce at least one. That eliminates all combinations without upper case letters.

            So, without this rule you would indeed have the 52x52 possible passwords, but with it you have (52x52)-(26x26) possible passwords (the second bracket is all combinations of 2 lowercase letters), which is obviously less.

            The only way you would decrease the number of possible passwords is if you specified that the character in a particular spot had to be uppercase

            Wrong. In your example, for any given try, if you have put a lowercase letter in spot 1, you don’t need to try any lowercase in spot 2.

            Any information you give the attacker eliminates possible combinations.

            • cmfhsu@lemmy.world
              link
              fedilink
              arrow-up
              0
              ·
              edit-2
              3 months ago

              I think I’m confused on your point.

              I interpreted your statement to mean “adding a requirement for certain types of characters will decrease the number of possible passwords compared to no requirements at all”, which is false. Even in your example above, with only two letters, no numbers / special characters allowed, requiring a capital letter decreases the possibilities back to the original 676 possible passwords - not less.

              Perhaps you’re trying to say that passwords should all require certain complexity, but without broadcasting the password requirements publicly? I suppose that’s a valid point, but I don’t think the tradeoff of time required to make that secure is worth the literal .000001% (I think I did the math right) improvement in security.

              • Don_alForno@feddit.org
                link
                fedilink
                Deutsch
                arrow-up
                0
                ·
                3 months ago

                Even in your example above, with only two letters, no numbers / special characters allowed, requiring a capital letter decreases the possibilities back to the original 676 possible passwords - not less.

                No it doesn’t. It reduces the possibilities to less than the 52x52 possibilities that would exist if you allowed all possible combinations of upper and lower case letters.

                You are confused because you only see the two options of enforcing or not allowing certain characters. All characters need to be allowed but none should be enforced. That maximizes the number of possible combinations.

                that passwords should all require certain complexity, but without broadcasting the password requirements publicly?

                No, because that’s still the same. An attacker can find out the rules by creating accounts and testing.

        • cmfhsu@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          At one point, Charles Schwab allowed a password of infinite length, but SILENTLY TRUNCATED ALL PASSWORDS TO 8 DIGITS.

          This is something I sent a few angry emails about wherever I could find an opportunity.

        • kamen@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          3 months ago

          Sketchy indeed. I’ve seen this as well, and the redeeming thing about it is that you’re locked out after 3 unsuccessful login attempts - so no matter how easy bruteforcing would be, there’s a safety catch deal with this.

    • pinjure@lemmy.ml
      link
      fedilink
      Esperanto
      arrow-up
      0
      ·
      3 months ago

      the SSID is a better password than the WPA key

      This is an insult I am definitely saving for later

  • cynar@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    3 months ago

    Even if you don’t use it as a password manager, bitwarden has an excellent pass phrase generator. The only annoyance is when I run into maximum password lengths at times.

    • BenchpressMuyDebil@szmer.info
      link
      fedilink
      arrow-up
      0
      ·
      3 months ago

      The generated password lenghts can be set in the UI at least. It’s worse when the password form accepts only SOME special symbols (looking at you bank)

  • utopiah@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    3 months ago

    If you don’t have your files on another physical location you can show me, you don’t have a backup, you don’t own your files, you basically give your “digital life” to someone else.