Verifpro.net - paypal, ebay, banks, crypto, docs and more!
Started by Lothar Scholz
on 1/11/2023
Lothar Scholz
1/11/2023 4:46 pm
Verifpro.net - paypal, ebay, stripe, banks, crypto, docs and more!
Follow channel https://t.me/Verifpro_accounts to get more info
Follow channel https://t.me/Verifpro_accounts to get more info
satis
1/11/2023 5:21 pm
Hmm, if you Google verifpro you see this spam all over the net over the last 24 hours.
Franz Grieser
1/11/2023 5:32 pm
Hola Lothar.
Is that really you? And why do you post a dubious link to a topic that's not directly relevant for this forum?
Is that really you? And why do you post a dubious link to a topic that's not directly relevant for this forum?
Dellu
1/12/2023 9:18 am
Franz Grieser wrote:
Hola Lothar.
Is that really you? And why do you post a dubious link to a topic that's
not directly relevant for this forum?
Exactly!
It is the first time I have seen a respectable member of this community post spammy stuff here.
Amontillado
1/12/2023 12:50 pm
Could be time to switch from LastPass and update passwords! :-)
Seriously, if any are still using LastPass, please consider all your passwords compromised from their recent breaches.
My employer loves LastPass and it makes me a little ill. Only passwords and notes are encrypted. Usernames, URL's, all other fields are stored in plaintext.
When hackers recently downloaded every user vault in LastPass, they got all that.
Mac Keychain is apparently secure. I use something called pwSafe. KeePass for Windows and Mac is probably very secure. There is a clipboard leak in the Linux versions because KeePass uses a Linux library that logs clipboard entries (bad choice by KeePass).
Be safe, all.
Seriously, if any are still using LastPass, please consider all your passwords compromised from their recent breaches.
My employer loves LastPass and it makes me a little ill. Only passwords and notes are encrypted. Usernames, URL's, all other fields are stored in plaintext.
When hackers recently downloaded every user vault in LastPass, they got all that.
Mac Keychain is apparently secure. I use something called pwSafe. KeePass for Windows and Mac is probably very secure. There is a clipboard leak in the Linux versions because KeePass uses a Linux library that logs clipboard entries (bad choice by KeePass).
Be safe, all.
bartb
1/13/2023 6:36 pm
Regarding LastPass: I highly recommend the following article - good overview and recommendations:
https://danielmiessler.com/blog/my-philosophy-and-recommendations-around-the-lastpass-breaches/
Heads-up LastPass users !!!
https://danielmiessler.com/blog/my-philosophy-and-recommendations-around-the-lastpass-breaches/
Heads-up LastPass users !!!
satis
1/13/2023 10:41 pm
One major problem for longtime LastPass users involves server-derived iterations implemented in turning a master password into an encryption key. It's currently 100,000 iterations, but the default for old accounts was only 5,000, which makes cracking those user vaults more plausible.
And since LastPass has user info, and didn't bother to encrypt URLs in the user vaults(!!!) thieves no doubt have triaged which old account vaults to attempt to crack. According to one report I read, threat actors snagged the following info available from the breach:
- Customer Names
- Company Names
- Email Address
- Billing Address
- Telephone Numbers
- IP addresses from where customers accessed LastPass online
- Website URLs saved in LastPass vaults
- the encrypted vaults
And the only thing old users can do is change all their passwords as quickly as possible.
And since LastPass has user info, and didn't bother to encrypt URLs in the user vaults(!!!) thieves no doubt have triaged which old account vaults to attempt to crack. According to one report I read, threat actors snagged the following info available from the breach:
- Customer Names
- Company Names
- Email Address
- Billing Address
- Telephone Numbers
- IP addresses from where customers accessed LastPass online
- Website URLs saved in LastPass vaults
- the encrypted vaults
And the only thing old users can do is change all their passwords as quickly as possible.
Daly de Gagne
1/14/2023 7:16 pm
Hi Dellu, I doubt very much it was Lothar. The last post of his to this group, according to a search, was in 2021.
It is, unfortunately, easy to take over a person's email and to use it to post spam to groups that person may have belonged to.
Daly
Dellu wrote:
It is, unfortunately, easy to take over a person's email and to use it to post spam to groups that person may have belonged to.
Daly
Dellu wrote:
Franz Grieser wrote:
Hola Lothar.
>
>Is that really you? And why do you post a dubious link to a topic
that's
>not directly relevant for this forum?
Exactly!
It is the first time I have seen a respectable member of this community
post spammy stuff here.
Amontillado
1/14/2023 10:56 pm
I stand corrected on one point. I thought LastPass didn't encrypt usernames.
I remain negatively enthusiastic about LastPass. It's OK. I tend to be out of step.
I remain negatively enthusiastic about LastPass. It's OK. I tend to be out of step.
Dellu
1/15/2023 5:51 am
I have been a user of LastPass for the last many years. I kept on using it, even a number of reports of breach, due to its convenience.
All the alternatives are either too expensive to, or too much of a hassle.
Bitwaden is the closest best I found; and its auto-fill is inconsistent. It misses over half of the fill forms; specially in the android platform.
All the alternatives are either too expensive to, or too much of a hassle.
Bitwaden is the closest best I found; and its auto-fill is inconsistent. It misses over half of the fill forms; specially in the android platform.
Amontillado
1/15/2023 10:12 pm
KeePass is a good local-file solution under Windows and possibly Mac's.
Linux, not so much. KeePass under Linux uses a library that (stupidly!) logs the contents of the clipboard on auto-clear. If you copy your password to the clipboard, it gets logged _en clair_. Ewww.
Linux, not so much. KeePass under Linux uses a library that (stupidly!) logs the contents of the clipboard on auto-clear. If you copy your password to the clipboard, it gets logged _en clair_. Ewww.
Andy Brice
1/16/2023 12:03 pm
I use KeePass to store passwords on Windows and Mac. I would never trust storing passwords on a third party server.
That's useful to know.
--
Andy Brice
https://www.hyperplan.com
https://www.easydatatransform.com
There is a
clipboard leak in the Linux versions because KeePass uses a Linux
library that logs clipboard entries (bad choice by KeePass).
That's useful to know.
--
Andy Brice
https://www.hyperplan.com
https://www.easydatatransform.com
satis
1/17/2023 3:33 am
I've used 1Password since 2014 or 2014, works seamlessly on MacOS/iOS.
In recent years they added support for Windows, Android, Linux, by building core client Electron app. (As most password apps like BitWarden also do.) It also has access in Web Browser, as well as Command Line tools.
It builds in support for the new Passkey standard, and has integrated masked email creation/management with Fastmail.
https://support.1password.com/fastmail/
I save encrypted pdf scans of important documents in 1Password (1Gb cloud storage per person) too. Very convenient for travel, saving copies of insurance docs, drivers license, passport, etc...
If I didn't need all the features and was willing to live with a somewhat clunkier interface, I'd choose Bitwarden, which is less expensive.
In recent years they added support for Windows, Android, Linux, by building core client Electron app. (As most password apps like BitWarden also do.) It also has access in Web Browser, as well as Command Line tools.
It builds in support for the new Passkey standard, and has integrated masked email creation/management with Fastmail.
https://support.1password.com/fastmail/
I save encrypted pdf scans of important documents in 1Password (1Gb cloud storage per person) too. Very convenient for travel, saving copies of insurance docs, drivers license, passport, etc...
If I didn't need all the features and was willing to live with a somewhat clunkier interface, I'd choose Bitwarden, which is less expensive.
satis
1/17/2023 3:34 am
(2013 or 2014)
Amontillado
1/17/2023 12:37 pm
One of the things that's kept me on LastPass for Windows is the auto-type function, which is reasonably flexible. I use it for filling out some standard web access forms that go beyond username and password - for instance, I have one autotype entry set up to prompt for a hostname and then fill out a web form that asks for connection method, username, password, hostname, and reason for connection. One click, type the host name when prompted, everything's filled out in one shot.
satis
1/18/2023 12:19 am
Amontillado wrote:
One of the things that's kept me on LastPass for Windows is the
auto-type function, which is reasonably flexible.
I know that 1Password has integration with Alfred (hotkeys, keywords, text expansion and more), so I wouldn't be surprised if something similar was available for Windows (about whose functionality with 1P I know nothing).
Generally, I think LastPass has shown itself multiple times now to be lacking in some security procedures. I thought this opinion piece (whose author recommends BitWarden) was interesting:
https://www.theregister.com/2023/01/16/dump_lastpass_bitwarden/
MadaboutDana
1/18/2023 10:46 am
I make do with Apple's own KeyChain nowadays, which is pretty robust.
satis wrote:
satis wrote:
Amontillado wrote:
> One of the things that's kept me on LastPass for Windows is the
>auto-type function, which is reasonably flexible.
I know that 1Password has integration with Alfred (hotkeys, keywords,
text expansion and more), so I wouldn't be surprised if something
similar was available for Windows (about whose functionality with 1P I
know nothing).
Generally, I think LastPass has shown itself multiple times now to be
lacking in some security procedures. I thought this opinion piece (whose
author recommends BitWarden) was interesting:
https://www.theregister.com/2023/01/16/dump_lastpass_bitwarden/
Amontillado
1/18/2023 2:07 pm
Yep, me too - I use PWSafe for things that aren't a good fit for KeyChain, like software keys. There are web sites I've found that can confuse Safari's auto-fill. The manual approach with PWSafe is a quick solution.
MadaboutDana wrote:
MadaboutDana wrote:
I make do with Apple's own KeyChain nowadays, which is pretty robust.
satis wrote:
satis
1/18/2023 5:21 pm
MadaboutDana wrote:
I make do with Apple's own KeyChain nowadays, which is pretty robust.
It's a safe if archaic choice if you restrict your web browsing to Safari. But a good password manager allows you to store passwords for things like FTP sites, other computers/devices, serial numbers and purchase info for software, pdf receipts, credit card and bank info for auto-fill, and more.
Some sites don't do auto-fill login well or at all, and a good password manager makes it much faster to copy/paste than Keychain does.
1Password saves your password history which can be very useful. For example on occasion a site won't accept a changed password because of specific parameters needed and if you used Keychain it'd kill off the old one during Save of the new one, leaving you without your still-valid old password, thus screwing you over.
I don't know if it's still the case, but Keychain used to be unable to deal with multiple URLs on a login entry, so microsoft.com, xbox.com, and live.com (which share the same login information) needed separate entries in keychain.
And good password managers have family password management and sharing. In recent months Apple added the ability to share passwords manually via AirDrop, but tha's clunky.
And 1Password does multi-factor auth transparently, automatically pasting into the clipboard (if authorized) the time-limited token-code.