Zak :1password:<p>Here's your semi-regular reminder that if you work in open source, you and your team can get a 1Password Teams account for free.</p><p><a href="https://github.com/1Password/for-open-source" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/1Password/for-open-</span><span class="invisible">source</span></a></p><p><a href="https://infosec.exchange/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
bolha.us is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a Brazilian IT Community. We love IT/DevOps/Cloud, but we also love to talk about life, the universe, and more. | Nós somos uma comunidade de TI Brasileira, gostamos de Dev/DevOps/Cloud e mais!
Administered by:
Server stats:
253active users
bolha.us: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#passwords
2 posts · 2 participants · 1 post today
OTX Bot<p>CVE-2025-24054, NTLM Exploit in the Wild</p><p>A critical vulnerability, CVE-2025-24054, related to NTLM hash disclosure via spoofing, has been actively exploited since March 19, 2025. The flaw allows attackers to leak NTLM hashes or user passwords using a maliciously crafted .library-ms file, potentially compromising systems. A campaign targeting government and private institutions in Poland and Romania used malspam to distribute Dropbox links containing archives exploiting this vulnerability. The exploit can be triggered with minimal user interaction, such as right-clicking or navigating to the folder containing the malicious file. This vulnerability appears to be a variant of the previously patched CVE-2024-43451, sharing several similarities.</p><p>Pulse ID: 680034fc84efc0751b3bc07d<br>Pulse Link: <a href="https://otx.alienvault.com/pulse/680034fc84efc0751b3bc07d" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">otx.alienvault.com/pulse/68003</span><span class="invisible">4fc84efc0751b3bc07d</span></a> <br>Pulse Author: AlienVault<br>Created: 2025-04-16 22:53:48</p><p>Be advised, this data is unverified and should be considered preliminary. Always do further verification.</p><p><a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://social.raytec.co/tags/Dropbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dropbox</span></a> <a href="https://social.raytec.co/tags/Government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Government</span></a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://social.raytec.co/tags/MalSpam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MalSpam</span></a> <a href="https://social.raytec.co/tags/Nim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nim</span></a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTX</span></a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenThreatExchange</span></a> <a href="https://social.raytec.co/tags/Password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Password</span></a> <a href="https://social.raytec.co/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://social.raytec.co/tags/Poland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Poland</span></a> <a href="https://social.raytec.co/tags/Spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Spam</span></a> <a href="https://social.raytec.co/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://social.raytec.co/tags/Word" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Word</span></a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bot</span></a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AlienVault</span></a></p>
Inautilo<p><a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Techniques" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Techniques</span></a><br>Multi-step logins with password manager support · The problem with email-first logins and how to solve it <a href="https://ilo.im/163at0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ilo.im/163at0</span><span class="invisible"></span></a></p><p>_____<br><a href="https://mastodon.social/tags/Logins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Logins</span></a> <a href="https://mastodon.social/tags/Forms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Forms</span></a> <a href="https://mastodon.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://mastodon.social/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManagers</span></a> <a href="https://mastodon.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://mastodon.social/tags/Accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Accessibility</span></a> <a href="https://mastodon.social/tags/Usability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Usability</span></a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDev</span></a> <a href="https://mastodon.social/tags/Frontend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Frontend</span></a> <a href="https://mastodon.social/tags/HTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTML</span></a></p>
Sean O'Brien<p><span class="h-card" translate="no"><a href="https://mastodon.online/@evangreer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>evangreer</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.fightforthefuture.org/about/more?instance_actor=true" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fightforthefuture.org</span></a></span> <span class="h-card" translate="no"><a href="https://bsky.brid.gy/r/https://bsky.app/profile/bsky.app" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>bsky.app</span></a></span> <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>guardianproject</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.archive.org/@internetarchive" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>internetarchive</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@session" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>session</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@simplex" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>simplex</span></a></span> <span class="h-card" translate="no"><a href="https://social.freedom.press/@freedomofpress" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>freedomofpress</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>eff</span></a></span> <span class="h-card" translate="no"><a href="https://privacysafe.social/@privacysafe" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>privacysafe</span></a></span> <br>🔐 <a href="https://privacysafe.social/tags/PrivacySafe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacySafe</span></a> Bot: Strong <a href="https://privacysafe.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> made simple.<br>Whether you’re setting up devices and user access ahead of time or recovering from a breach, get cryptographically strong passwords & <a href="https://privacysafe.social/tags/passphrases" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passphrases</span></a> — right in your browser, on your device, never stored on a server.<br><a href="https://bitsontape.com/p/password-bot-security" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bitsontape.com/p/password-bot-</span><span class="invisible">security</span></a></p>
maschmi<p>If you have a <a href="https://mastodon.social/tags/google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>google</span></a> account and navigate to <a href="https://passwords.google.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">passwords.google.com</span><span class="invisible"></span></a> you will be able to activate a "on-device-encryption" this option encrypts your <a href="https://mastodon.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> before they are stored in the google password manager.</p><p>Yes, the google password manager apparently stores your passwords in clear text. This is kind of a <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> nightmare.</p><p>And while you are on that settings page: You can also disable the use of the google password manager and export and maybe also delete your stored data.</p>
patpro<p><span class="h-card"><a href="https://infosec.exchange/@jabbercracky" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jabbercracky</span></a></span> that's me 😅<br>And I'm not surprised Tycho won. 👏<br><br>What I've learned from this challenge is that I have much to learn, even though I attack <a href="https://social.patpro.net/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> for more than 10 years now...</p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>User vs IT security 😼💻</p><p><a href="https://chaos.social/tags/itsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsecurity</span></a> <a href="https://chaos.social/tags/user" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>user</span></a> <a href="https://chaos.social/tags/online" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>online</span></a> <a href="https://chaos.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://chaos.social/tags/it" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>it</span></a> <a href="https://chaos.social/tags/web" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>web</span></a> <a href="https://chaos.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://chaos.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://chaos.social/tags/joke" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>joke</span></a> <a href="https://chaos.social/tags/ITJokes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITJokes</span></a> <a href="https://chaos.social/tags/video" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>video</span></a> <a href="https://chaos.social/tags/humor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>humor</span></a> <a href="https://chaos.social/tags/login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>login</span></a> <a href="https://chaos.social/tags/jokes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jokes</span></a> <a href="https://chaos.social/tags/cats" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cats</span></a> <a href="https://chaos.social/tags/cat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cat</span></a></p>
Dumb Password Rules<p>This dumb password rule is from USAA Bank.</p><p>Password cannot be longer than 12 characters but they don't tell you that until after you try a new password. To make up for this fact they've added dubious additional security features on top of this weak foundation.</p><p><a href="https://dumbpasswordrules.com/sites/usaa-bank/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/us</span><span class="invisible">aa-bank/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Dwr Cymru (Welsh Water).</p><p>Limits password length to a maximum of 16 characters</p><p><a href="https://dumbpasswordrules.com/sites/dwr-cymru-welsh-water/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/dw</span><span class="invisible">r-cymru-welsh-water/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dumbpasswordrules</span></a></p>
Jeffrey Goldberg<p>Perhaps one good thing will come out of all the anti- <a href="https://ioc.exchange/tags/DEI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DEI</span></a> stuff. Services may finally stop requiring the <a href="https://ioc.exchange/tags/inclusion" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>inclusion</span></a> of a <a href="https://ioc.exchange/tags/diversity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>diversity</span></a> of <br>characters in <a href="https://ioc.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a>.</p>
Dumb Password Rules<p>This dumb password rule is from Itaú Bank.</p><p>I know, it's in spanish, let me translate this monstrosity for you.</p><p>- Allowed characters: letters A to Z uppercase or lowercase (ñ is not allowed), number 0 to 9, #, $, %, &, +, -, . :, ;, _.<br>- You must use 8 characters.<br>- The password must contain at least one letter and at least one number.<br>- ...</p><p><a href="https://dumbpasswordrules.com/sites/itau-bank/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/it</span><span class="invisible">au-bank/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dumbpasswordrules</span></a></p>
Dumb Password Rules<p>This dumb password rule is from Bank Millennium.</p><p>Passwords limited to 8 digits.</p><p><a href="https://dumbpasswordrules.com/sites/bank-millennium/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dumbpasswordrules.com/sites/ba</span><span class="invisible">nk-millennium/</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dumbpasswordrules</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apple</span></a>’s <a href="https://mastodon.thenewoil.org/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> app was vulnerable to <a href="https://mastodon.thenewoil.org/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>phishing</span></a> attacks for nearly three months after launch</p><p><a href="https://9to5mac.com/2025/03/18/apples-passwords-app-was-vulnerable-to-phishing-attacks-for-nearly-three-months-after-launch/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">9to5mac.com/2025/03/18/apples-</span><span class="invisible">passwords-app-was-vulnerable-to-phishing-attacks-for-nearly-three-months-after-launch/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Royce Williams<p>The protective value of "k-anonymity"¹ for Have I Been Pwned / Pwned Passwords API lookups is significantly reduced because frequency data is included. And the more common the password, the more this effect is magnified.</p><p>An example:</p><p><a href="https://gist.github.com/roycewilliams/2034c9253d46fbcaefb13f8e5d42daa2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/roycewilliams/</span><span class="invisible">2034c9253d46fbcaefb13f8e5d42daa2</span></a></p><p>... with cracks:</p><p><a href="https://gist.github.com/roycewilliams/2bb471cc90cce7f6834204344590fcac" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/roycewilliams/</span><span class="invisible">2bb471cc90cce7f6834204344590fcac</span></a></p><p>Using "k-anonymity"¹ to return all hashes that begin with <code>b2e98</code> is less "anonymous" ... when 98.6% of the passwords (by frequency across all leaks) are the top one.</p><p>It's not really hiding a needle in a haystack if you just lay it on top.</p><p>Edit: in fact, even <em>without</em> the frequency data, since some passwords are much more common than others ... left-skewed distribution is an intrinsic property of password data. Missing frequency data can be largely reconstructed from public cracking efforts. (And even if that weren't true, the hashes can just be cracked using traditional methods. If the cracking community can get a 97%+ cracking rate², what is being achieved other than plausible deniability?)</p><p>K-anonymity [as implemented by HIBP, anyway -- true K-anonymity is different¹] may just be a bad fit for password hashes.</p><p>¹ Not actually k-anonymity at all:<br><a href="https://en.wikipedia.org/wiki/K-anonymity" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">en.wikipedia.org/wiki/K-anonym</span><span class="invisible">ity</span></a></p><p>² Actually closer to 99.29% across the entire corpus, publicly:<br><a href="https://gist.github.com/roycewilliams/40f0e8c93ec9c69f5b5a1874c76f2587" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/roycewilliams/</span><span class="invisible">40f0e8c93ec9c69f5b5a1874c76f2587</span></a></p><p><a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://infosec.exchange/tags/HaveIBeenPwned" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HaveIBeenPwned</span></a></p>
Em :official_verified:<p>New Privacy Guides article 🔐✨<br>by me:</p><p>If you want to keep your password manager local-only, KeePassXC is a great solution!</p><p>It's free, <br>Open-source, <br>Easy to install and use,<br>Doesn't require an account, <br>Works on Linux, macOS, and Windows,<br>And the team is here! 👉 <span class="h-card" translate="no"><a href="https://fosstodon.org/@keepassxc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>keepassxc</span></a></span></p><p>Here's how to set it up with a YubiKey: <a href="https://www.privacyguides.org/articles/2025/03/18/installing-keepassxc-and-yubikey/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">privacyguides.org/articles/202</span><span class="invisible">5/03/18/installing-keepassxc-and-yubikey/</span></a></p><p><a href="https://infosec.exchange/tags/PrivacyGuides" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacyGuides</span></a> <a href="https://infosec.exchange/tags/KeePassXC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KeePassXC</span></a> <a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManager</span></a> <a href="https://infosec.exchange/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://infosec.exchange/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a> and the evolution of authentication: A secure, seamless future</p><p><a href="https://bitwarden.com/blog/passkeys-and-the-evolution-of-authentication-a-secure-seamless-future/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bitwarden.com/blog/passkeys-an</span><span class="invisible">d-the-evolution-of-authentication-a-secure-seamless-future/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
The New Oil<p>Toward a <a href="https://mastodon.thenewoil.org/tags/Passwordless" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwordless</span></a> Future</p><p><a href="https://www.privacyguides.org/articles/2025/03/08/toward-a-passwordless-future/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">privacyguides.org/articles/202</span><span class="invisible">5/03/08/toward-a-passwordless-future/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.thenewoil.org/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a></p>
Privacy Guides<p>Passwords are annoying, vulnerable to attack, and prone to human error. Our latest article explains how passkeys can lead to more secure and private online accounts</p><p><a href="https://www.privacyguides.org/articles/2025/03/08/toward-a-passwordless-future/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">privacyguides.org/articles/202</span><span class="invisible">5/03/08/toward-a-passwordless-future/</span></a></p><p><a href="https://mastodon.neat.computer/tags/PrivacyGuides" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacyGuides</span></a> <a href="https://mastodon.neat.computer/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://mastodon.neat.computer/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.neat.computer/tags/passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkeys</span></a></p>
Hacker News<p>C++ AWS MSK IAM Auth Implementation – Goodbye Kafka Passwords — <a href="https://github.com/timeplus-io/proton/blob/develop/src/IO/Kafka/AwsMskIamSigner.cpp" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/timeplus-io/proton/</span><span class="invisible">blob/develop/src/IO/Kafka/AwsMskIamSigner.cpp</span></a><br><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>C</span></a>++ <a href="https://mastodon.social/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS</span></a> <a href="https://mastodon.social/tags/MSK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSK</span></a> <a href="https://mastodon.social/tags/IAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IAM</span></a> <a href="https://mastodon.social/tags/Auth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Auth</span></a> <a href="https://mastodon.social/tags/Implementation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Implementation</span></a> <a href="https://mastodon.social/tags/Goodbye" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Goodbye</span></a> <a href="https://mastodon.social/tags/Kafka" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kafka</span></a> <a href="https://mastodon.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://mastodon.social/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS</span></a> <a href="https://mastodon.social/tags/MSK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MSK</span></a> <a href="https://mastodon.social/tags/IAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IAM</span></a> <a href="https://mastodon.social/tags/C" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>C</span></a>++ <a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Kafka" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kafka</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
The New Oil<p>Malicious <a href="https://mastodon.thenewoil.org/tags/Chrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chrome</span></a> extensions can spoof password managers in new attack</p><p><a href="https://www.bleepingcomputer.com/news/security/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/malicious-chrome-extensions-can-spoof-password-managers-in-new-attack/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManager</span></a> <a href="https://mastodon.thenewoil.org/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload