When running the JetBackup there are a lot of "partially completed" backup failures. Upon inspection, it seems the problem is cau… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1842827&goto=newpost
Many websites now allow for the creation of an account to be done via Google using options like “Sign in with Google” or “Join with Google” (I’ve also seen the option to use a Facebook account). Often, this is much easier than going through the steps to enter in my information and create a unique password for the website.
My question is: does this convenience come at a price? Primarily, I am wondering what information is shared between the website and Google. For example, if the website servers are hacked, are my Google log-in credentials also compromised?
About two weeks ago on 03/22, there was an attempt to login to my online Chase bank account. I was aware of this when I noticed an email from Chase, which contained a verification code to login on a new device. Immediately, I certainly knew that this wasn’t me and proceeded to change my password. Fortunately, customer service told me the person wasn’t able to fully successfully login. It was from a Windows device titled “Windows NT 10.0”.
Today (04/03), I noticed multiple charges on my Chase debit card. Two gift cards were purchased with my debit card through my Best Buy account. I checked my Gmail for confirmation emails for those orders, and surprisingly ended up finding them in the trash bin. I knew they now had access to my Gmail and Best Buy accounts, and immediately changed the passwords for both of those accounts.
Through Google’s settings, I checked all the devices my account is currently signed into, and found out that someone on a Windows device using FireFox successfully logged into my Google account on 03/22, the same day as the attempted login to my bank. This same device had a login at around 5 AM, which was the same time the gift cards were purchased. The only computer I use is a Mac, and the browser that I use is Brave. No one I know has a Windows computer other than my father, to which I know for certain that this activity isn’t his.
I currently have all passwords to most of my online accounts changed. I use Bitwarden as my password manager, and have been using Bitwarden’s password generator to create unique passwords for each account that I have. I have also signed out of my Google account on all devices except for the one I’m currently using, and have enabled two-factor authentication.
My main question is, how? How were they able to successfully login to my Google account without my knowledge? To my understanding, when Google sees a login from an unrecognized device with a different IP, they usually ask for confirmation through a verification code through Google Authenticator or through text message, but they were able to just login without any of that. Did they possibly infiltrate my Bitwarden account, hence why they were able to log into my Best Buy and Gmail accounts? I am genuinely clueless as to how they were able to pull this off and was just wondering if I could get some insight as to how they did this and if there is anything else I should do to keep my information more secure.
Chrome stores your passwords under your Google Account. By default, they are not encrypted, so if any hacker gains access to Google’s servers, they could potentially grab your stored logins too. However, it is possible to optionally set a passphrase which will be used to encrypt your synced data. Obviously, in this case the security of your saved passwords will depend on the strength of that passphrase.
Firefox differs in that it stores your logins encrypted by default. Once again, the security of the saved passwords depends on the strength of your Firefox Account password.
In both Chrome and Firefox, once a device has been synced with your account, the saved passwords are also stored on the device.
I have two unshadowed text files,
passwd1, I run
john --show passwd1 and it works to crack
passwd1. But for
passwd2, if I run
john --show passwd2, I got
No password hashes left to crack (see FAQ). Why and how to crack
From my current understanding, WPA networks use a network’s SSID and password to produce a PSK (pre-shared-key), which encrypts/decrypts communications between the router and the client before a new key can be negotiated.
If a router does not have a set password, does this mean that the key negotiation between the router and the client is not encrypted?
As @Adnan aptly point out, there is no good reason to restrict characters, but the practice isn’t going to go away soon.
One of the most egregious examples of such restrictions is what is done in the x-cart shopping cart system that many websites use. It silently truncates passwords are
<. So if you give it a password like
lwB<Ln#q5iDVnW!K&ZQ0u(zD, it will treat your password as
lwB. Steve Thomas has described this, but I can’t find the precise source, so I will just credit him in general.)
It is clear from errors like this what the original intent was. Someone threw in a password parsing rule to prevent XSS. Obviously there are much much better ways to doing this, but this shows that some of these policies are an attempt to sanitize user provided data before doing any further processing of it.
There are good reasons to restrict passwords to US-ASCII. A user may have something like
ü in their password, but sometimes they will be providing that as UTF8 and other times as Latin1 (or any other set of encodings). The user may be unaware of such distinctions.
There is some debate about whether white space should be allowed in passwords. I’m in favor of allowing spaces as it can be useful for creating stronger, more memorable, and easier to type passphrases. But there are two reasons to be wary of spaces in passwords.
Spaces are very audible when people are typing.
On most keyboards it is easy to hear when a space versus any other key is typed. Thus someone who hears you type in your password a few times will be able to learn in which positions there are spaces. This can make cracking much easier.
Stripping trailing and leading whitespace.
We may wish to strip trailing and leading whitespace from entered passwords, as people may not know that those are there. (Possible copy/paste sloppiness, etc). So we just add confusion if we say that white space is allowed as long as it isn’t trailing or leading.
Despite these problems, I still like the idea of allowing spaces. But a lot of smart people disagree with me.
Since 2019, Infinity Marketplace starts services.
We provide comfortable interface for buying and selling, Auto purchases / Auto refund system / Hand to Hand Purchase system (Valid Hand) / Extensive search system / Quick response.
Our goal to make best solutions for buyers and sellers. It means we are doing work every day to make more visible quality of products on stock, have only verified sellers.
This is also secured platform,
Registration one click,
Contact information like a jid,tg, etc. not required,
User ticket messages encrypted.
Feel free and leave questions to us.
( Email access/ Cookies / Full info )
( SSN/ DOB / MMN / DL / Score / CR / )
BROWSER PASSWORDS & COOKIES
CC ENROLL and SELF REGISTERED
LOOKUP AND DRAWING SERVICES
Login / Register