infosec tip: use a unique email and password for all of your accounts. make sure the emails you use for your financial accounts are not used on any other accounts
#cybersecgirl #infosec
Discussion
Do you recommend any password manager?
Bitwarden?
Thank you 😀
I recommend #signet. It's hardware security for your password manager.
Full disclosure: I maintain signet. 🤣
I've heard good things about Bitwarden, but I used KeePassXC before I switched to Signet because I wanted to control when, how and where my password database goes. Separating the password DB from the file syncing made more sense.
I still use KeePassDX on mobile, and Nextcloud to sync. I'm very happy with this setup.
Thank you. I will take a look. I used KeePass for many years, synced password database file to Google drive.
But then, some time ago, for usability, I defaulted back to Google chrome password manager. It's just so easy and works on mobile, etc.
Then, more recently, I thought I'd get out of Google.
Hence Bitwarden. I will look again at KeePass, maybe KeePass DX for mobile, or your product.
Thank you.
I can't think of anything that is going to beat KeepassDX. They have keyboard integration, can be unlocked by biometrics, and I have it set up to automatically sync my database to my Nextvloud server.
The verson of the Signet mobile app copies passwords to the clipboard, which is suboptimal. Beyond that, it doesn't even install on the latest version of Android and I haven't been able to get it to compile.
I'm looking for an Android dev who wild be willing to volunteer a few hours to get it fixed, if you know anyone.
There's also browser integration via browser add-ons, but I don't think anyone is currently using them (I know I am not). I'm already stretched thin, but testing them out is on my list.
what is your preferred email provider?
understanding that email is not private or secure, when you have to use it, i recommend proton mail
What the OP is really saying is that the OPSEC of the SEC is not that sec.
Infosec tip #2: randomize your usernames of all accounts unless you have a reason not to.
There's no reason people should be able to guess the username to your health care provider just because they know your username on some social media platform.
If there's an authentication bypass vulnerability that goes public in the future, you'll be glad you took this step.
Thanks for the tips! I like seeing them in my timeline.
ofc. happy to hear that. thank you
Yes, people are sometimes using dots to sign up for my newsletter, something like Alex.loveisbitcoin@whatever