ATG 1957: Battery Powered Suction Cups

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

2 Likes

One thing missed here. 1Password’s Secret Key is securely synced / copied between devices. Of course, not literally stored, but its encrypted copy is stored:

  • iCloud Keychain syncs the Secret Key in the background, so all Apple devices have it
  • You can scan a QR code on a current device to add a new device
  • If you have the PDF handy, 1Password can “OCR” it into any new device
  • In all current logged-in devices, so you never re-type it just to login back in
  • In device backups, so you can even migrate devices without adding it

I think the “burden” of the Secret Key is actually its strength: for new devices, it can be considered 2FA where you’ve ticked “remember me”. So beyond its encryption benefits, it also has some authentication benefits, too.

//

I also think it’s peace of mind. Even as someone who loves technology and uses 20+ character passwords everywhere, I also don’t want to keep up with GPU cracking performance leap, password cracking conferences, breach notices, password best practices (until they’re not), etc.

//

I did try the initials trick recommended for a while, but I couldn’t quite get used to typing it out. Maybe I should’ve practiced it more, haha! I ended up switching to passphrases. I think my fingers are used to the full words.

From what I understand, XKCD’s passphrase passwords are still quite resistant to dictionary attacks if they are long and if they have separators. Just removing “staple” from the viral XKCD password does make it significantly more susceptible in these offline vault-stealing attacks.



Re your discussion on email clients. I have started using Mailspring. which is fully open source. It has
Multiple accounts (IMAP & Office 365), Touch and gesture support, Advanced shortcuts, Lightning-fast search, Undo send, Unified Inbox, Read receipts, link tracking Mac, Windows, and Linux support
Themes and layouts (including dark mode) Localized into 9 languages

Something @mikahsargent said on the show got me thinking. What are the downsides of using a second password manager to generate a very long password for your main password vault?

You could then print and store it securely, and on your devices cut and paste as you could install both apps protected by biometrics.

For example, MS Authenticator and Bitwarden. Would this reduce the chance of brute forcing a leaked vault?

You end up with Authenticator protected by a long random password stored in Bitwarden, and Bitwarden protected by a long random password stored in Authenticator.

Re: chatGPT

Perhaps the question should be:
“Should we learn anything that chatGPT can do?”

PS: Is there a way to add time stamp to the twit.tv video link?
https://youtu.be/KjkGlPhZ5pg?t=3522

I love the mailspring client. I run it on my Mac and Windows Computer. I just wish they had an IOS app to use on my phone as well.