Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
3 Likes
One thing missed here. 1Password’s Secret Key is securely synced / copied between devices. Of course, not literally stored, but its encrypted copy is stored:
- iCloud Keychain syncs the Secret Key in the background, so all Apple devices have it
- You can scan a QR code on a current device to add a new device
- If you have the PDF handy, 1Password can “OCR” it into any new device
- In all current logged-in devices, so you never re-type it just to login back in
- In device backups, so you can even migrate devices without adding it
I think the “burden” of the Secret Key is actually its strength: for new devices, it can be considered 2FA where you’ve ticked “remember me”. So beyond its encryption benefits, it also has some authentication benefits, too.
//
I also think it’s peace of mind. Even as someone who loves technology and uses 20+ character passwords everywhere, I also don’t want to keep up with GPU cracking performance leap, password cracking conferences, breach notices, password best practices (until they’re not), etc.
//
I did try the initials trick recommended for a while, but I couldn’t quite get used to typing it out. Maybe I should’ve practiced it more, haha! I ended up switching to passphrases. I think my fingers are used to the full words.
From what I understand, XKCD’s passphrase passwords are still quite resistant to dictionary attacks if they are long and if they have separators. Just removing “staple” from the viral XKCD password does make it significantly more susceptible in these offline vault-stealing attacks.
1 Like
Re your discussion on email clients. I have started using Mailspring. which is fully open source. It has
Multiple accounts (IMAP & Office 365), Touch and gesture support, Advanced shortcuts, Lightning-fast search, Undo send, Unified Inbox, Read receipts, link tracking Mac, Windows, and Linux support
Themes and layouts (including dark mode) Localized into 9 languages
Something @mikahsargent said on the show got me thinking. What are the downsides of using a second password manager to generate a very long password for your main password vault?
You could then print and store it securely, and on your devices cut and paste as you could install both apps protected by biometrics.
For example, MS Authenticator and Bitwarden. Would this reduce the chance of brute forcing a leaked vault?
You end up with Authenticator protected by a long random password stored in Bitwarden, and Bitwarden protected by a long random password stored in Authenticator.
Re: chatGPT
Perhaps the question should be:
“Should we learn anything that chatGPT can do?”
PS: Is there a way to add time stamp to the twit.tv video link?
https://youtu.be/KjkGlPhZ5pg?t=3522
I love the mailspring client. I run it on my Mac and Windows Computer. I just wish they had an IOS app to use on my phone as well.
Regarding your recommendation of using an iPad mini for traveling abroad and your recommendation to use WhatsApp for communicating.
-
WhatsApp does not allow you to install the client on an iPad. I understand that they don’t want you to install it either on an Android tablet, but I don’t know how good are they at enforcing it. The client that runs on a Mac or a PC requires you to have WhatsApp active on a phone.
-
Even if you could manage to jailbreak your iPad to install WhatsApp. You need a phone to receive your activation pin that arrives through SMS or a phone call, and the iPad can’t handle either.
-
Finally, you can only make calls through WhatsApp to another WhatsApp user.
Luis.
1 Like
Re battery replacement on iPhones. I took my iPhone XR into my local Apple Store for a battery replacement at the end of December. After they replaced the battery, the display no longer worked. I was told I had to wait for a new XR replacement unit, as they did not have one in stock. I would only have to pay for the cost of the battery (Applecare not in effect). The replacement unit took two weeks to arrive, during which time I was provided with a loaner that had half the storage of my normal XR.
Long story short, in the future, I’ll just get a new phone, and won’t mess with battery replacement, by Apple or anyone else. I understand that newer iPhone models might be less prone than what happened to me, but it’s just not worth the hassle.
Scott Mace
My personal thoughts are that English words are okay to use in passwords, just make sure you’re not using only common English words or idioms. Make the password long, add random capitals, numbers, special characters—and the entropy should be pretty high.
Of course, regardless of your password-creating methodology, enable MFA.