Tootfinder

The curse of having to remember easily hackable passwords may soon be over
A new alternative is set to take over in 2026
#Passwords will be on the way out in 2026
as #passkeys take over

Passwords will be on the way out in 2026 as passkeys take over
The curse of having to remember easily hackable passwords may soon be over, as a new alternative is set to take over in 2026

It's downright weird that McDonald's is leading a campaign to advise us to use more secure passwords.
McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords
https://www.theregister.com/2026/02/02/mcdonalds_password_advice/…

McDonald's is not lovin' your bigmac, happymeal, and mcnuggets passwords
: Your favorite menu item might be easy to remember but it will not secure your account

TIL:
If you have your Samsung T7 Touch SSD encrypted with a password (and maybe a fingerprint) ..and you want to remove the encryption (or delete/change password/fingerprint).... Your device (MS Win) has to be connected to the internet. Otherwise the neccessary software just hangs after unlocking the SSD.
WTAF Samsung. For real.
This lead me to two questions:
1. What are the odds that passwords and fingerprints are casually transfered to some Samsung service? (Rhetor…

»Was ist Keycloak und was hat es drauf?«
Mit dem muss ich mich wirklich mal ernsthaft auseinandersetzen und nicht das Login "neu erfinden". Das Passwords so wie Passkeys jedes mal "neu" zu implementieren macht null Sinn. Cool wäre es, wenn Keycloak früher oder später auch PASETO & Co. integrieren wird.
🔐

Was ist Keycloak und was hat es drauf?
Mit Keycloak steht Entwicklern und Administratoren eine ausgereifte Open-Source-Plattform zur Verfügung.

#FreeSoftwareAdvent KeePassXC is the best password manager I've used.
Can create strong passwords, store TOTP data, organize in folders all the keys, add comments...

149 Million Usernames and Passwords Exposed by Unsecured Database
https://www.wired.com/story/149-million-stolen-usernames-passwords/

149 Million Usernames and Passwords Exposed by Unsecured Database
This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware.

My solution to the problem @… mentions:
1. Make password the •only• login field. No username/email! Just password, and you’re in!
2. Because they now identify users, passwords must to be unique across all users in a system.
3. For security reasons, require passwords to be unique across all sites on the entire Internet. A password can be used at most once in human history.
4. This renders account recovery impossible in many cases.
5. Over time, users are thus able to use fewer and fewer sites, eventually being forced offline altogether.
6. Success!
https://mastodon.social/@jwz/115776511391611416

Like all the rest of the nerds, I did a bit of tech support on family computers.
They're all popping up windows from scam virus scanners lying that subscriptions need to be renewed or machines are unprotected. People don't know how to remove these things. Luckily they also don't really know how to pay the subscription.
Their phones are updating on them. Changing where buttons used to be. Removing options. Forcing people to register to use they things they have been doing for years.
They don't know how to register.
Things pop up asking for passwords and they have no idea who is asking or which password to use.
I tell them that I don't really understand why they keep using Windows now it is so shitty and awful. They say they don't know how to use anything else. The fact they don't really know how to use windows either doesn't seem to register.
The tech corporations have given up completely on being user friendly. They are all deliberately user hostile and exploitative now.
Corporate tech is terrible. The industry is failing it's users, abusing them. People don't even know there is any other way. They are just giving up on achieving their tasks until someone can fix the pop-ups and subscription boxes and passwords and 2fa for them.
Tech sucks now. Sucks hard.
#tech #christmasTechSupport

So what’s good alternative to Firefox?
I need something for Windows and iOS and it should sync passwords. Ideally not Chromium-based and obviously no AI slop.

Moltbot is like giving some stranger you can't really trust access to all your data, communications, passwords, your computer etc.. It is maybe fascinating but just don't do it..... The large AI players can already build this for a long time but there is a reason they are not doing it....
https://www.

Clawdbot sheds skin to become Moltbot, can't slough off security issues
: The massively hyped agentic personal assistant has security experts wondering why anyone would install it

for per-contact email, I've settled on Proton Pass, $36/yr (free is limited to 10)
under the hood it's SimpleLogin, an email proxy, rewrites from/to. sometimes has problems with antispam, but them solving it is better than me.
Proton acquired SimpleLogin in 2022, and made it a subfeature of Proton Pass (not Proton Mail)
yes it's weird to tie this to a password manager. no the proxy doesn't get to read your passwords. yes the Proton CEO is weirdly problematic…

Before you head out for the weekend, don't miss today's Metacurity for the crucial cybersecurity developments you should know, including
--A database with 149 million usernames and passwords was exposed on the internet,
--Venezuelan nationals who stole cash from ATMs using malware will be deported from US,
--FBI asked Microsoft to unlock encrypted laptops,
--Under Armour is investigating massive data breach,
--Tech investors want the US government to prob…

A database with 149 million usernames and passwords was exposed on the internet
Venezuelan nationals who stole cash from ATMs using malware will be deported from US, FBI asked Microsoft to unlock encrypted laptops, Under Armour is investigating massive data breach, Tech investors want the US government to probe S. Korea's treatment of Coupang following data breach, much more

@…
So to reiterate this conversation:
You: Passkeys don't have problems A, B, C and D!
Me: Actually B is still a problem.
You: Yeah well, B is also a problem for passwords! And so is F and G!
Me: Yes, but B is still a problem.
You: But if I hacked the pentagon, then Z would also be a problem for passwords!
I'm not a…

100k most used passwords
These are the latest 100k most insecure used (hacked?) passwords. I wonder why at least a minimal regex the first hurdle can stand in the way of the attackers, i.e. apparently has not yet been widely implemented? Am I wrong, or are there reliable sources?
💥

I wish @… would go back to providing the pwned passwords list as a simple download and not require a weird tool that I have to deal with...
If someone wants to provide a service: Provide something like quarterly dumps of the list as a download.

Google Safe Browsing has started blocking websites using #Mailcow for self-hosting email. Google calls them dangerous, and they're right: dangerous to their data-driven business model.
Yet most people still use #Google services. They talk about privacy, even attend

I understand it's fashionable to disable password login and instead force people to retrieve one-time passwords from their mailbox. This works better if you first verify that you can actually deliver #email to your users. (Totally random thought definitely not inspired by real events.)

“you can just supply an IP address of a MongoDB instance and it’ll start ferreting out in memory things such as database passwords (which are plain text), AWS secret keys etc. The exploit specifically looks for those class of credentials and secrets, too.”
https://doublepulsar.com…

Merry Christmas Day! Have a MongoDB security incident.
Somebody from Elastic Security decided to post an exploit for CVE-2025–14847 on Christmas Day.

I spent Friday trying to hack into a customer box in India. They need support but have "secured" the system beyond the reach of the access mechanisms they have offered. None of the 4 different VPN’s we operate for their US operations can reach the box directly, so I must RDP into a domain controller in Mumbai, which they replaced without telling us. After finally getting to the box, none of the dozen passwords they’ve provided over the years work.
Definitely billable hours. <…

The only way to handle #passwords is a password manager. @… (free, open source), @…

@… hey, need a little help. I recently created a accounts on fedi.absturztau.be @…. I massed up my keepass databases and lost access to passwords. I haven't logged in to

"Your email and password has been pwned in this leak. You should change the affected password"
Thanks, according to my password manager, there are about 50 different passwords associated with services where I signed up using this particular email address.
(Yes I know, create unique plus addresses - except this somewhat geriatric service doesn't do plus addresses, and besides, not all websites accept them)
I wonder which one I actually need to change. If I n…

So what's a good alternative to Firefox (I'm using it when I'm not on my Mac). I don't want their new "AI Window" stuff and I don't want to support it.
It has to work on Windows and an iOS version as well, and can sync passwords between those.
Please only suggest things you personally use and like.
I'm ruling out Chrome (spyware) and Brave (homophobic owner).
(Wish Apple would still make Safari for Windows.)

Unclear to me why no one ever mentions Strongbox in #PasswordManager reviews. It is a perfectly fine PM for macOS/iOS/iPadOS that has a rich set of sync options, most of which don't involve any 2nd/3rd party storage. It stores its databases in KeePass2.x (kdbx v4) format, so it is data-compatible with the many variations of KeePass.
(I use it with SSH/SCP sync, so as long as I’m at…

Moltbot is like giving some stranger you can't really trust access to all your data, communications, passwords, your computer etc.. It is maybe fascinating but just don't do it..... The large AI players can already build this for a long time but there is a reason they are not doing it....
https://www.