DopeGhoti
Active Member
I might be able to, but "Joe" who doesn't use this forum, and can barely install an app on his phone might not.
You can install our site as a web app on your iOS device by utilizing the Add to Home Screen feature in Safari. Please see this thread for more details on this.
Note: This feature may not be available in some browsers.
Or better yet, set up a cron job to encrypt the (already encrypted, but why not?) password database and SCP it to a remote location you own. S3 storage is pennies at this scale. Per year. We're talking $0.023 per GB per month.DO set a reminder on your phone to update this backup at least once a month. AND DO IT.
The safest way to use ANY password manager (LastPass, 1Password etc):
-- Choose a password for the password manager itself that you can remember but is VERY strong. DONT use anything anyone else is ever ever likely to know. Not anyone. Not birthdays, or SSNs, or your house number etc.
-- NEVER give your password manager password to anyone. Never type it into any dialog box, support page, or anything other than the app when you use the app on a machine/browser that you know or own.
-- ALWAYS use the password manager to generate a strong random password for each web site etc you visit.
-- DONT use the same strong password for different web sites. EVER.
-- DO use the "manual auto-fill" feature of the password manager, where you have to click a button to ask the manager to fill in credentials.
-- DONT use the "auto auto-fill" feature, where the password manager anticipates things and just auto-files a form without asking you first.
-- If you EVER read about or suspect that a site you visit may have been compromised visit that site AT ONCE and change your password using a new strong password generated by the manager.
-- DO use two-factor authentication (2FA) on any all all sites that support it.
-- DO keep an ENCRYPTED backup of your password database in a SAFE location.
-- DO set a reminder on your phone to update this backup at least once a month. AND DO IT.
Can we spell paranoid?
Or better yet, set up a cron job to encrypt the (already encrypted, but why not?) password database and SCP it to a remote location you own. S3 storage is pennies at this scale. Per year. We're talking $0.023 per GB per month.
Watchoo talkin' about? I gots backups! I keep my password database on the Desktop, and I have a backup in My Documents! Sheesh!If not, you probably dont have any backups AT ALL (most people still dont)
Can we spell paranoid?
The safest way to use ANY password manager (LastPass, 1Password etc):
-- Choose a password for the password manager itself that you can remember but is VERY strong. DONT use anything anyone else is ever ever likely to know. Not anyone. Not birthdays, or SSNs, or your house number etc.
-- NEVER give your password manager password to anyone. Never type it into any dialog box, support page, or anything other than the app when you use the app on a machine/browser that you know or own.
-- ALWAYS use the password manager to generate a strong random password for each web site etc you visit.
-- DONT use the same strong password for different web sites. EVER.
-- DO use the "manual auto-fill" feature of the password manager, where you have to click a button to ask the manager to fill in credentials.
-- DONT use the "auto auto-fill" feature, where the password manager anticipates things and just auto-files a form without asking you first.
-- If you EVER read about or suspect that a site you visit may have been compromised visit that site AT ONCE and change your password using a new strong password generated by the manager.
-- DO use two-factor authentication (2FA) on any all all sites that support it.
-- DO keep an ENCRYPTED backup of your password database in a SAFE location.
-- DO set a reminder on your phone to update this backup at least once a month. AND DO IT.
Can we spell paranoid?
This is mitigated my MFA. But I'd really like passwords (which are something like negative fortieth century technology) to go the way of the dodo. Revocable certificates and keystores, with universal MFA please!if someone gets your master password, they have access to EVERYTHING
I still didn't get an answer to how you're securing the keys in your cloud instance where you run your own metrics collector. I'm very curious.
For my instance of Teslamate, it is in fact not stored in the Cloud; it's on a server that I own and maintain. I would make here an argument that if it were in the cloud it would still be secure, but recent leaks of private data from (former) AWS employees shows just how wrong that argument would be.I still didn't get an answer to how you're securing the keys in your cloud instance where you run your own metrics collector.
This is mitigated my MFA. But I'd really like passwords (which are something like negative fortieth century technology) to go the way of the dodo. Revocable certificates and keystores, with universal MFA please!
One-time pads sent via SMS are but one form of multifactor authentication (and indeed one of the less secure forms). Rather better are software or hardware that you can obtain (examples of the former might by Google Authenticator or Authy; an example of the latter might be a Yubikey) which you seed once, and continue to generate the OTPs on demand in sync with the far side. No communication side-channel needed at authentication time.I used to decline 2FA because I was in the habit of going places where there was no cell service.
One-time pads sent via SMS are but one form of multifactor authentication (and indeed one of the less secure forms). Rather better are software or hardware that you can obtain (examples of the former might by Google Authenticator or Authy; an example of the latter might be a Yubikey) which you seed once, and continue to generate the OTPs on demand in sync with the far side. No communication side-channel needed at authentication time.
I will assume you have anti-virus protection for your dogs laptop?the ecocystem of the current internet is hostile toward regular users. advertisers want to put MALWARE on your system (and so, I have no ethical problem using adblockers, javascript blockers, etc.) it IS an arms race and the sooner people realize it the safer they'll be.
disable all html email; insist on just text. if someone sends you html email, just view the text version (ignore the tags). reason: a lot of html email have 'web bugs' and just by viewing an image - that causes a hit on their webserver and you've just confirmed your email, as a real human, to a spammer.
android is horrible for security. YOU are the product, you are not the customer.
be very wary of 'apps'. almost all want to steal info from your contacts list and so on. the ecosystem is broken and since 'no one' pays for microservices, the idiots^Hwebmasters all think that they have the right to flood you with ads and spam to 'pay' for the web pages you viewed. its all so broken and such a damned shame we let it all go to hell like that. but we did. ;(
I work in the security group in my company and I see the red team (the guys who try to break in and test security) reports. I track updates to various software products and have to decide if this patch is safe to incorporate or not.
its NOT being paranoid. half of the internet people out there just want to have a normal life, but the other half have very bad intentions and some even have good tech skills (or money to hire those that do).
oh, one more thing: never use corporate systems (laptops from your company) to do ANY personal banking or email. they all have 'man in the middle' certificates installed by the IT dept and the lock icon you see on your browser is mostly worthless after that.