lovetoxguys if you use a password manager, write your master password down on some paper and store it with your documents somewhere in your home
lovetoxi nearly had a meltdown today, when i woke up, type in my password which i typed in every day for the last years, and its wrong, then i think about it for a minute, and cant remember the fucking password anymore, its just gone.
Zashfireproof safety deposit box?
lovetoxthen i realize whats in that password manager, like everything, ssh keys, root passwords, passwords for every fucking device in my life, TOTP keys for all the sites, of course i activated 2FA Everywhere, so now even if i know the password i cant login anymore
MattJFor a long time we told people not to write down passwords, but these days it's far less likely that your online accounts will be compromised by someone breaking into your home than forgotten, guessed or phished
Zashlovetox, it doesn't happen to be lastpass? https://news.ycombinator.com/item?id=29705957 has been mentioned in a bunch of places
lovetoxno i dont use a online password manager, i have a keepass xc
lovetoxi took me the whole day calming down, just now i sit in front of the thing again, and i type and type per muscle memory, and suddenly i realize, im off one key to the right fot the last letter
Zashah yes, the keyboard alignment error
lovetoxand then i found it, and im really happy, and i write my password now down, even think about exporting that content of the password manager to hard copy somehwere
nepheleI know that feeling of not "knowing" passwords, but only having them in muscle memory... I usually use quite complex passwords and only have them in something like a password manager to initially learn them :)
pep.Also SSSS and also keep a part for yourself to make it slightly easier to get back? :/
pep.So you handle the case you're incapacitated, be it that you're alive or dead :x
lovetoxmy laptop is encrypted with LUKS, and the password is the same as to my password manager, i googled today the whole day how to crack LUKS encryption, and how to crack KeepassXC v4 database
lovetoxand of course i used the newest algos on everything
lovetoxits basically impossible right now :D
Zashhaha let me tell you about the BIOS supervisor password I thought was a good idea to set on the now 3 year old laptop I bought
Zashand then never used again, until I thought I'd install the extra RAM I had bought, because it's got tamper protection and a built-in battery so you have to do stuff in bios to open it up
Zashstill can't remember it
Zashand then I spilled one drop of water into the keyboard, which promptly broke just enough keys to prevent typing any password I could think of, *AND* the disk crypto password
moparisthebestlovetox, haha yes good lesson, I had the same problem unlocking the LUKS partition on my server I rarely reboot
moparisthebestturns out I can only type it correctly when sitting down, not standing up and hunching over, who knew ?
jonas’lovetox, welcome back ;)
jonas’I spent one afternoon this year brute-forcing my own LUKS password
jonas’it was luckily an xkcd-horse-battery-staple-correct-style password, and I remembered three out of five words, so brute forcing it was even feasible
jonas’otherwise.... that would've turned into a pretty terrible day
lovetoxyes, i had the same thought, i knew i was off by one or 2 keys
lovetoxi thought bruteforcing is the way to go
lovetoxbut luks2 with kdf=aragon2i or something like that
jonas’among the forgotten words was the first one, so I couldn't trigger muscle memory
lovetoxits not really possible
jonas’if you know enough bits, it is
jonas’might just take a few dozen CPU—hours
lovetoxyeah but then i have to write the bruteforce myself
lovetoxthe tools like hashcat, john the ripper, which are usually used
lovetoxall have no support right now for these new algos
Zashhow2 brute force bios password when you need the bios password to boot into DOS to run the brute force tool?
Zashand you have 3 attempts before it just shuts down again
lovetoxyeah Zash thats a hard one
lovetoxbut cant you flash a new bios or something?
moparisthebestZash, that becomes a screen capture + fake keyboard input excercise :P
moparisthebestI'm sure the FBI has something you can use
jonas’lovetox, yeah, that was like 200 lines of python shelling out to cryptsetup luksOpen and checking the exit status
jonas’fun fact, I got the exit status check wrong the first time, which made it brute force the entire possible corpus claiming failure
jonas’ask me how I managed to not go crazy
Zashdeclare it a loss or possibly a stationary desktop machine and buy a new laptop?
Zashtho enabling all the paranoia options on something intended to be the travel laptop seemed sensible at the time
SamBios passwords (normally? ometimes?) have a pin you can short to reset them. I've had to do that on my laptop in the past
ZashTamper protection wouldn't be very effective if that was possible✎
ZashTamper detection wouldn't be very effective if that was possible ✏
Samin my laptops case, tamper detection isn't very effective :)
ZashAll I could find was "not possible, you must replace the motherboard"
jonas’I'm certain it is possible with sufficient determination. though that might involve de- and re-soldering some things :)
MartinIn the good 'ol days unplugging the battery for a while solved everything. 🙂
nepheleI also have a laptop that sais in it's documentation that the only way to remove the bios password is to replace the mainboard... that kind of forces me to set one, just so nobody picks it up and sets one i /dont/ know