-
Posts
-
-
.thumb.jpg.958469f789995895cc0de1fb3c106d00.jpg)
By +Warwagon · Posted
I actually got to use one of those so called "backup codes" once. It was for a customer, I choose the backup code option, and by the grace of god, they actually hade them printed out. Imagine my surprise, when after using the backup code, Google then told use we had to enter a code they just sent to the gmail address we currently did not have access to. I was not amused, Google backup codes should be the end all get out of jail free card, because you had to have access to the account to even get them. -
By Snake Doc · Posted
On the topic of being locked out of a service. Recently two different friends of mine got locked out of their Google accounts. Both were hack attempts and one of them is waiting 30 days before he can get back in. He had backup codes and MFA but not a passkey. It was a browser token hack. Anyhow he has to wait 30 days for the dispute or whatever to end. The other person only had a password and is screwed losing all of the email, docs and years of photos. Google won’t help her at all. Her fault because she had no backup/recovery setup. Enable passkeys if possible. Also do NOT use browser based password managers. If using a cloud service make sure it is one you can fully sync to one of your devices so you can back it up. Like a PC or Mac with some backup drive plugged into it. Google is the worst to use IMHO. You can’t sync your photos at all. You have to use the “Take Out” service which is manual and takes days. That service strips the meta data from your photos. Also Google Docs synced to a device are useless without a Google accounts. MS Office/Libre Office is not going to open a link to a Google doc to a dead account. -
By zikalify · Posted
Why you need to take back control of your synced passwords and how to go about doing that by Paul Hill Credit: Pixabay Last month, when Google decided to introduce daily and weekly caps for Gemini, it reignited an anxiety of mine, that you can’t really depend on service providers to maintain features forever, and it got me looking into free software (as in freedom) in other areas too. One app I quickly came across was KeePassXC on desktop and KeePassDX on Android as an alternative to password manager lock-in within the Chrome or Firefox ecosystems. I personally like to switch around with browsers, and using either password manager is inconvenient, so something like KeePassXC was interesting to me. The main issue with it now is syncing; I was not sure how to do that. After a bit of research, I came across Syncthing, a tool I was vaguely familiar with but had never used because it seemed complicated. However, I was completely wrong, and honestly, I think everyone should use it if they use multiple devices. It essentially lets you share folders peer to peer across all of your devices, no cloud services that you don’t control necessary! And it was fairly simple to set up, if not a bit clunky. Since setting it up, I’ve also started using Syncthing to back up other apps too, so don’t think it’s limited to just saving password databases. You can use it for pretty much anything you use Dropbox or Google Drive for. Before continuing to talk about those apps a bit more, let’s walk back a bit and talk about browser sync. Ever since the late 2000s and early 2010s, really, since we have been using smartphones, browser sync has been a necessity of life. I don’t know about you, but I have hundreds of passwords saved. For the most part, they’re all unique, so I don’t remember them and rely on software to manage them for me. Until recently, I’ve relied on password managers in Chrome and Firefox, but what I always found annoying was that it can be hard to transfer them between browsers. Sure, on Windows it is simple enough, but on Linux, exporting bookmarks has been temperamental. It works OK nowadays, but not too long ago, Chrome required you to enable exporting passwords in chrome://flags. The situation is even worse on mobile; there is no exporting or importing of passwords of any kind. You literally have to do it on a desktop, which is incredibly annoying in our mobile-first world. Sync also lets us take out bookmarks, history, tabs, and autofill data easily. To enable sync, it’s just a matter of signing into the browser once, and it handles the rest. It’s nice and easy. Obviously, all this has some issues, including those I’ve outlined above about it being hard to transfer data between browsers, but also things such as account suspension, lost account passwords, and other lock-in mechanisms, such as passkeys, being tied to a specific browser. On a sidenote, I have just removed all of my passkeys because they can make it harder to move browsers. I think the biggest threat to your synced passwords, especially if doing this with Google, is having your account suspended. I don’t ever expect mine to be suspended, but you do hear horror stories on Reddit where people lose access to their Google accounts. Imagine if you have hundreds of passwords, then suddenly lose access to them because Google froze your account, what would you do? So yes, it can be nice to use these syncing services for their convenience, but they also have risks. You may have seen me going on about free software quite a bit in my editorials. It’s essentially a concept championed by the Free Software Foundation. It’s software under particular licenses that grant you four freedoms: run the program for any purpose (0), study and change the source code (1), redistribute copies to others (2), and the freedom to distribute modified copies to others (3). For example, if there is an app I use and one day it gets abandoned by the developer, I can keep running it or even clone the software and continue developing it. Look at the myriad of cool services Google has run over the years before killing them. You can’t take the source code for those because they are proprietary, for the most part. Both KeePassXC and Syncthing are free software, so I get the freedoms listed above. In my use case where I’m syncing a database full of my passwords, I also get proper ownership over my data, there is no losing access to the database due to a frozen account, I can access the code of the tools I’m using, and I can get support from real people online if I run into issues, rather than having to consult a vague help page from an opaque company. With the KeePassXC password manager, you create a .kdbx file, which is what will be synced between devices. KeePassXC has cross-platform apps and also has browser extensions so that the browser can fetch passwords from the database once it is unlocked. Meanwhile, Syncthing is a peer-to-peer file sync tool where you can select folders to sync between your devices. Just pop files in the folders you choose, and then they will be available across your other devices whenever they come online. Syncthing is resilient as it works over both LAN and the internet and only ever sends content between your devices, never to a third-party server somewhere else. By combining these two pieces of software, you can essentially replicate the browser sync functionality. I have had a weird, conflicting issue where a new file is appearing, but it doesn’t seem to be impacting my main password database, which is updating between devices just fine. If you want to get a setup similar to what I have, you will need to go here to download KeePassXC for your computer. Once you have that, you will need to download your passwords from your web browser to a CSV file. In Chrome, you can type chrome://password-manager/settings into the URL bar, and you should see an option to download your passwords under Export Passwords. This will give you the CSV file you need for importing into KeePassXC. If you use a different browser, just use a search engine and type “browser-name export passwords” and muddle along. In KeePassXC, you’ll want to press Import File from the home screen, select the CSV file, and create a new database from it. On one of the screens of the wizard, there will be a Title field with a drop-down selected to none. Change this to Title and continue. You’ll select a name for the database, the encryption level (the defaults are fine), and then you will pick a password. I would choose four unrelated words that are easy for you to remember, as you’ll be typing them fairly often to access your passwords. When you have all your passwords in your new database, you will want to set up the browser extension so that your browser can fetch passwords from KeePassXC. Rather than explain how to do that here, refer to KeePassXC’s guide on how to set it up properly. Once you’ve got that set up, you want to install KeePassDX on Android. You can grab it on the F-Droid store and the Google Play Store. For iPhone users, there are other .kdbx-supporting apps, but I haven’t tried any of them, so have a look around and use what suits you. Once you have that done, you will want to install Syncthing on your computer and find a third-party app for your mobile device. On Android, I use an app called BasicSync; there are also options for iOS, but again, I’ve not tried these. Once you’ve got SyncThing, you’ll want to set it up and connect all of your devices together and share a folder between your gadgets. PCWorld has a good tutorial on setting up a synchronized file between your devices using SyncThing. Once you’ve set it up, congrats, you’ll never have to touch that stuff again except for adding or removing devices. I’ll be honest, I didn’t particularly like setting up Syncthing. It didn’t take me a massive amount of time, but I think I had to check online because I found it a bit confusing. That said, I’ve had it running for several weeks now and never need to touch the Syncthing settings, so that’s very nice. I also mentioned a conflicting file. I’m not sure why this is appearing, but the main .kdbx file seems to be updating and syncing just fine. What’s nice is that both KeePassXC and Syncthing are free software, so they won’t just vanish one day; you can take the code and fork the project or use a range of alternative implementations that others have made. It’s also nice that it works over LAN, so even if your ISP is having problems, your passwords will still sync. One area where you will want to be a bit more careful with this setup is if you only have one device. I am OK because I have a computer and two phones, all synced up. If you just have one device, you will probably want to store a backup of your .kdbx file somewhere else. Obviously, you’ll also want to remember your password really well, too. If you get locked out, it's game over. Overall, if you want to take back control of your computing from big tech, taking control of your passwords is an important part of this. You don’t need to immediately clear out your browser’s password manager; try running KeePassXC and the password manager concurrently for a while to see if you run into any problems. If you do try this out, let us know some other creative ways to use Syncthing. I haven’t really come up with a solution about what to do with my bookmarks, for example. -
By M. Murcek · Posted
If the price was a dollar, someone would complain "Why isn't it free?" If it was free, someone would complain they weren't being paid to play it.
-
-
Recent Achievements
-
Supreme Spray LV earned a badge
Week One Done
-
Genuinetonerink- Dubai earned a badge
One Month Later
-
Genuinetonerink- Dubai earned a badge
Week One Done
-
hhgygy earned a badge
One Year In
-
AMV earned a badge
Week One Done
-
-
Popular Contributors
-
Tell a friend
.thumb.jpg.958469f789995895cc0de1fb3c106d00.jpg)
.thumb.png.b7089ebbdf00d96b3b92dddbd04bac02.png)
Recommended Posts