I've been toying with a method for people to keep credentials memorable while keeping them completely unique on each & every site 👍

This method uses SHA256 encoding to generate username & password based on memorable secret & format, but input username & password is gibberish 😎
Just come up with a phrase you can easily remember like "i<3vaginas" then use URL itself as prefix to username & password.

User: gmail.com_barnacules
Pass: gmail.com_password

Then use encoded text as actual username & password for each site 👍
(Example. someguy@gmail.com)
user: gmail.com_someguy
pass: gmail.com_someguy_password
secret: i<3vaginas
siteuser: 9a4315f777adaa6899aa2c519641697025c74dbf9728005a
sitepass: 9a4315f777adaa6899aa2c519641697025c74dbf9728070155705752c76f566fa31c75a2
🤔
This way every single site has a gibberish super long username & password that can't be brute forced & you never store the secret anywhere since you can easily memorize it & only give it to the encoder when rebuilding the username or password 👍 #Security #Password #Privacy #Dev
This is a similar way to how I used to build credentials for sites that were unique and yet memorable since most sites just stored the hash and never the full password. But after dozens of full password leaks from various sites you really can't trust every site to keep a secret.
Now, ideally you would want to put this in a little app on your phone that uses the clipboard or a browser plugin to make it really quick to just type in the pseudo username and password & have it automatically encoded it to the right one for the site. But no more storing creds.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Barnacules Nerdgasm ™️

Barnacules Nerdgasm ™️ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @Barnacules

Jan 25
I always get a little excited when I convince #ChatGPT to do something it normally refuses to do 🏆

It wouldn't make me an email list of common names, but it would make a list of names with extra stuff added on the end on subsequent prompts 😉 #OpenAI #gpt3
PS: None of those email addresses are real so far as I know. They are just different permutations based on input to ChatGPT 🤣 So if you think somehow you're going to reach any of those people you're dreaming. But you might find a scammer camped out on their name 🍿
However, one of these may or may not be real 😏
Read 4 tweets
Jan 24
⚠️ PLEASE WATCH & SHARE ⚠️ #2fa #security #hacked #lastpass #bitwarden #norton #sms #privacy
🛑 Why you should spend the time now! Not later… 🛑 #sec #2fa #identitytheft #id #privacy #security
🔥 Had @LastPass not leaked their entire password database I would be safe right now even if attackers has my real password. They claim this is a “feature” that makes them extra secure. This is on them but I was dumb enough to believe they could keep their data & source safe 🔥
Read 6 tweets
Jan 24
Remember when CAPTCHA was billed to us as free cutting edge bot detection when in reality we were all training Google Maps to read street signs & OACR for digitizing books & optimizing search? 🤔

If something is free then you’re ALWAYS the product 😎 #OpenAI #ChatGPT #AI
However this time they trained the heck out of the model to give it a solid foundation before allowing the public’s to start poisoning it. And now adoption is so high that good information outweighs bad information & it’s still being curated & hand held to gravitate towards truth
I don’t know how any other company will be able to catch up with @OpenAI and @Microsoft are so far ahead. But I look forward to seeing other companies try and they will have to now. They have no choice at this point since conventional search is garbage now by comparison.
Read 6 tweets
Jan 23
I absolutely love #ChatGPT and think it is one of the biggest leaps forward in technology we have seen in our lifetimes revolutionizing how quickly we can acquire & apply knowledge.

That's why it sucks that @Microsoft basically controls it since it can't exist without @Azure 🤣
So, enjoy these early days of the technology where it's the wild wild west and you can still get some truly unique experiences with it because once it's a retail product it will have its wings clipped for anything that would enable someone to develop their own AI or rival MS.
Microsoft really needs to keep their foot on this technology and make sure it isn't replicated by anyone else. Remember, the code isn't what makes this product special, it's the training & dataset which is all empowered by the 2nd largest datacenter in the world @Azure.
Read 5 tweets
Jan 9
To those of you that think I'm fear mongering by telling people to stop using online password managers I'll just say "Good!"! I want people to be scared! I don't want anyone to go through what I'm going through right now when a FIDO key can stop it! #Sec amzn.to/3GMEJWf
If nothing else just get one & use it for your primary email address that you use for creating all of your other accounts online. If someone gets your primary email they own literally everything & prevent you from ever changing passwords, etc on things they don't take over.
So long as you have a physical rolling authentication like FIDO you can disable the 2FA recovery keys on your account or only physically print and store them in a safe offline only & ensure they can only be re-rolled or changed with the physical key which will save you!
Read 7 tweets
Apr 2, 2022
The trick to combatting scammers & spammers at scale isn’t to block, delete or ignore them but rather engage them with adversarial bots that lure them & follow their breadcrumb trail by emulating real humans making real victims harder to find than needles in a haystack @MKBHD 😈
What I would start with is creating a matrix of all the common tells of a scam bot & use regular expressions to classify & weight them.

Ex.
- Account name contains social network name or abbreviation
- Message contains reference to other platform
- Emoji Pointers
- Dupe Posts
Then I would create a few
thousand accounts on each
platform using scripts to
automate speech to text to
resolve captchas (their weak
spot) & roll IP's through TOR or
VPN to avoid bot detection using
scammers own tricks. I'd use
face generator to make unique
profile images 😎
Read 18 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(