Replies (59)

utxo the webmaster 🧑‍💻 _@utxo.one 2 years ago

Holy fuck, guess I'm muting my microphone on stream now while typing pwds

1 replies ↓

Luke Dashjr luke_nostr@dashjr.org 2 years ago

You weren't already? 😅 The harder part to mitigate is when you want to unlock your machine outside your own office...

1 replies ↓

Matthieu matthieu@cosanostr.com 2 years ago

Gotta find an overlay to play while you type your passwords, something that is typing out some choice words 😂 Seriously tho.. this is crazy 😳

2 replies ↓

jack 2 years ago

wow

1 replies ↓

DETERMINISTIC OPTIMISM 🌞 nvk@primal.net 2 years ago

Don't use general purpose computers for bitcoin security.

How to setup a Bitcoin Air-Gap Computer

1 replies ↓

Luke Dashjr luke_nostr@dashjr.org 2 years ago

Don't forget to change your passphrases in case someone recorded a past stream

1 replies ↓

Luke Dashjr luke_nostr@dashjr.org 2 years ago

I'm not sure an overlay is going to be effective.

1 replies ↓

Luke Dashjr luke_nostr@dashjr.org 2 years ago

Bitcoin isn't the only security that matters

1 replies ↓

utxo the webmaster 🧑‍💻 _@utxo.one 2 years ago

100% I typed my sudo password to my PC many times, facking hell. Changing now...

nobody 2 years ago

🎯

Matthieu matthieu@cosanostr.com 2 years ago

Evan evan@boon.org 2 years ago

This is pretty crazy. I guess using biometrics (e.g. Touch ID) and auto fill is now the safer option for performing an action such as logging in from a public place or coffee shop?

Seraf seraf@nostrverified.fyi 2 years ago

Copy/Paste there problem solved.

1 replies ↓

Bill Cypher bill@nostrplebs.com 2 years ago

OnlyKey

OnlyKey Hardware Password Manager | One PIN to remember

The only device that works everywhere to secure accounts, email, and communication online. Strong two-factor authentication and professional grade ...

Problem solved. I love mine.

TheBitcoinManual thebtcmanual@getalby.com 2 years ago

I just shout really loudly as I type in my password

3 replies ↓

Bill Cypher bill@nostrplebs.com 2 years ago

OnlyKey

OnlyKey Hardware Password Manager | One PIN to remember

The only device that works everywhere to secure accounts, email, and communication online. Strong two-factor authentication and professional grade ...

That will solve this problem. I love mine, used it for years. View quoted note →

Digital me 2 years ago

No way... 🥲🥲🥲🥲🥲 View quoted note →

1 replies ↓

shinohai shinohai@btc.info.gf 2 years ago

If you're not already mitigating the risk of someone stealing 216.93 BTC because you are stupid and keeping it on a "hot" wallet, you should probably start... It always seemed like a probable risk, but now it's confirmed. View quoted note →

oldkeyprince oldkeyprince@getalby.com 2 years ago

1 replies ↓

Dan Vergara danvergara@nostrplebs.com 2 years ago

a source familiar with the matter 2 years ago

This is why I always scream as I type it in

2 replies ↓

npub1rghv...kfss 2 years ago

Screaming the password is not much better ;-)

Hoshi 2 years ago

my father does this too. The bad part is: what he shouts is the password

Nice and Kind Vic vic@cornychat.com 2 years ago

I have an extra clicky keyboard next to me when entering passwords Under Siege style

Vitor Pamplona _@vitorpamplona.com 2 years ago

Are you saying we need Neuralink? :)

1 replies ↓

Luke Dashjr luke_nostr@dashjr.org 2 years ago

I'm pondering a retina scanner that combines a hash with a secret salt and does TOTP. Something that won't work if you're asleep ideally

3 replies ↓

John john@jbeiapc.codeberg.page 2 years ago

A potential workaround is N randomly generated characters . So the screen prompts typing in those random characters and asks the user to insert password letters at random intervals. tr#fdawdftjs (in that case the password was farts and the random stream/intervals were generated by the noises in my head). There are attacks on this based on repetition, potential sound differences in chosen letters, and bad or compromised RNGs. The ratio of noise to filler matters. View quoted note →

1 replies ↓

Vitor Pamplona _@vitorpamplona.com 2 years ago

Well, I know how to build a retina scanner if you ever need one :) But an iris scanner is probably easier. Just keep in mind that both Iris and Retina do slightly change over a long lifespan. If everything you have is tied to having access to your eyes you might lose everything on a simple cataract surgery.

1 replies ↓

nobody 2 years ago

So what to do.... guard? Just ensure nothing running? Hmmmm

2 replies ↓

Luke Dashjr luke_nostr@dashjr.org 2 years ago

If you're on a call, mute. I'm not sure if you're in public or an untrusted room

1 replies ↓

nobody 2 years ago

Roger makes sense. I like to mute cuz I move a lot lollll

1 replies ↓

Tobo⚡ tobo@600.wtf 2 years ago

Passkeys to the Rescue

Tobo⚡ tobo@600.wtf 2 years ago

Passkeys.io – A Real-World Passkey Demo & Info Page

Try a Realistic Passkey Demo Login and User Profile. Browse the Passkey Directory and Find Websites With Passkey Support. Learn About Device Compat...

nobody 2 years ago

Yooo 🫵, yea?

1 replies ↓

nobody 2 years ago

Phone, other. Pack lol dunno

1 replies ↓

nobody 2 years ago

Haha

nobody 2 years ago

Catarac surgery? Worldcoin fail trashhhhh 🤣

1 replies ↓

Ava appreciate Calm & Wisdom. 2 years ago

🤣

Ava appreciate Calm & Wisdom. 2 years ago

Plus sûr

Ava appreciate Calm & Wisdom. 2 years ago

🤣 morte de 🤣

Mark Camper camper@nostrplebs.com 2 years ago

Setup a hackerspace inside the karaoke bar.

SubconsciousErosion_0x0 2 years ago

🤣 View quoted note →

Sasha 2 years ago

So how are we mitigating this risk? Lol

1 replies ↓

gray gray@ok0.org 2 years ago

Get an IBM Model M keyboard and they’ll never figure out what keys you’re hitting with the microphone clipping.

RealJohnDoe 2 years ago

This is why I use a keepass vault with extremely hardened security. Key files, and auto type obfuscation. If they can get past that security they earned it..😆

captjack 🏴‍☠️✨💜 captjack@plebchain.club 2 years ago

100%

npub1zvmt...jsvf 2 years ago

GM. View quoted note →

VelvetCow velvetcow@nostrpurple.com 2 years ago

I switched to a permanent offline device for password store and use a QR reader for entering every password on my devices now, never use a physical keyboard. I guess I'll be safe-ish...

Dow dowstudios@iris.to 2 years ago

I read about those high res cameras in Walmart where the viewer can see whats on the cell phones and finger movements

Dow dowstudios@iris.to 2 years ago

They

1 replies ↓

oldkeyprince oldkeyprince@getalby.com 2 years ago

Who’s they?

Unhosted Marcellus _@ordisrespector.com 2 years ago

Are silent keyboards a thing? Seems like the most straightforward countermeasure.

1 replies ↓

Luke Dashjr luke_nostr@dashjr.org 2 years ago

Your hands could make subtle sound. Might be harder to decipher, but I wouldn't rely on it

ᶠᶸᶜᵏᵧₒᵤ!🫵🏼 frontrunbitcoin@satoshivibes.com 2 years ago

not a clipboard maxi I see 🤣

annica annica@nostrplebs.com 2 years ago

Yikes

Magz magz456@nostrverse.net 2 years ago

That's creepy

UNLICENSED MONEY TRANSMITTER david@foreverlaura.net 2 years ago

how do you handle this?

Laser laser@primal.net 2 years ago

hardware switch on my cam/mic for laptop, trustable toggles on @grapheneos for mobile

Ky ky@nostrverse.net 2 years ago

Yup. Modern day keyloggers.