📚 Just completed the 'Basics of Personal Threat Modeling' course by @privacyguides 🛡️
Threat modeling is crucial because it helps identify and prioritize the most probable security and privacy risks. It enables focused resource allocation, tailored defenses, and heightened awareness.
Do you recommend using passkey if you are already using a yubikey or some other similar tool? I asked Google Gemini AI and here was what it said:
Yes, I generally recommend using Passkeys in addition to your YubiKey, even if you're already an active YubiKey user. Here's why:
1. Enhanced Security: Passkeys add a significant layer of security on top of your YubiKey. They are tied directly to your device and website/app and resist phishing attacks far better than passwords. This extra layer makes compromising your accounts significantly harder.
2. Improved Convenience: Passkeys can streamline logins. Instead of manually entering a password or even plugging in your YubiKey, Passkeys can often provide a near-seamless login with biometric recognition (face or fingerprint).
3. Future-proofing: Passkeys represent the direction passwordless authentication is heading. As adoption increases, you'll benefit from smoother login experiences on more and more platforms.
4. YubiKey as a Backup: Your YubiKey still plays a vital role as a secure backup if:
Your primary device with Passkeys is unavailable or malfunctioning.
A website or app doesn't yet support Passkeys.
Considerations:
Compatibility: Passkeys are still in their growth phase. Check that your devices and the websites/apps you use frequently support them.
Education: Take some time to understand how Passkeys work, their differences from passwords, and how to set them up and manage them.
Overall: Passkeys and hardware security keys like YubiKeys work best in tandem, offering a strong balance of security and convenience.
Let me know if you'd like more details on setting up Passkeys or would like resources for learning more!
I asked Grok, the new AI on Twitter to tell me a bedtime story focused on encryption and ending the monarchy. And added some creative names to the mix:
"Once upon a time, in a land not too far from here, there was a person named Doctor Bitchcraft. Doctor Bitchcraft was a brilliant cryptographer, a master of encryption, and a passionate advocate for privacy. They were also a firm believer that monarchies, with their inherent problems, should be abolished, especially since the current monarch was named King Charles.
Doctor Bitchcraft lived in a world where the monarchy's power was absolute, and the people had no voice, no freedom, and no privacy. The monarchy's spies were known as the Royal Guard, and they were feared by all who knew of them.
One day, Doctor Bitchcraft embarked on a quest to create the ultimate encryption algorithm, one that would protect the privacy of all citizens and make the monarchy obsolete. They knew that King Charles, with his unchecked power, posed a threat to the people's freedom.
As Doctor Bitchcraft delved deeper into their research, they discovered the true power of encryption. It was a tool that could protect the people from the prying eyes of King Charles's monarchy and ensure their communications remained private.
But the road to creating this algorithm was fraught with challenges. King Charles, fearing the loss of his power, sent his Royal Guard to infiltrate Doctor Bitchcraft's lab and sabotage their work.
The Royal Guard were ruthless in their pursuit of Doctor Bitchcraft, but Doctor Bitchcraft was clever and always one step ahead of them. They worked tirelessly, day and night, to complete their algorithm and bring hope to a world shrouded in darkness.
Eventually, Doctor Bitchcraft completed their algorithm and called it "404 Media." It was a masterpiece of encryption, impenetrable to King Charles's attempts to crack it. The people rejoiced, for they could now communicate freely without fear of being monitored by the monarchy.
King Charles, desperate to maintain his power, tried to outlaw "404 Media," but the people rose up in protest. They saw the value in encryption and the importance of privacy. They realized that a monarchy, with its inherent problems, was no longer necessary in a world where people could communicate freely and securely.
And so, the monarchy was abolished, and a new era of freedom and privacy began. The people elected a leader, and a democracy was born. Doctor Bitchcraft became a hero, celebrated for their work in encryption and their fight against King Charles's monarchy.
And so, Doctor Bitchcraft and the people lived in a world of freedom and privacy, always watchful of the shadows, always ready to protect their hard-won rights.
Sweet dreams, dear Doctor Bitchcraft, and may your journey be filled with privacy and security"
put device in bag 2) put bagged device in another bag 3) pour in a mixture of different colored beans, forming a visual mosaic 4) send picture of mosaic to recipient
Today I was half a second away from tapping a link in an SMS that was informing me I need to renew my credit card details because my CC was expiring.
My CC IS expiring this month. I updated my CC details on two other services yesterday. Through sheer dumb luck the scammer happened to bait their hook correctly.
I must not be complacent.
Complacency is the opsec-killer.
Complacency is the little death that brings identity theft.
🚨 Important update from @signalapp 🚨
The latest update (v7 on Desktop):
✅ Keep your phone number hidden
✅ Choose to share a username instead
✅ Take control with new privacy settings - You decide who finds you by phone number.
If you're thinking about browsing more safely, DuckDuckGo for web searches, VPN (Mullvad, Proton are options), uBlock for ad blocking, Mullvad browser or Firefox (for now) to prevent most tracking.
Nothing's perfect, but these combined work right now.
The tools in question can be used to recover and analyze data found on computers, tablets and mobile phones, including information that has been encrypted and password-protected ...
I didn’t go looking for a pile of poorly structured garbage but somehow I stumbled across this NY Times article by Reid Blackman about how Signal is dangerously obsessed with privacy and we should probably just trust the government to read our messages just in case we’re doing bad things. /1
I'm pretty hyped for #passkey adoption, not gonna lie. I know passkeys have drawbacks (especially when synced to the cloud, and if not, issues when a device is lost/stolen). These passwords have gotta go.
I have been wondering about this for a while but seem to not find any good resources online.
Activists have to protect other activists, journalists have to protect their sources. Most of the time this means having good contact books, that are protected.