Refer previous posts:
Just when I almost weakened and set up a PassKey for at least one account (Google), I heard this on Windows Weekly Ep 944. https://www.youtube.com/watch?v=KcvuD36zQbo
About 1 hr 54 minutes (start of section talking about authenticator Apps –10 minutes approx.) Towards the end of the segment they talk about ongoing problems with PassKeys even when stored in your Password Manager. When I am sure that all issues have been sorted out, I will consider.
Refer previous post 11th April 2024 https://whysun.com/computers-and-the-internet/windows-10-end-of-support/
THIS IS A REMINDER TO THOSE PEOPLE STILL RUNNING WINDOWS 10 THAT SUPPORT EXPIRES IN ABOUT A YEAR.
The post referred to above has full details.
Refer previous post.
Google Chrome browser has been warning users of uBlock Origin that it will soon be disabled. The reason is that Chrome (and other browsers based on Chromium like Edge) will be moving from existing standard “Manifest v2” to a new standard “Manifest v3”. The creator/maintainer of uBlock Origin, has indicated that he will not be adapting uBlock Origin to Manifest v3.
Chrome is suggesting that you will have to find an alternative ad blocker before Google Chrome disables it for good. A suggested alternative is uBlock Origin Lite – a “fork” of the original. It is a content-blocking extension that functions on the upcoming Manifest v3 system but lacks some features of the original.
uBlock Origin still works on Firefox and I have switched to that browser for watching YouTube videos. Edge is still my default browser and I will still also continue to use Chrome.
I installed uBlock Origin Lite on Chrome and it blocked the pre-roll ads on YouTube. However, like the ad blocker I use on my Apple iPad, it produces a black screen for a few seconds in place of the pre-roll ads. I am not sure about the annoying ads that interrupt the video. They have not appeared so far, and I will update this post if they do appear – or a blank screen appears.
My Ad Blocker of choice is UBlock Origin, but it no longer works on Chrome when accessing YouTube.
In fact, Google says it will disable UBlock Origin on Chrome this year. This is the message when you click Manage Extension for UBlock Origin on Chrome:
This extension may soon no longer be supported
Remove or replace it with similar extensions from the Chrome Web Store
It continues to work fully on Firefox and Edge** so I guess I will start viewing YouTube on Firefox. those browsers.** YouTube is almost un-watchable with ads interrupting at various random times. I don’t mind the pre-roll ads, but it is the abrupt interruptions that annoy me.
I will stop using Chrome if it becomes necessary.
The podcast SECURITY NOW Ep 986 mentioned this subject, and it is not known yet if UBlock Origin will update its Chrome Extension to comply with the new Chrome policy.
This is the entry for UBlock Origin on Wikipedia https://en.wikipedia.org/wiki/UBlock_Origin
UBlock Origin is the pick of the Ad Blockers, and I intend to continue using for as long as I can, if necessary, by not using browsers that block it. So far, Chrome is only blocking it on YouTube, but they have stated that they will fully block it this year.
As I have previously stated, I leave the default browser/search engines in place. That means, with Windows PCs the default browser is Edge with Bing as the search engine. I also use 2 other browsers – Firefox / DuckDuckGo and Chrome / Google.
** UPDATE MICROSOFT EDGE
A similar situation exists with Edge and YouTube (which is not surprising now that Edge is based on Chromium)
It is coming up to 3 months since I upgraded to FTTP so I thought I would check my NBN speeds to see if there has been any drop off.
I am pleased to see that there has been no change:
A PASSWORD MANAGER IS ESSENTIAL – NO ARGUMENTS and will remain so until the new “passwordless” system “Passkeys” is fully implemented. It is encouraging to see that all the big tech companies are supporting Passkeys.
I first became fully aware of the need for a password manager from the host of the Security Now podcast, Steve Gibson. He recommended LastPass and that is what I have been using for years.
LastPass has had issues and customers’ encrypted vaults have been stolen. This is a concise explanation from Gizmodo. https://gizmodo.com/hackers-lastpass-users-password-vaults-change-now-1849926968
If you had a weak master password, you are very much at risk. The danger is that the hackers have all the time in the world to attempt to crack the encrypted vaults and you should start to go through and change passwords now.
Even if you had a stronger password, it is still advisable to change your passwords starting with the important ones and then working through the others. Importantly, you have to do this even if you change to another password manager.
Even though problems were reported some months ago, going on the information made available at the time, Steve Gibson said he was retaining LastPass. As a result, I continued to follow his advice and still have been using LastPass until his podcast episode 904. Steve is now moving to Bitwarden.
I have given it a lot of thought and considered three possible courses of action:
1. Staying on LastPass (but changing all passwords);
2. Moving to Bitwarden (and also changing passwords);
3. Moving to 1Password (and also changing passwords).
No 1 Staying on LastPass.
First, if you have the time, listen to the podcast and read other reports on the breach of LastPass. The main risk is having a weak master password that makes it easier to “brute force” the encrypted vaults that were stolen. I had a strong master password, and my financial passwords were not stored on LastPass. Therefore, my risk would be low. On the other hand, my email passwords, government accounts and other important passwords were stored there.
The main reason why most security pundits are recommending to people that they leave LastPass, is lack of trust in LastPass. The first reports, some months ago, suggested that problems were not that serious. However more recent reports have changed that.
Initially, I was not going to move, but instead, change all my passwords. I have a strong master password and do not have my financial log in credentials in LastPass.
However, what influenced me the most were comments that the current breach will open up LastPass to lawsuits that could force it to shut down. Also, strong passwords may be OK now, but there can be no guarantee that cracking technology will not improve.
LastPass started out as a mainly “free” program that relied on selling a more advanced version – i.e the “Freemium” model. It was later sold and then on sold. A few years ago, I decided to pay as I do not trust “FREE”. You get what you pay for.
Sometimes, but not always, a buyer is more interested in maximising income than the original founders.
No 2 Moving to Bitwarden
Bitwarden also operates under the Freemium model and that is why I thought long and hard about a move. Steve Gibson mentions this, but he says that, as an “Open Source” program, there is less likelihood that someone would be willing to buy it. Also, the first tier of payment is very reasonable, so, hopefully, people will pay. Premium Membership is USD$10 per year and comes with 2FA on log in, 1gb of storage and a couple of other things. This compares to about USD$30 per year for others.
No 3 Moving to 1Password
This is a very well regarded and popular program and has no free tier. Therefore, there is an established profit model from the outset, thereby reducing the chance that the founders will “cash in” by selling it. On the other hand, as it grows in popularity, there is no guarantee that it won’t sold.
DECISION
I have decided to:
1. Cancel my paid subscription with LastPass but leave the account open for the present time;
2. Start using Bitwarden and pay the small Premium Membership fee of USD$10 (AUD$15-50) per year;
3. Immediately change the passwords (using Bitwarden but not LastPass) for Emails, Government Accounts, Domain and shares. Then go through all the others and gradually change all (and at the same time set up 2FA if available).
4. Then, after the passwords are changed, there is little point in keeping LastPass (as it will have the old passwords).
I will give Bitwarden a long trial and, if satisfied, I will keep it at least until I hear it has been sold. If I do not like it or it gets sold, I will move to 1Password.
RECOMMENDATION
I will leave up to the individual whether or not to leave LastPass. These breaches can happen to anyone and hopefully they will learn from the experience. But I do strongly recommend you complete the following at the very least:
Scroll down (on the way, make sure Country Restrictions are set for your country) until you get to “Password Iterations”. The default should be set to 100100. BUT I set mine to 300101. Make sure to click Update whether you make any changes or not. Old master passwords were set to a lower “Iteration” number.
NOTE – Generally, changing passwords is not too hard but time consuming. My main issue is that I am still getting used to Bitwarden. LastPass is easier – but I am used to it.
ALSO BE CAREFUL to the read the pasword rules. I came across one that only allowed 16 charachters. I was trying to use many more charachters and I got locked out.
Also, from bitter experience, do not trust the automatic update offered by the Password Manager (Both Bitwarden and LastPass). Record the old and new passwords on say a Word document. Then after the change , update the Password Manager manually and test a log in before deleting the Word document. ALSO with Bitwarden, after you change the details in Bitwarden, go to Settings and run a Sync – Settings (Bottom right) / Sync (click the arrow thing) / Sync Vault Now.
P.S. 13th Jan 23
I have completed password changes for all important accounts and am progressing well with the others.
One thing I have noticed is that I have opened very many shopping accounts. I thought that I would just close them but – no such luck! It is impossible to simply close this type of account, almost without exception. In future, I will be far more cautious before I open any account. Luckily, I used PayPal as the method of payment, so I don’t have to worry about credit card details.
BUT, I have learnt a valuable lesson.
SEE UPDATE PASSWORDS – Whycal’s Blog (whysun.com)
