gaenyul nyalle seymour

0 views
Skip to first unread message

Mara Ermogemous

unread,
Aug 2, 2024, 10:10:54 AM8/2/24
to cufinfose

I have a similar scenario, receiving a notification on my iPhone that approx 80 of my username/passwords are the subject of a data breach. However many of my passwords on this notification are different. Ie, not the same password across all sites. I often use a similar password but with different letters or numbers at the end.

I can understand the concept of, say, a retailers website getting hacked and suffering a data breach that contains a list of all its customers including my email and password. And I get that as a precaution Apple may notify me about a potential breach for any other websites where I may have the same email & password combination. But why would I be notified of many other passwords being at risk? Is it because they may contain 'part' of the same password? But that still doesn't explain the notifications relating to my wife and sons passwords which are nothing like mine.

i bought an iphone 8 plus on ebay and right when i was signing in to all my accounts that i used before it always says its been in a data leak, i want to know if this is from me buying an iphone from ebay or if its just like those scam phone calls you get when they ask for your credit card information.

Clearly 1 causes me great concern but 2 would seem reasonable, in that there will be numerous people worldwide that would randomly choose the same 5 figure number, of which some poor sole has had their data breached.

Re-use a password, and some miscreant will now have access to that service, and whatever additional access can be gained from there. Access ro an Apple,ID (and particularly one without two-factor enabled) is a Bad Day for the account holder, too.

But to keep passwords for every websites is insane. How can we remember those passwords? If this is the solution then it sucks. Normal people can't remember each and every password (now you will tell that you don't have to remember the password but instead your phone or computer will do it. Unfortunately, Life is not that simple.

All of these work the same way. They store your passwords using strong encryption, and you only have to remember one password for the app itself to find any password and have it entered automatically into the website or app.

haveibeenpwned contacts multiple famous services such as wattpad and mathway, etc to see if they have been exposed to hackers and accounts have been sold or leaked, and might also confirm that your email or phone-number is part of that list.

Contrastingly Apple's Keychain services use a different method. Like many VPN services like NordVPN, Keychain actually references many deep web links to compromised accounts and immediately contacts the owner. Quote:

These devices usually do not support our secure wireless connection, instead they must connect to FIU_WiFi. You must register these devices at account.fiu.edu before you can connect them to the internet.

FIU is also participating in the eduroam (education roaming) initiative. If you are a student of a participating university, you may log into the eduroam SSID using the username and password from your home university (eg. ro...@miami.edu)

eduroam (education roaming) is the secure, world-wide roaming access service developed for the international research and education community. eduroam allows students, researchers and staff from participating institutions to obtain Internet connectivity across campus and when visiting other participating institutions by simply opening their laptop.

In order to get access to FIU_SECUREWiFi you will need to login with your MyAccounts username/password. If you do not know your MyAccounts credentials, select the FIU_WiFi wireless network and visit myaccounts.fiu.edu on your browser.

eBook Readers (Amazon Kindle, Barnes & Noble Nook), gaming consoles (PlayStation, Xbox 360, Wii), and some wireless printers are not supported through the FIU_SECUREWiFi wireless network and will need to login to FIU_WiFi, which is for wireless devices that require a different authentication method.

Yes, FIU participates in eduroam (education roaming), a free world-wide service that provides instant, authenticated and encrypted network access to all participating universities. Eduroam will allow all students, faculty, and staff to access Wi-Fi networks from participating institutions with their FIU email address and their MyAccounts password.

The Division of Information Technology (IT) is Florida International University's central technology service provider and is led under the direction of Mr. Robert Grillo, Vice President and Chief Information Officer. It consists of four technology organizational units, including University Technology Services (UTS), the IT Security Office (ITSO), the Center for Internet Augmented Research and Assessment (CIARA) and the Office of the CIO.

Some of the user names being saved are errors .. so when you key the username box, i get a 'list' of usernames. A couple have the user name + the password because apparently did not see that the tab key did not move the curser and it was just tagged onto the user name. I'd like to be able to delete or reset the user names. All the forum questions deal with password saving, but I don't save any of my passwords and the user names are automatic unless I turn off the 'Remember search and form history'. Any suggestions?

Just-A-User 's solution sounded like it should work, but did not... no effect. But after solving the issue using cor-el 's solution ... well did I feel dumb or what?!! THX so much, I guess your direction to NOT USE THE MOUSE to delete it made all the difference. Appreciate both of you taking the time to get back to me!

Internet-connected devices running applications are everywhere nowadays. Traditional examples are game consoles, TV boxes, and media centers. More unconventional examples are smart fridges or fancy audio speakers that allow live streaming from the Internet. Of course, you also have kiosk systems in stores and restaurants, billboards, etc. There are plenty of examples, but these systems typically have two things in common:

I used Netflix as an example here, but these scenarios are everywhere. The Apple TV does not support running an OAuth 2.0 flow in a browser, so Netflix has almost no alternative to handle user authentication than to ask for credentials directly. At least these devices have a way to request user input, albeit somewhat awkwardly. Some devices, such as kiosk systems or smart speakers, have no input capabilities, making it even more difficult for users to log in to an app.

When a user opens this website on a phone or computer, the user is asked to authenticate with a username and password. The main difference is that the user is now authenticating in a regular browser. This means that the user can rely on stored passwords or password managers if desired.

If everything checks out, the Security Token Service responds with a URL, a user code, and a device code (Step 2). This URL will take the user to the authentication page of the Security Token Service, where the user is expected to enter the code. The client renders this URL and code on a screen (Step 3A). The exact mechanism for displaying this data is up to the client. Typical examples are static text or a scannable QR code.

Once the client started showing the data to the user, the client begins polling the Security Token Service for the result using the received device code (Step 3B). With this device code, the Security Token Service can lookup the active flow and inspect its current status. The Security Token Service informs the client of that status.

While the client is polling, the user will complete the flow on their device. This involves authenticating as a user (unless a session already exists) and optionally giving the client consent to access their data (Steps 4 - 8).

In the meantime, the client is still polling the Security Token Service (Step 3B). After the user has completed the flow, the Security Token Service will send the proper response to the client (Step 9). That response typically includes an access token, and optionally a refresh token and identity token.

Again, a story from my personal life. In pre-pandemic times, I traveled the world to teach developers how to build secure applications. That meant spending a significant amount of time in hotels, which nowadays, almost all have smart TVs. You can watch Netflix with your account on the hotel TV (gotta get that Paw Patrol fix!). Of course, this means signing in with your Netflix account.

However, the more important takeaway is that Netflix should start using the OAuth 2.0 device flow. With the OAuth 2.0 device flow, I never have to give my credentials to an untrusted device. Instead, I sign in on the Netflix website on my device, after which the app on the untrusted TV receives tokens to access my account. The untrusted device still has access to Netflix in my name but does not have my account credentials.

Additionally, when I leave the hotel, I can log in to my Netflix account and revoke the refresh token for that smart TV. That way, I can ensure that the next guest will not inadvertently gain access to my Netflix account.

90f70e40cf
Reply all
Reply to author
Forward
0 new messages