@oeleo
Thanks for the detailed response.
Topic: Don't auto Save your login details (Read 996 times)
If person X used a laptop that held some of their bitcoin’s over public WIFI is there any chance at all that somebody could for example steal their wallet.dat &/or see what their wallet password is.
It depends on the rest of your security set up and what kind of wallet you are using, but there are other risks too.An attacker can use an unsecured WiFi network to spy on the data you send across it. This could include usernames and passwords if they aren't otherwise encrypted, and they could use this to access web wallets or exchange accounts. An attacker can use a WiFi network to distribute malware. This could be in the form of a keylogger to record your login details to a web wallet, could be clipboard malware to change the address you have copy and pasted, could be designed to send your wallet.dat to them, or could be to change the destination of any transaction you try to sign.
Even if you are using a hardware wallet you are not completely safe. Although you wouldn't be susceptible to any of the attacks above (provided you double check what shows up on the screen of your hardware wallet), it is conceivable that an attacker could set up a man in the middle attack, and change a bitcoin address which is being displayed to you. For example, if you were connecting to a service to deposit some bitcoin, the receiving address of the service could be changed to the address of the attacker before you even see it. So even if you confirm everything is correct on the screen of your hardware wallet, you are only confirming against an already altered address.
I would recommend never using public WiFi for anything truly sensitive or valuable, and never log in to any accounts via one. If I ever do have to use one, I use a Live OS which is wiped afterwards and Tor with HTTPS.
Don't click save password when you use a public computer, that's all. Auto save login details on personal computer helping a lots. More careful, you can use a password manager, Lastpass is good, i recommend it.
I use public WiFi in cafes and libraries all the time, but I would never use a public computer there. I bought an HP Netbook, and a Logitec keyboard for my phone, and both of those allow me to use my own equipment. Neither of them cost much money, so I can't see the point in using a public computer. The only time I have done it is to assess a library printer, and you need to scan a library membership card to do that.
How safe is this?
If person X used a laptop that held some of their bitcoin’s over public WIFI is there any chance at all that somebody could for example steal their wallet.dat &/or see what their wallet password is.
Nobody else has access to person X’s laptop ever but is there a chance at all that somebody could access their laptop via the public WIFI if they’re online using it at the same time?
It's stupid to safe passwords on others notebook or PC, they can easily login behind your back, password saving is only good on your private computers not public computers
Good advice OP, I wasn't aware of this trick.
You should never save your login credentials in your browser or on your hard drive anyway. The reasons why have already been mentioned so no reason to repeat those.
Google keeps a file for login details on your device. This file contains the URLs, IDs and encrypted passwords for all sites you visit. This data shouldn't be on any computer.
They used to keep them in the below location, not sure if that is still the case.
You should never save your login credentials in your browser or on your hard drive anyway. The reasons why have already been mentioned so no reason to repeat those.
Google keeps a file for login details on your device. This file contains the URLs, IDs and encrypted passwords for all sites you visit. This data shouldn't be on any computer.
They used to keep them in the below location, not sure if that is still the case.
Quote
C:\Users\$username\AppData\Local\Google\Chrome\User Data\Default.
https://www.askcybersecurity.com/where-are-my-saved-passwords-in-chrome/
Check if the public computer has a defreeze option most of the public computer now has defreeze install on every computer to prevebt malicious files from being dowloaded in their computer, if there is then your login info will be cleared or erased when you log off in the computer.
You can also see the saved passwords in the setting of browsers. I think this issue is simple that everyone just know. But you're when notice people not to save the information.
Today, we will see how you can hack any password, but only those who will have saved the password while logging in.
Yesterday I had an opportunity to go to the internet café, I wrote the domain of Facebook.
And this thing happened:
Now this means that anyone can log in with its id, right? But what to do if you want to see the password?
Here in the picture above, you must have noticed the password is hidden, You must have seen the password everywhere, you will get this kind.
So let's start.
step #1:
Go to the website where you have (save password) or (Remember Me).
Step # 2:
Now right-click in the password box, and scroll down and click on the Inspect.
Step # 3: Now you see some codes on the right side.
for Facebook
Step # 4:
Change this Into
For example:
Boom:
Please test it on yourself, don't harm anyone
Interesting. In Germany saving passowrd at official PCs is not legal. Yesterday I had an opportunity to go to the internet café, I wrote the domain of Facebook.
And this thing happened:
Now this means that anyone can log in with its id, right? But what to do if you want to see the password?
Here in the picture above, you must have noticed the password is hidden, You must have seen the password everywhere, you will get this kind.
So let's start.
step #1:
Go to the website where you have (save password) or (Remember Me).
Step # 2:
Now right-click in the password box, and scroll down and click on the Inspect.
Step # 3: Now you see some codes on the right side.
for Facebook
Code:
Step # 4:
Change this Into
For example:
Code:
Now close the code page and see what magic happens.Boom:
Please test it on yourself, don't harm anyone
It's the first time I read that. Where have you seen that please?
If someone has access to your Google account, then they can generate as many back up codes as they like by following these instructions: https://support.google.com/accounts/answer/1187538They can also transfer your Google authenticator to their phone by following these instructions: https://support.google.com/accounts/troubleshooter/4430955?hl=en#ts=4430956
Google authenticator is only as secure as your Google account. It would be better to use an open source 2FA app which you can back up with an encrypted database locally.
You don't need to be connected to internet to use Google Authenticator, so it can't work like that.
That's not how 2FA authenticators work. When you first set them up with a new site, the site generates a shared secret, which you input in to your app usually by scanning a QR code. The app then uses that shared secret and the current time (usually floored to the nearest 30 second interval) as inputs in to a hashing process to generate a code. The site in question does the same thing to confirm the code you enter is correct. All that is required is for both both your phone and the site in question to know the shared secret (which they remember from the first time you set it up), and are able to tell what time it is. No internet access is ever required.It's the first time I read that. Where have you seen that please?
If someone has access to your Google account, then they can generate as many back up codes as they like by following these instructions: https://support.google.com/accounts/answer/1187538They can also transfer your Google authenticator to their phone by following these instructions: https://support.google.com/accounts/troubleshooter/4430955?hl=en#ts=4430956
Google authenticator is only as secure as your Google account. It would be better to use an open source 2FA app which you can back up with an encrypted database locally.
You don't need to be connected to internet to use Google Authenticator, so it can't work like that.
That's not how 2FA authenticators work. When you first set them up with a new site, the site generates a shared secret, which you input in to your app usually by scanning a QR code. The app then uses that shared secret and the current time (usually floored to the nearest 30 second interval) as inputs in to a hashing process to generate a code. The site in question does the same thing to confirm the code you enter is correct. All that is required is for both both your phone and the site in question to know the shared secret (which they remember from the first time you set it up), and are able to tell what time it is. No internet access is ever required. An authenticator app is better, but unfortunately most people use Google Authenticator, which can be reset or have its back up codes accessed by anyone who can hack your email account.
It's the first time I read that. Where have you seen that please?It must be a hoax. You don't need to be connected to internet to use Google Authenticator, so it can't work like that.
Because hackers cannot enter your email with 2FA security.
people should really value the importance of 2FA since if they spend time for setting it up they can sleep with peace since they are safe.
2FA does not make you 100% safe or immune to being hacked. It is a useful addition to your security set up, but it should not be treated as foolproof, and should not solely relied upon. If you use a SMS based 2FA method, then the additional security it provides is actually quite low. SMS messages can be intercepted or redirected, and SIM jacking is a relatively straightforward attack with a little bit of social engineering. An authenticator app is better, but unfortunately most people use Google Authenticator, which can be reset or have its back up codes accessed by anyone who can hack your email account. A physical 2FA hardware key is the best option.
As long as you don't give any access to anyone for sure your informations or wallets are safe but if someone log in on cafe or any public computer then they are at risk for any attacks and people should really value the importance of 2FA since if they spend time for setting it up they can sleep with peace since they are safe.
Don't give access of wallets or computers to the others are only one of protective activities. There are some bad habits nowadays people tend do and don't realize that they full disclose their personal details to third-party companies. When those companies have data leaks or sell their customers' data to other parties, you are at risks.In a nutshell, don't save your personal details on third-party platforms: cloud-based storage platforms, online spreadsheets from Google, ie.
I don't think there are any concern if you use private computer at your home or office.
I have my password for email, and other regularly used sites.
But some one find my password for email and trying to blackmail me saying they have may password.
You need not to have any tension. Because hackers cannot enter your email with 2FA security. You can monitor any suspicious activities like login devise, Browser, IP address and many other alternatives.
Saved login will save my time.
I have my password for email, and other regularly used sites.
But some one find my password for email and trying to blackmail me saying they have may password.
You need not to have any tension. Because hackers cannot enter your email with 2FA security. You can monitor any suspicious activities like login devise, Browser, IP address and many other alternatives.
Saved login will save my time.
As long as you don't give any access to anyone for sure your informations or wallets are safe but if someone log in on cafe or any public computer then they are at risk for any attacks and people should really value the importance of 2FA since if they spend time for setting it up they can sleep with peace since they are safe.
I don't think there are any concern if you use private computer at your home or office.
I have my password for email, and other regularly used sites.
But some one find my password for email and trying to blackmail me saying they have may password.
You need not to have any tension. Because hackers cannot enter your email with 2FA security. You can monitor any suspicious activities like login devise, Browser, IP address and many other alternatives.
Saved login will save my time.
I have my password for email, and other regularly used sites.
But some one find my password for email and trying to blackmail me saying they have may password.
You need not to have any tension. Because hackers cannot enter your email with 2FA security. You can monitor any suspicious activities like login devise, Browser, IP address and many other alternatives.
Saved login will save my time.
The storage requires password access to visibility the saved passwords. I haven't tried it whether the login data will also be filled automatically when logging in to a gmail account using another computer. However, Only by knowing our Gmail password, someone will be able to access all connected accounts without resetting the password which usually requires an additional recovery process. That's enough to make us lose everything quickly.
I'm using this feature long time ago before I'm interest in bitcoins to get few cents
This is website lists that I've saved my password and syncronized with my Google account
For member, maybe didn't know about this,
How to know if you have syncronized saved Passwords? Very simple,
1. Login to your Google accounts.
2. Visit passwords.google.com
3. You will see your saved Password from first time you sync your gmail account with your chrome browser.
If you have important websites on this lists, please change your email address for safety. DWYOR if you are trying to use this features
And imagine if someday you are lost your Google account because being hacked, as noorman0, hacker can easy to open your account if you are saved your password in your account before.
I do not trust anything which is connected to the internet.
This is the correct approach. Locally encrypted database for your passwords. Airgapped or hardware wallets for your private keys. Seed phrases written down on paper. Where you can use your account to add details and then log it out simple.
And if anyone hacks your Google account they have your password to everything. Or if they perform some simple social engineering and get your Google account password reset. Or steal your phone and reset it that way. Or sim jack you. Or your password is leaked in one of the many database breaches. Or because Google have been caught multiple times storing passwords in plain text. You are also placing complete trust in a closed source system. You are 100% confident that Google encrypt your passwords securely locally, transmit them securely, store them securely, are unable to access them, don't have a single rogue employee who might try to access the database, etc? Auto-saving your passwords to the browser or to your Google account are equally as risky.Use an open source password manager such as KeePass, and encrypt the database.
Too many possibilities in a single comment. Agreed with you.
Anything can happen I agree. Well, I use 2fa for google account. I do not trust anything which is connected to the internet.
Where you can use your account to add details and then log it out simple.
And if anyone hacks your Google account they have your password to everything. Or if they perform some simple social engineering and get your Google account password reset. Or steal your phone and reset it that way. Or sim jack you. Or your password is leaked in one of the many database breaches. Or because Google have been caught multiple times storing passwords in plain text. You are also placing complete trust in a closed source system. You are 100% confident that Google encrypt your passwords securely locally, transmit them securely, store them securely, are unable to access them, don't have a single rogue employee who might try to access the database, etc? Auto-saving your passwords to the browser or to your Google account are equally as risky.Use an open source password manager such as KeePass, and encrypt the database.
Jump to: