I’d like to do the same, but atm I use nginx to serve all the web interfaces… And keycloak support is either a plus subscription feature or made to work with hacky Lua scripts.
So for now it’s security through obscurity, I got a wildcard cert and the pages are accessed based on subdomain. So afaik nobody has a clue unless they start iterating common subdomain names. (At some point™️ I’m adding proper auth though)
In Belgium mostly the only time you’ll see anyone with the flag on some piece of clothing is at some international (sports) event.
To maintain my privacy I proxy it though :)
To be fair for now it’s only used to access some admin portals for services I got running (Arr stack, syncthing, etc). The main domain isn’t even mapped (so gives 404), though at some point that might become a portfolio website.
Seeing as my homelab domain is literally {first name}{last name}.{country I live in} I didn’t really care :P
Use it on your phone, duh :P
Jokes aside I wish windows supported pin+hardware key to log in… But alas that’s an enterprise only thing.
For that particular website yes, but a salted client side hash is worthless on a different website.
Edit: plus even unsalted it would only work if the algorithm is the same and less iterations are done
It helps against the server being able to read the password, so a bad actor (either the website itself or after a hack) could read your password. Which isn’t bad if you’re using good password hygiene with random passwords, but that sadly is not the norm.
Why would you not hash in the browser. Doing so makes sure the plaintext password never even gets to the server while still providing the same security.
Edit: I seem to be getting downvoted… Bitwarden does exactly what I described above and I presume they know more than y’all in terms of security https://bitwarden.com/help/what-encryption-is-used/#pbkdf2
Big fuck you to the Belgian govt who detected my developer settings being on and blocked their app from working…
Anddd… You use wifi to connect to their servers, so they’ll have your residential ip (unless you got a VPN on at all times… And even then there’s probs some way to fingerprint you enough). Partner uses the same wifi network and your profiles are linked again…
There really just is no way to completely escape. Blocking all ads and trackers on a DNS level (using a pi-hole or external service like nextdns[paid, but its pretty good]). Is a good solution though, at least you won’t need to actually see ads
I use it all the time for the one time use cards, and it’s been effortless to use.
The data breach is of course bad, but no company is completely immune to those.
Privacy policy… Is not a great look (especially with the marketing being opt-out and having a convoluted process…) I honestly hadn’t heard about it. But even now I’ll continue to use it because weighing the marketing vs my CC details out there is still not a hard choice.
Depending on where you live Revolut might be an option for you. Unlike privacy.com its basically just an online bank where you can open an account and send money to/from, but they offer a one-time-use credit card (which changes every time you use it).
Simply making the hash really hard is not a good option. All most people will notice is that their underpowered phone suddenly takes way longer to unlock compared to before. Cracking the hash on very powerful hardware is then ‘trivial’
As the other comment mentioned, a hardware solution seems to be the only one.
Train system is not exactly viable here compared to using a car (Belgium)
Edit: but yeah the rest is about right
What I use for such sites is a frozen card which I only unfreeze after setting a limit for my exact purchase amount. Pay, freeze again for the next time.
Small bits like caps can’t get sorted for recycling for some reason, so they’re just “waste” instead of recyclable
Was considering the 6a until I saw the charge speed and screen to body ratio.
brave article finds only good things about brave and only bad things about Firefox
Color me surprised /s
This is accurate, it is also accurate for (at least some part of) android though… Going into recovery boot requires the phone pin for my mid-range phone. Hell even turning off the phone can be set to require pin or biometric.
Our dishwasher has the option to reset the currently selected program but it has to take a minute to do so with the machine closed always. So you’d press start, realise you selected the wrong program and, even though nothing changed except software, still have to close it for a minute.