Weekly output: Zipline drones, fixed wireless broadband, AI transformations, Dashlane, AI fairness, FCC resignations, AI resiliency, National Capital Radio & Television MuseumM

My third week in a row of business travel had me in Santa Clara, Calif., from Tuesday through Friday–at a venue I’d last set foot in at the Demo conference in 2013. 6/3/2025: Inside Zipline’s high-tech drone factory where delivery innovation takes flight, Fast Company My decision to book an early-afternon flight from SFO to National at the end of my Google I/O trip last month paid off when I used…

View On WordPress

"The researchers tested AutoSpill against a selection of password managers on Android 10, 11, and 12 and found that 1Password 7.9.4, LastPass 5.11.0.9519, Enpass 6.8.2.666, Keeper 16.4.3.1048, and Keepass2Android 1.09c-r0 are susceptible to attacks due to using Android’s autofill framework.

Google Smart Lock 13.30.8.26 and the DashLane 6.2221.3 followed a different technical approach for the autofill process. They did not leak sensitive data to the host app unless JavaScript injection was used."

Password Manager Part 1

So the other day I was thinking about what else I could do to make my cyber life safer. So I started to looking into a Password Manager. Now you can buy a subscription to a password manager service and there are some good sites out there, but the problem is two things the subscription and security.

By security I mean you look around and you see leaks every where. Corporations getting hacked or they use the info to sale your info and all the user data is under there control. All it would take is someone to hack the password manages and then all the passwords could be out there and your rushing to change everything before they get in.

I don't have the money to do something like that, so I started to dig into making my own Password Manager using Python.I started looking into what I would need.

First would be encryption, one of the standards of the cybersecurity world. Using a mix of hashing through the SHA256 algorithm, and always salting your hashes you can make your stored passwords even more secure.

The code

# Setting up crytogtaphy from cryptography.hazmat.primitives import hashes from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC from cryptography.hazmat.backends import defult_backend import base64

def derive_encryption_key(master_password, salt): kdf = PBKDF2HMAC( algorithm=hashes.SHA256(), length=32, salt=salt, iterations=100000, backend=defult_backend() ) key = base64.urlsafe_b64encode(kdf.derive(master_oasswird.encode())) return key

Then encryption and decryption, the method of the program will use to keep the passwords encrypted and then decryption when they need to be executed. Writing this code was more challenging but there some amazing resources out there. With quick google searches you can find them.

The Code

# Encryption and Decrptions from cryptography.fernet import Fernet

def encrypt_password(password, key): fernet = Fernet(key) encrypted_password = fernet.encrypt(password.encode()) return encrypted_password

def decrypt_password(encrytped_password, key): fernet = fernet(key) decrypt_password = fernet.decrypt(encrypted_password).decode() return decrypted_password

Next up I wanted Random Password generation, at least 12 chars long, with letters, numbers and special chars.

The Code

# password generation import string import random

def generate_secure_password(length=12): char_pool = string.ascii_letters + string.digits + string.punctuation password = ''.join(random.choice(char_pool) for _ in range(length)) return password

Finally it would be needing a data base to store the passwords. Through googling, and research. I would need to set up a SQL Data base. This would be something new for me. But first I could set up the code and the key for the user. Later I will add the SQL data base.

Now part of this would be setting up a Master Password and user name. This worried me abet, because anybody could just hop in and take a look at the code and see the Master Password and then get access to all my passwords and such. So to keep your code safe, it is all about restricting your code. Location, keep your code in a safe locked files, away from prying eyes and encrypted, and access to the source code should be restricted to just you and who ever you trust.

The Code

# Seting up SQL database. def setup_database(): conn = sqlite3.connect('users.db') c = conn.cursor() c.execute('''CREATE TABLE IF NOT EXISTS Uer_keys (user_id TEXT PRIMARY KEY, key BLOB)''') conn.comit() conn.close()

def main(): # setup database setup_database()

#create a key for the user master_password = input("Enter your master password: ") salt = b' some_salt' # Generate secure salt for each user key = derive_encryption_key(master_password, salt)

#Simulate user intreaction user_id = "[email protected]" #user ID user_password = "Password1234" #user password to encrypt

# Encrypt the users password encrypt_password = encrypt_password(user_password, key) print(f"decrypted password for {user_id}; {decrypt_password}")

# Placeholder for intrgrtating the password storage and retriecal logic # This would inculde calls to interact with the SQL database.

if __name__ == "__main__": main()

Now I have much more to do to the program, I need to set up a SQL data base for storage this will be its own can of worms. Learning SQL will be a new challenge for me.

Also I wanted to add more features to the program, I was thinking about setting up an auto fill feature. Now the program will just display the requested password and you have to manually put it in. I want to see if there will be a way to auto fill it.

So stay tuned as I do more research.

I'm honestly about ready to stop using 2FA, altogether. It's Passkey or bust. I'm so tired of having to whip my phone out and manually type in that stupid six digit code. That shit is for stupid people, any way.

All my passwords are over 30 characters long and completely randomized by my password manager. Not to mention, all of my emails are also randomly generated, using an email masking service.

I couldn't even begin to guess my own email, let alone a malicious entity guess both.

About time I change passwords everywhere again. Internet safety let's go!!!

This is also a reminder to those who haven't changed their passwords in a while to do so as well maybe.

Using a password manager or something may also help! And also 2-factory authorisation :]

Never give your passwords or pin codes to anyone; if you give your passwords or pin codes to other people change them right after PLEASE. (Exception is if you run an account alongside other people I suppose, like a joint-blog or something else, however private and personal accounts or phones should be kept to you ONLY!!)

Stay safe out there, people!!

#oh hey prev me too ->#*whispers* get a password manager it has made my life so much easier and more sucrs

Yes, this.

GET A PASSWORD MANAGER.

Use a different, lengthy, randomized password for every account and site you use. Replace them at the drop of a hat! Most PMs can now also do passphrases - you know, the "correct horse battery staple" thing - if you need to remember some of your passwords.

Google खाता कैसे सुरक्षित करें: 16 अरब लॉगिन क्रेडेंशियल डेटा उल्लंघन के बाद पूर्ण गाइड

साइबरन्यूज के शोधकर्ताओं ने हाल ही में 16 अरब लॉगिन क्रेडेंशियल के रिकॉर्ड-तोड़ डेटा उल्लंघन की खोज की है, जिसमें Google, Apple, Facebook, GitHub, और Telegram जैसे प्लेटफॉर्म से जुड़े लॉगिन विवरण, कुकीज़, टोकन, और सेशन मेटाडेटा शामिल हैं। यह उल्लंघन इन्फोस्टीलर मालवेयर के माध्यम से एकत्र किया गया, जो उपयोगकर्ताओं के उपकरणों से संवेदनशील जानकारी चुराता है। हालांकि, Google या अन्य प्रमुख कंपनियों…

1Password: Review 2025 – The Only Password Manager You'll Ever Need?

Looking for a secure, easy-to-use password manager in 2025? 1Password might be your perfect match. In a world full of cyber threats, managing your online credentials safely is non-negotiable. In this review, we explore everything you need to know about 1Password, one of the top-rated password managers available today. Click here to get started with 1Password What Is 1Password? It is a trusted…

Computer Password Hot Pink Log Book

Any of these password managers can keep your #smartdevices safe.

What Is Google Password Manager and How It Works

In today’s digital world, managing passwords securely is more important than ever. With countless online accounts, remembering unique and strong passwords for each one can be a challenge. That’s where Google Password Manager comes in—a free, built-in tool that helps you store, manage, and autofill passwords across all your devices. In this comprehensive guide, we’ll explore: What Google Password…

This is why we can't have nice things

All of this!! A good password manager makes life so much easier in addition to safer. I moved to one ages and ages ago and simply maintaining everything through that takes a load of stress off. It can seem daunting at first if you’re unfamiliar with it but once you get it rolling it is worth it.

I've seen you say a few times that it's a good idea to have a password manager; could you explain why? I always feel like I'm missing something when it's mentioned because it's phrased as if there's an obvious danger that password managers protect you from, but I'm honestly not sure how they help keep passwords secure.

The obvious danger is human nature. Humans are bad at creating passwords; your passwords are almost certainly easy to guess, repeated across different accounts, or both, because that is just how the vast VAST majority of people create passwords, because humans are bad at creating passwords. Everybody knows "the rules" for creating passwords (don't use the same password on multiple websites, don't include personal details in your passwords, don't use very common words or letter or number sequences in your passwords, don't tell other people your password) and people break all of those rules anyway.

A standalone (not in-browser like firefox or chrome password manager, though those are better than nothing) password manager stores your passwords, generates complex passwords for you, and can also be used for things like storing notes on passwords (like "did I put my MFA on my email or my cellphone or an app for this password?" or "here are the made-up answers to the security questions I used for this website because I definitely didn't use real answers or answers I'd used on previous websites" or "these are the bills associated with this credit card").

With the way the current security landscape works, there are two things that are extremely important when you are creating a password:

Uniqueness

Complexity

The overwhelmingly prevalent way that people get "hacked" these days is through credential stuffing.

Let's say that your private data was revealed in the Experian breach a decade ago. It revealed your name, email address, and phone number. Now let's also say that your private data was revealed in one of the many breaches from social media sites; that one revealed your name, email address, phone number, password, and security questions.

If someone wants to try to gain access to one of your accounts - let's say your bank account - if they have your name and phone number (usually extremely easy to find online), they can cross-reference that information with data that has been revealed in previous breaches - now they've got your name and your email address (which you probably used to sign up for your online banking and have ABSOLUTELY used as your login for accounts all over the place) and at least one password that you've used somewhere.

But the thing is, they don't have one password. They have every password associated with that email address that has ever been revealed in a breach. If you go to the site haveibeenpwned.com you can enter your email and see how many times your email address has appeared in a breach. You can compare that with the number of passwords that were revealed in those breaches and you can ask yourself "what did those passwords have in common?"

Because I can tell you, my Tumblr password from 2013, my Kickstarter password from 2014, and my Disqus password from 2017 (all revealed in various breaches) probably had a lot in common.

So, now the hacker has: your name, your email (which is probably your username), and various passwords they can try to use to log in. Did you use the same password for Facebook and Twitter eight years ago? Did you use parts of that password for creating your bank password? If you heard that twitter passwords were exposed in a breach you probably changed that password, but did you change the bank password that you built on the same structure? Probably not.

So what people will do is gather up all of this information and guess. They'll try your 2017 Disqus password to see if it will get access to your bank account. They'll try your 2020 Gravatar password. They'll try your 2024 Internet Archive Password.

And the reason they do this is because it works.

And the reason that it works is because we are all fucking garbage at remembering unique, complex passwords so instead of creating actually unique, complex passwords most people pick one memorable word or phrase, one memorable number, one unusual character, and *MAYBE* one feature of the site they're creating the login for and they use that template forever (1988Tumblrmacabre!, 1988Facebookmacabre!, 1988Ticketmastermacabre!) OR they create one password that they think is complex enough and use it across multiple sites with minor tweaks ($n0h0mi$hRu13z, sn0h0mishRul13z!, $n0h0mi$hWA) as needed for the sites' password requirements.

So most of what password managers do that is a drastic security improvement over people creating and memorizing passwords is that they create passwords that are functionally impossible to guess and functionally impossible to memorize. The problem with memorizing passwords (which is what you're doing if you're creating a bunch of passwords that you type in all the time) is that you can't actually remember all that many passwords so you'll repeat those passwords. The problem with creating passwords on your own is that passwords that humans create are pretty guessable. Even if you're doing a passphrase that's a long string of words you're probably working with common words ("correct horse battery staple" as opposed to "truculent zygote onomatopoeia frangible") and your password is more guessable than you'd really want it to be. Password managers don't do that, they generate gibberish.

Perhaps you are that rare person who gets out a set of dice and a notepad and rolls up every character for your password and memorizes it and never repeats, and if that's you, you could still benefit from a password manager because a password manager makes it easier to change that unique complex password when it is inevitably revealed in a breach.

So, okay, let's check in with where we're at:

Password managers mean that you don't have to memorize your password, which means that you don't need a password that is easy to memorize, which means that they can create passwords that are extremely complex and are therefore very difficult to guess. This protects you from crackers who will try to brute force your password.

Password managers mean that you don't have to remember extremely complex passwords for every account, which means that you are less likely to repeat your password in whole or in part across multiple accounts. This protects you from credential stuffers, who will try to use your password from one account that was revealed in a breach to open other accounts that were not.

Because password managers can generate and store complex passwords essentially instantly, you can replace passwords nearly effortlessly when there is a breach (no need to 'come up with' a new password, no issues with learning or memorizing it).

There are, however, advantages beyond that.

One major, MAJOR advantage of a properly-used standalone password manager is that it makes you safer from various kinds of phishing attempts and link hijacking. When you are setting up a password in your password manager (PWM from here on), you should be on the website that you want to log in to. The PWM will give you the option to save the domain that you're logging in to. That means the PWM will remember the correct URL for your Tumblr login so when you go to the tumblr login screen in the future, it will offer to fill those fields. What it will NOT do is offer to fill those fields if someone sends you an email that spoofs tumblr support and wants you to log in at "tumblr.co" or "tumblr-support.com." Knowing this, and knowing that you should be putting your credentials in through the PWM fill option rather than copy/paste, is a GREAT way to protect against phishing that is often overlooked and definitely under-discussed.

Another advantage is that a standalone PWM will let you store secure notes with your passwords so that you can do things like keep track of recovery codes for the website, or generate gibberish answers to security questions. Security questions and answers are often revealed in breaches, can't be reset by the user as easily as a password, are repeated across websites MUCH more than passwords, and can be used to take over an account and reset the password. You shouldn't be giving real security answers, or even fake-but-repeated security answers; you should treat each of those like a password that needs to be complex and unique, which means that they need to be stored someplace (like a password manager).

I also personally use my password manager to store my car insurance information, my driver's license info, and payment details for easy entry, making it convenient for a lot of thing beyond password storage. (Bitwarden. My password manager is bitwarden. I recommend Bitwarden. go to ms-demeanor.com and search "bitwarden" to learn more.)

As to how they keep your passwords safe, aside from ensuring that you don't enter your credentials into a skimming site, a good password manager is well encrypted. Your password safe should be functionally impossible to crack and what people tend to not realize is that a proper password manager (like bitwarden) doesn't keep all your passwords in one encrypted safe, each one of your passwords is in its own encrypted safe. If someone hacks Bitwarden it's not like using a huge amount of effort breaking into a bank vault and finding a big pile of money, it's like using a huge amount of effort breaking into a bank vault and finding a big pile of bank vaults. Each password within your vault requires decryption that is functionally impossible to crack (at least with a good password manager, like bitwarden, the password manager I recommend and think that people should use).

Additionally, just as, like, a side note: password managers never accidentally leave caps lock on or forget which characters are capital or lower case and don't require the use of two hands and focused attention on the keyboard. You're never going to mistype your password if the password manager is filling it, and you would not believe the number of people we support at work who require password resets because they are typing their password wrong and don't realize it.

TL;DR:

Password managers make better passwords than you can and they make it possible to instantly create, store, and enter complex passwords, which prevents password cracking and makes people less likely to reuse passwords. They are heavily encrypted and should be functionally impossible to access, and each individual password within the manager should also be encrypted if you use a good password manager. Password managers also prevent people from entering their credentials on scam sites by only filling on matched domains. Standalone password managers (not browser password managers) also allow users to create and store unique security questions and account details to prevent bad actors from gaining access with stolen security answers. The password manager I recommend is Bitwarden.

If people used password managers to create, store, and use unique and complex passwords, and if they did regular backups of their system I think that probably about half of the InfoSec field would be out of a job.

Please use a password manager!

Password Manager - C2 Password

Secure Your Digital Life with C2 Password

In today's fast-paced digital world, we juggle countless passwords—one for banking, another for shopping, and yet another for work accounts. But how do we keep them all safe and accessible without resorting to risky shortcuts like writing them down or reusing passwords?

Enter C2 Password, a powerful password manager designed to keep your sensitive data secure while ensuring easy access when you need it.

Why C2 Password?

Cybersecurity threats are evolving, and weak or reused passwords can put your accounts at risk. C2 Password offers a zero-trust security model, meaning only you can access your vault. It uses end-to-end encryption, ensuring your stored credentials stay protected from hackers and breaches.

Key Features:

✅ Secure Vault: Store passwords, payment details, and sensitive notes in an encrypted vault. ✅ Auto-Fill & Auto-Login: Save time by automatically entering your credentials on websites and apps. ✅ Password Generator: Create complex, unbreakable passwords to enhance security. ✅ Cross-Platform Access: Use it across devices and sync data effortlessly. ✅ Shared Vaults: Securely share login credentials with family or team members without compromising security.

How It Enhances Your Digital Security

C2 Password doesn’t just store passwords—it strengthens your online security by helping you maintain unique, strong passwords for each account. With its breach alerts, you’ll be notified if your credentials are at risk, so you can act before your accounts get compromised.

Final Thoughts

Protecting your personal and professional accounts doesn’t have to be complicated. C2 Password provides a seamless, secure, and user-friendly way to manage passwords effortlessly. Say goodbye to forgotten passwords and security worries—it's time to take control of your digital life.

Ready to boost your security? Try C2 Password today!

The Microsoft Authenticator mobile app is about to lose its password autofill feature as Microsoft prepares to streamline its password management offerings to the benefit of its Edge browser.