view the rest of the comments
Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Please don't post about US Politics. If you need to do this, try !politicaldiscussion@lemmy.world
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
Or it prompts people to just stick their "super secure password" with byzantine special character, numeral, and capital letter requirements to their monitor or under their keyboard, because they can't be arsed to remember what nonsensical piece of shit they had to come up with this month just to make the damn machine happy and allow them to do their jobs.
I do this in protest of asinine password change rules.
Nobody's gonna see it since my monitor is at home, but it's the principle of the thing.
A truly dedicated enough attacker can and will look in your window! Or do fancier things like enable cameras on devices you put near your monitor
Not saying it's likely, but writing passwords down is super unsafe
What you are describing is the equivalent of somebody breaking into your house so they can steal your house key.
No, they're breaking into your house to steal your work key. The LastPass breach was accomplished by hitting an employee's personal, out of date, Plex server and then using it to compromise their work from home computer. Targeting a highly privileged employees personal technology is absolutely something threat actors do.
The point is if they're going to get access to your PC it's not going to be to turn on a webcam to see a sticky note on your monitor bezel. They're gonna do other nefarious shit or keylog, etc.
Why keylog and pick up 10k random characters to sift through when the password they want is written down for them?
Again, how is the attacker going to see a piece of paper that is stuck to the side of the screen? This rule makes sense in high traffic areas, but in a private persons home? The attacker would also need to be a burglar.
It seems that some people are having trouble following the conversation and a basic stream of topical logic.
The initial premise was that somebody could see your passwords by pwning your machine... And using that to... Turn on webcam so they could steal your password so they could... pwn your machine?
Lol
Nope. The premise is they pwn ANOTHER, less secure, personal device and use the camera from the DIFFERENT device to pwn your work computer. For example, by silently installing Pegasus on some cocky "security is dumb lol" employee's 5 year out-of-date iphone via text message while they're sleeping, and use the camera from that phone to recon the password.
They probably wouldn't want the $3.50 that person has in their bank account, but ransoming corporate data pays bank, and wire transfering from a corporate account pays even better! If you're in a highly privileged position, or have access to execute financial transactions at a larger company, pwning a personal device isn't outside of the threat model.
Most likely that threat model doesn't apply to you, but perhaps at least put it under the keyboard out of plain sight?
Would you just stop.
I made one comment to you clarifying the other person's point because you clearly didn't understand what they were saying. Personally seen a couple of small companies fold because they were ransomed from a password on a post it. But you do you.